Add the pam_keyinit session module, to create a new session keyring on login (closes: #734816).

author: Colin Watson <cjwatson@debian.org> 2014-02-10 03:08:45 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-10 03:08:45 +0000
commit: ca7f6f719ad5f168b25165caaff658f21c784c4e (patch)
tree: ca5f159311e5786b602b523e397fa7dbd31d100e
parent: a2b8818c5d21cfcba443625251f691a2ea3a29c7 (diff)
2 files changed, 5 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 38869d995..1b0e27201 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,8 @@ openssh (1:6.5p1-1) UNRELEASED; urgency=medium
    reasoning.
  * Add OpenPGP signature checking configuration to watch file (thanks,
    Daniel Kahn Gillmor; closes: #732441).
+  * Add the pam_keyinit session module, to create a new session keyring on
+    login (closes: #734816).
 -- Colin Watson <cjwatson@debian.org>  Sun, 09 Feb 2014 15:52:14 +0000
diff --git a/debian/openssh-server.sshd.pam b/debian/openssh-server.sshd.pam
index 5f7ab2f60..7978b0c64 100644
--- a/debian/openssh-server.sshd.pam
+++ b/debian/openssh-server.sshd.pam
@@ -21,6 +21,9 @@ session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_
 # Set the loginuid process attribute.
 session    required     pam_loginuid.so
+# Create a new session keyring.
+session    optional     pam_keyinit.so force revoke
 # Standard Un*x session setup and teardown.
 @include common-session
author	Colin Watson <cjwatson@debian.org>	2014-02-10 03:08:45 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-10 03:08:45 +0000
commit	ca7f6f719ad5f168b25165caaff658f21c784c4e (patch)
tree	ca5f159311e5786b602b523e397fa7dbd31d100e
parent	a2b8818c5d21cfcba443625251f691a2ea3a29c7 (diff)