Bugzilla – Bug 1144059
Please add "pam_keyinit.so" to the /etc/pam.d/samba configuration file
Last modified: 2019-11-25 11:56:36 UTC
In the near future, the use of kernel keyrings will be enabled by systemd. To fully support this feature, the samba package must include the pam_keyinit.so module in its /etc/pam.d/samba configuration file. Please add this module to the /etc/pam.d/samba configuration file with the appropriate parameters: session optional pam_keyinit.so revoke [force] Thanks.
Background --> https://bugzilla.suse.com/show_bug.cgi?id=1081947
(In reply to Josef Möllers from comment #0) > In the near future, the use of kernel keyrings will be enabled by systemd. > To fully support this feature, the samba package must include the > pam_keyinit.so > module in its /etc/pam.d/samba configuration file. > Please add this module to the /etc/pam.d/samba configuration file with the > appropriate parameters: > session optional pam_keyinit.so revoke [force] > Thanks. @josef Does this affect SLE-15-sp0 ? I guess I mean will the use of kernel keyrings be enabled in sle-15-sp0 and will we need to backport this change there
(In reply to Noel Power from comment #2) > @josef Does this affect SLE-15-sp0 ? I guess I mean will the use of kernel > keyrings be enabled in sle-15-sp0 and will we need to backport this change > there No, I made a mistake when creating the bug against SLE-15. Please submit against openSUSE Tumbleweed. Apparently I can't change the Product accordingly. Thanks and sorry for the inconvenience!
Changed codestream to TW where it belongs.
openSUSE-SU-2019:2142-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1141267,1144059 CVE References: CVE-2019-10197 Sources used: openSUSE Leap 15.1 (src): samba-4.9.5+git.187.71edee57d5a-lp151.2.6.1
Released.