David Howells píše v Po 13. 08. 2012 v 22:21 +0100: > Milan Knížek <knizek.confy@xxxxxxxxx> wrote: > > > How does one arrange that the session keyring is set up properly for > > various login methods? > ... > > pam_keyinit.so was already in /etc/pam.d/gdm-password, though when > > logged in into Xfce from GDM, then "cifscreds add" typed in > > xfce4-terminal complains about non-persistent keyring. > > What name does gdm use when logging in? I see five different names in the > list above. > In Arch, gdm-welcome is used for GDM greeter (run under user gdm) and gdm-password for the user about to log in. I tried to change the "optional" to "required" in gdm-password: session required pam_keyinit.so force revoke and the user was not able to login then. With "optional", the user logs in but the keyring is then probably created by some other process w/o pam_keyinit. With session optional pam_keyinit.so force revoke debug the /var/log/gdm/:0-slave.log shows: gdm-password][19678]: pam_keyinit(gdm-password:session): OPEN 1 gdm-password][19678]: pam_keyinit(gdm-password:session): UID:1000 [0] GID:100 [100] gdm-password][19678]: pam_keyinit(gdm-password:session): JOIN = -1 A bit of googling revealed some info (comment 13): https://bugs.freedesktop.org/show_bug.cgi?id=49211 I do not understand much of the comments there and what is causing the failure (gdm, kernel, pam_keyinit), however I can see that you - David - got involved (comment 26) and provided a patch to kernel. If it is related, in which version of kernel was this patch released? My versions are: linux 3.4.8-1-ARCH, gdm 3.4.1-2 regards, Milan -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
