Colin Watson <cjwat...@debian.org> writes: > On Wed, Jan 08, 2014 at 07:00:54PM -0800, Russ Allbery wrote:
>> It would be better for any application that uses the kernel keyring if >> pam_keyinit were run by default in the PAM session stack. Without this >> module, users are placed in a default UID-based user session, which >> doesn't isolate each session's keys. > OK, I'll do this for 1:6.5p1-1. Following Fedora's configuration, I'll > use "session optional pam_keyinit.so force revoke", which seems > reasonable; let me know if there's some reason this won't work properly > for Debian. That looks correct to me. Thanks! -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
