Hi Franck,
> This change has just been submitted to Factory, see comment #25.
When I looked at the change I see pam_keyinit.so being added to
/usr/lib/pam.d/systemd-user
But I don't see it being removed from /etc/pam.d/sddm ( or the other ones I
suggested ).
Since systemd-user and sddm both execute during the login process, systemd-user
with that change will create ( using revoke force ) the keyring, but if it is
left in /etc/pam.d/sddm then when that is processed after systemd-user since
sddm also uses revoke and force then it will replace the keyring that was just
created in systemd-user.
Surely that cannot be correct ???
Reading the docs it seems that "login" processes would specify pam_keyinit.so
with revoke force but other processes should either leave it out or not specify
revoke force otherwise the keyring keeps getting replaced.