https://bugzilla.suse.com/show_bug.cgi?id=1209741 https://bugzilla.suse.com/show_bug.cgi?id=1209741#c31 Fabian Vogt <fvogt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(fabian@ritter-vog | |t.de) | --- Comment #31 from Fabian Vogt <fvogt@suse.com> --- (In reply to Joe S from comment #28)

Hi Franck,

...

This change has just been submitted to Factory, see comment #25.

When I looked at the change I see pam_keyinit.so being added to

/usr/lib/pam.d/systemd-user

But I don't see it being removed from /etc/pam.d/sddm ( or the other ones I suggested ).

Since systemd-user and sddm both execute during the login process, systemd-user with that change will create ( using revoke force ) the keyring, but if it is left in /etc/pam.d/sddm then when that is processed after systemd-user since sddm also uses revoke and force then it will replace the keyring that was just created in systemd-user.

Surely that cannot be correct ???

It is. Otherwise only systemd user services get a session keyring, but not processes started by the session itself. See comment 4. -- You are receiving this mail because: You are on the CC list for the bug.