Comment # 28 on bug 1209741 from 
Hi Franck,

> This change has just been submitted to Factory, see comment #25.

When I looked at the change I see pam_keyinit.so being added to 

   /usr/lib/pam.d/systemd-user

But I don't see it being removed from /etc/pam.d/sddm ( or the other ones I
suggested ).

Since systemd-user and sddm both execute during the login process, systemd-user
with that change will create ( using revoke force ) the keyring, but if it is
left in /etc/pam.d/sddm then when that is processed after systemd-user since
sddm also uses revoke and force then it will replace the keyring that was just
created in systemd-user.

Surely that cannot be correct ???

Reading the docs it seems that "login" processes would specify pam_keyinit.so
with revoke force but other processes should either leave it out or not specify
revoke force otherwise the keyring keeps getting replaced.

You are receiving this mail because: