Colin Watson <[email protected]> writes: > On Wed, Jan 08, 2014 at 07:00:54PM -0800, Russ Allbery wrote:
>> It would be better for any application that uses the kernel keyring if >> pam_keyinit were run by default in the PAM session stack. Without this >> module, users are placed in a default UID-based user session, which >> doesn't isolate each session's keys. > OK, I'll do this for 1:6.5p1-1. Following Fedora's configuration, I'll > use "session optional pam_keyinit.so force revoke", which seems > reasonable; let me know if there's some reason this won't work properly > for Debian. That looks correct to me. Thanks! -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
