Bug 1144060 - Please add "pam_keyinit.so" to the /etc/pam.d/... configuration file(s)
Please add "pam_keyinit.so" to the /etc/pam.d/... configuration file(s)
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Basesystem
Current
All All
: P5 - None : Normal (vote)
: Current
Assigned To: Michael Vetter
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-02 15:15 UTC by Josef Möllers
Modified: 2022-12-06 14:18 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Josef Möllers 2019-08-02 15:15:55 UTC
In the near future, the use of kernel keyrings will be enabled by systemd.
To fully support this feature, the shadow package must include the pam_keyinit.so
module in its /etc/pam.d/... configuration file(s).
Please add this module to the /etc/pam.d/... configuration file(s) with the
appropriate parameters:
session optional pam_keyinit.so revoke [force]
Thanks.
Comment 1 Josef Möllers 2019-08-15 07:51:13 UTC
Changed codestream to TW where it belongs.
Comment 3 Michael Vetter 2019-09-02 11:21:47 UTC
I assume there is not yet a way to test this, right?
I created SR#727741 maybe you can take a look at it before I accept it to the devel repo.
Comment 5 Michael Vetter 2019-09-03 11:23:30 UTC
Thank you for the help Josef.

SR#727986 to Factory.

Adding:
> session         optional        pam_keyinit.so  revoke

to the files in pamd.tar.bz2.
Comment 6 Michael Vetter 2019-09-10 09:04:47 UTC
SR accepted.
Comment 10 Franck Bui 2022-09-27 07:25:17 UTC
Hmm I just noticed that a bunch of PAM config files shipped by shadow includes pam_keyinit.so, which doesn't seem correct.

pam_keyinit.so is intended primarily for use by login processes, see pam_keyinit(8) man page.

Hence the change requested by this bug report group{add,del,mod}, user{add,del,mod}, ..., etc was incorrect.

Or am I missing something ?
Comment 12 Franck Bui 2022-09-28 07:12:01 UTC
I opened bug #1203823 to revert the changes introduced by this report, hence re-closing.