So linkage of user and session keyrings is apparently done by pam_keyinit module.
There is a line:
session optional pam_keyinit.so force revoke
in /etc/pam.d/login, but not in /etc/pam.d/lightdm.
So linkage of user and session keyrings is apparently done by pam_keyinit module.
There is a line:
session optional pam_keyinit.so force revoke
in /etc/pam.d/login, but not in /etc/pam.d/lightdm.