Hi Dinesh,
Did you do a 'keyctl link @us @s' after logging in?
And could you tell me how you aceive 2. Because according to documentation it is not possible to have systemd-ask-password insert a key into a users keylist:
--keyname=
Configure a kernel keyring key name to use as cache for the password. If set, then the tool will try to push any collected passwords into the
kernel keyring of the root user
-Sietse
________________________________________
From: systemd-devel <systemd-devel-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Dinesh Prasanth Moluguwan Krishnamoorthy <dmoluguw@xxxxxxxxxx>
Sent: Thursday, December 6, 2018 04:11
To: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Systemd and kernel keyring
Hi team,
I'm working on accessing kernel keyring in my application started using
systemd.
The list of steps I'm doing:
1. Starting a systemd service with `KeyringMode=shared` as a SPECIFIC
USER
2. In the `ExecStartPre`, I'm launching a subprocess that invokes
`systemd-ask-password` to accept the input and store it in the USER's
kernel keyring
3. In the main program started using `ExecStart`, I'm accessing the
value stored in the keyring
I'm able to access the values from my main program -- everything works
as expected! When I try to login as that specific user and do a `keyctl
show @u`, I find the entry.
However, when I try to do `keyctl print <keyID>`, it throws "Permission
Denied" error. IIUC, this protects the keys in the keyring from
accessing outside the systemd service. Is it the desired behaviour?
I have the sample systemd unit file available in [1].
[1]
https://github.com/SilleBille/keyctl-java-test/blob/master/pki-tomcatd-nuxwdog%40pki-tomcat.service
Thanks,
Dinesh
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Systemd and kernel keyring
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Systemd and kernel keyring
- From: Sietse van Zanen <sietse@xxxxxxxxx>
- Date: Thu, 6 Dec 2018 11:57:10 +0000
- Accept-language: en-US
- In-reply-to: <88e3d1e6a9633132d4a08f1bb6c4e40939b68154.camel@redhat.com>
- References: <88e3d1e6a9633132d4a08f1bb6c4e40939b68154.camel@redhat.com>
- Follow-Ups:
- Re: Systemd and kernel keyring
- From: Dinesh Prasanth Moluguwan Krishnamoorthy
- Re: Systemd and kernel keyring
- From: Bruno Vernay
- Re: Systemd and kernel keyring
- References:
- Systemd and kernel keyring
- From: Dinesh Prasanth Moluguwan Krishnamoorthy
- Systemd and kernel keyring
- Prev by Date: Systemd and kernel keyring
- Next by Date: Re: Systemd and kernel keyring
- Previous by thread: Systemd and kernel keyring
- Next by thread: Re: Systemd and kernel keyring
- Index(es):
 |