http://bugzilla.opensuse.org/show_bug.cgi?id=1209741 http://bugzilla.opensuse.org/show_bug.cgi?id=1209741#c4 Fabian Vogt <fabian@ritter-vogt.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mkoutny@suse.com, | |systemd-maintainers@suse.de Flags| |needinfo?(systemd-maintaine | |rs@suse.de) --- Comment #4 from Fabian Vogt <fabian@ritter-vogt.de> --- The issue is that the session keyring created by pam_keyinit is only inherited through fork/execve/..., but all the session does is "systemctl start plasma-workspace-(wayland/x11).target". The session itself (plasmashell, krunner, all processes started by those) are actually children of the systemd user instance, which is in turn a system service. How is this meant to work in combination with session keyrings? Can pam_systemd somehow forward the session keyring to the systemd user instance it starts? If not, the only option I see is to have separate session keyrings for systemd user services and other parts of the session. That could be implemented simply by adding session optional pam_keyinit.so force revoke to /usr/lib/pam.d/systemd-user. That works in my testing, after logout and login there is a session keyring visible in konsole instances and cifscreds works as expected. -- You are receiving this mail because: You are on the CC list for the bug.