On Wed, Jan 08, 2014 at 07:00:54PM -0800, Russ Allbery wrote: > It would be better for any application that uses the kernel keyring > if pam_keyinit were run by default in the PAM session stack. Without > this module, users are placed in a default UID-based user session, > which doesn't isolate each session's keys.
OK, I'll do this for 1:6.5p1-1. Following Fedora's configuration, I'll use "session optional pam_keyinit.so force revoke", which seems reasonable; let me know if there's some reason this won't work properly for Debian. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
