diff options
Diffstat (limited to 'Linux-PAM/modules/pam_keyinit/README')
-rw-r--r-- | Linux-PAM/modules/pam_keyinit/README | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/Linux-PAM/modules/pam_keyinit/README b/Linux-PAM/modules/pam_keyinit/README deleted file mode 100644 index 38344d9a..00000000 --- a/Linux-PAM/modules/pam_keyinit/README +++ /dev/null @@ -1,68 +0,0 @@ -pam_keyinit — Kernel session keyring initialiser module - -━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ - -DESCRIPTION - -The pam_keyinit PAM module ensures that the invoking process has a session -keyring other than the user default session keyring. - -The session component of the module checks to see if the process's session -keyring is the user default, and, if it is, creates a new anonymous session -keyring with which to replace it. - -If a new session keyring is created, it will install a link to the user common -keyring in the session keyring so that keys common to the user will be -automatically accessible through it. - -The session keyring of the invoking process will thenceforth be inherited by -all its children unless they override it. - -This module is intended primarily for use by login processes. Be aware that -after the session keyring has been replaced, the old session keyring and the -keys it contains will no longer be accessible. - -This module should not, generally, be invoked by programs like su, since it is -usually desirable for the key set to percolate through to the alternate -context. The keys have their own permissions system to manage this. - -This module should be included as early as possible in a PAM configuration, so -that other PAM modules can attach tokens to the keyring. - -The keyutils package is used to manipulate keys more directly. This can be -obtained from: - -Keyutils - -OPTIONS - -debug - - Log debug information with syslog(3). - -force - - Causes the session keyring of the invoking process to be replaced - unconditionally. - -revoke - - Causes the session keyring of the invoking process to be revoked when the - invoking process exits if the session keyring was created for this process - in the first place. - -EXAMPLES - -Add this line to your login entries to start each login session with its own -session keyring: - -session required pam_keyinit.so - - -This will prevent keys from one session leaking into another session for the -same user. - -AUTHOR - -pam_keyinit was written by David Howells, <dhowells@redhat.com>. - |