Comment # 8 on bug 1081947 from 
(In reply to Franck Bui from comment #7)
> (In reply to Josef M�llers from comment #6)
> > Re comment #3:
> > Why should it be in the stack?
> 
> where else would you want to it to be ?

But how should it end up there? AFAIK the only way is to explicitly call
pam-config!

> The kernel keyring stuff is a general infra provided by the kernel which
> needs special care during session creation so that all applications can rely
> on it if needed.
> 
> > The lengthy discussion in Bug #1045886 shows that it would not be advisable
> > to just automatically add pam_keyinit to pam config files!
> 
> what did you make think so ?

The quote from "man pam_keyinit":
"This module should not, generally, be invoked by programs like su, since it is
usually desirable for the key set to percolate through to the alternate
context. The keys have their own permissions system to manage this."

An idea in the discussion had been to write some rpmlint-skript which would
force the maintaines to include pam_keyinit into their pam config files. But I
can only guess howone would do that.

You are receiving this mail because: