|
Packit |
7e982e |
pam_keyinit — Kernel session keyring initialiser module
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
DESCRIPTION
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
The pam_keyinit PAM module ensures that the invoking process has a session
|
|
Packit |
7e982e |
keyring other than the user default session keyring.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
The session component of the module checks to see if the process's session
|
|
Packit |
7e982e |
keyring is the user default, and, if it is, creates a new anonymous session
|
|
Packit |
7e982e |
keyring with which to replace it.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
If a new session keyring is created, it will install a link to the user common
|
|
Packit |
7e982e |
keyring in the session keyring so that keys common to the user will be
|
|
Packit |
7e982e |
automatically accessible through it.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
The session keyring of the invoking process will thenceforth be inherited by
|
|
Packit |
7e982e |
all its children unless they override it.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
This module is intended primarily for use by login processes. Be aware that
|
|
Packit |
7e982e |
after the session keyring has been replaced, the old session keyring and the
|
|
Packit |
7e982e |
keys it contains will no longer be accessible.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
This module should not, generally, be invoked by programs like su, since it is
|
|
Packit |
7e982e |
usually desirable for the key set to percolate through to the alternate
|
|
Packit |
7e982e |
context. The keys have their own permissions system to manage this.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
This module should be included as early as possible in a PAM configuration, so
|
|
Packit |
7e982e |
that other PAM modules can attach tokens to the keyring.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
The keyutils package is used to manipulate keys more directly. This can be
|
|
Packit |
7e982e |
obtained from:
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
Keyutils
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
OPTIONS
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
debug
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
Log debug information with syslog(3).
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
force
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
Causes the session keyring of the invoking process to be replaced
|
|
Packit |
7e982e |
unconditionally.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
revoke
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
Causes the session keyring of the invoking process to be revoked when the
|
|
Packit |
7e982e |
invoking process exits if the session keyring was created for this process
|
|
Packit |
7e982e |
in the first place.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
EXAMPLES
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
Add this line to your login entries to start each login session with its own
|
|
Packit |
7e982e |
session keyring:
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
session required pam_keyinit.so
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
This will prevent keys from one session leaking into another session for the
|
|
Packit |
7e982e |
same user.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
AUTHOR
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
pam_keyinit was written by David Howells, <dhowells@redhat.com>.
|
|
Packit |
7e982e |
|