Bug 1144044

Summary: Please add "pam_keyinit.so" to the /etc/pam.d/crond configuration file
Product: [openSUSE] openSUSE Tumbleweed Reporter: Josef Möllers <josef.moellers>
Component: BasesystemAssignee: Kristyna Streitova <kstreitova>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: alynx.zhou
Version: Current   
Target Milestone: Current   
Hardware: All   
OS: openSUSE Factory   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Josef Möllers 2019-08-02 14:47:40 UTC 
In the near future, the use of kernel keyrings will be enabled by systemd.
To fully support this feature, the cronie package must include the pam_keyinit.so
module in its /etc/pam.d/crond configuration file.
Please add this module to the /etc/pam.d/crond configuration file with the
appropriate parameters:
session optional pam_keyinit.so revoke [force]
Thanks.
Comment 1 Kristyna Streitova 2019-08-07 10:03:16 UTC 
I'm changing the target codestream to openSUSE:Tumbleweed as it doesn't make any sense to submit it for SLE15 where kernel keyrings are not supported now.
Comment 2 Kristyna Streitova 2019-08-27 12:37:55 UTC 
I've submitted "session optional pam_keyinit.so force revoke" to the openSUSE:Factory/cronie package (sr#726486).

@Josef, can you please check it out? Thanks!

I'm closing it as fixed, reopen if needed.