--- Comment #36 from Andrei Borzenkov <arvidjaar(a)gmail.com> ---
(In reply to Franck Bui from comment #35)
And in this case session key are visible by all process running with the
same UID, which is not too good.
Still it is better than what we have now.
That's probably the reason why the doc says:
Rather than relying on the user session keyring, it is strongly
recommended —especially if the process is running as root— that a
session-keyring(7) be set explicitly, for example by pam_keyinit(8).
You miss the point. It makes pam_keyinit mandatory without as much as giving
any heads up to users (just try to search for pam_keyinit in systemd NEWS).
Before this change pam_keyinit was recommended, but the whole system still
worked reasonably well without it. So the actual question is whether we want to
mandate pam_keyinit and risk security implications if it is missing for some
You are receiving this mail because:
You are on the CC list for the bug.