Bug#1068378: xdm: pam_keyinit is missing from /etc/pam.d/xdm

Łukasz Stelmach Thu, 04 Apr 2024 02:48:30 -0700

Package: xdm
Version: 1:1.1.11-3+b2
Severity: normal
X-Debbugs-Cc: none, Łukasz Stelmach <l.stelm...@samsung.com>


Dear Maintainer,

pam_keyinit is missing from the /etc/pam.d/xdm configuration
file. Therefore, it is not possible to access the session keyring from
programs running in a session started by xdm.

The patch will follow.

PS. Below there is a modifide pam file from my system which makes it
possible to access the session keyring.

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64, armel

Kernel: Linux 6.5.0-0.deb12.4-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xdm depends on:
ii  cpp                        4:12.2.0-3
ii  debconf [debconf-2.0]      1.5.82
ii  libc6                      2.36-9+deb12u4
ii  libcrypt1                  1:4.4.33-2
ii  libpam0g                   1.5.2-6+deb12u1
ii  libselinux1                3.4-1+b6
ii  libx11-6                   2:1.8.4-2+deb12u2
ii  libxau6                    1:1.0.9-1
ii  libxaw7                    2:1.0.14-1
ii  libxdmcp6                  1:1.1.2-3
ii  libxext6                   2:1.3.4-1+b1
ii  libxft2                    2.3.6-1
ii  libxinerama1               2:1.1.4-3
ii  libxmu6                    2:1.1.3-3
ii  libxpm4                    1:3.5.12-1.1+deb12u1
ii  libxrender1                1:0.9.10-1.1
ii  libxt6                     1:1.2.1-1.1
ii  lsb-base                   11.6
ii  procps                     2:4.0.2-3
ii  sysvinit-utils [lsb-base]  3.06-4
ii  x11-utils                  7.7+5
ii  x11-xserver-utils          7.7+9+b1

xdm recommends no packages.

xdm suggests no packages.

-- Configuration Files:
/etc/pam.d/xdm changed:
auth            requisite       pam_nologin.so
auth            required        pam_env.so
auth            required        pam_env.so envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad]        
pam_selinux.so close
session required        pam_loginuid.so
session optional        pam_keyinit.so force revoke
session [success=ok ignore=ignore module_unknown=ignore default=bad]        
pam_selinux.so open
session         required        pam_limits.so
@include common-auth
@include common-account
@include common-session
@include common-password


-- debconf information:
* shared/default-x-display-manager: xdm
  xdm/daemon_name: /usr/bin/xdm
  xdm/stop_running_server_with_children: false

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics

signature.asc
Description: PGP signature

Bug#1068378: xdm: pam_keyinit is missing from /etc/pam.d/xdm

Reply via email to