Bug 1144059 - Please add "pam_keyinit.so" to the /etc/pam.d/samba configuration file
Please add "pam_keyinit.so" to the /etc/pam.d/samba configuration file
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Samba
Current
All openSUSE Factory
: P5 - None : Normal (vote)
: Current
Assigned To: The 'Opening Windows to a Wider World' guys
The 'Opening Windows to a Wider World' guys
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-02 15:14 UTC by Josef Möllers
Modified: 2019-11-25 11:56 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Josef Möllers 2019-08-02 15:14:05 UTC
In the near future, the use of kernel keyrings will be enabled by systemd.
To fully support this feature, the samba package must include the pam_keyinit.so
module in its /etc/pam.d/samba configuration file.
Please add this module to the /etc/pam.d/samba configuration file with the
appropriate parameters:
session optional pam_keyinit.so revoke [force]
Thanks.
Comment 1 Samuel Cabrero 2019-08-05 15:01:24 UTC
Background --> https://bugzilla.suse.com/show_bug.cgi?id=1081947
Comment 2 Noel Power 2019-08-15 07:29:22 UTC
(In reply to Josef Möllers from comment #0)
> In the near future, the use of kernel keyrings will be enabled by systemd.
> To fully support this feature, the samba package must include the
> pam_keyinit.so
> module in its /etc/pam.d/samba configuration file.
> Please add this module to the /etc/pam.d/samba configuration file with the
> appropriate parameters:
> session optional pam_keyinit.so revoke [force]
> Thanks.

@josef Does this affect SLE-15-sp0 ? I guess I mean will the use of kernel keyrings be enabled in sle-15-sp0 and will we need to backport this change there
Comment 3 Josef Möllers 2019-08-15 07:42:37 UTC
(In reply to Noel Power from comment #2)

> @josef Does this affect SLE-15-sp0 ? I guess I mean will the use of kernel
> keyrings be enabled in sle-15-sp0 and will we need to backport this change
> there

No, I made a mistake when creating the bug against SLE-15.
Please submit against openSUSE Tumbleweed. Apparently I can't change the Product accordingly.

Thanks and sorry for the inconvenience!
Comment 4 Josef Möllers 2019-08-15 07:50:47 UTC
Changed codestream to TW where it belongs.
Comment 6 Swamp Workflow Management 2019-09-16 22:10:45 UTC
openSUSE-SU-2019:2142-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1141267,1144059
CVE References: CVE-2019-10197
Sources used:
openSUSE Leap 15.1 (src):    samba-4.9.5+git.187.71edee57d5a-lp151.2.6.1
Comment 7 Samuel Cabrero 2019-11-25 11:56:36 UTC
Released.