[Pkg-shadow-devel] Bug#734671: enable pam_keyinit by default

Russ Allbery rra at debian.org
Fri Jan 10 02:20:55 UTC 2014

Steve Langasek <vorlon at debian.org> writes:

> Unfortunately, there's no central way to configure PAM modules only for
> use in login sessions.  As with pam_selinux and pam_loginuid, the only
> way to do this is for each service to include the module directly in
> their own PAM config.

I gather this isn't the same thing as what common-session-noninteractive
is for?  I hadn't completely followed how that worked.

Regardless, thanks!  I spent some time day before yesterday debugging this
with MIT Kerberos upstream, since the behavior of keyring caches without
an active session is really weird.  Everything works but then the results

Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

More information about the Pkg-shadow-devel mailing list