From ca7f6f719ad5f168b25165caaff658f21c784c4e Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 10 Feb 2014 03:08:45 +0000
Subject: Add the pam_keyinit session module, to create a new session keyring
 on login (closes: #734816).

---
 debian/changelog               | 2 ++
 debian/openssh-server.sshd.pam | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 38869d995..1b0e27201 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,8 @@ openssh (1:6.5p1-1) UNRELEASED; urgency=medium
     reasoning.
   * Add OpenPGP signature checking configuration to watch file (thanks,
     Daniel Kahn Gillmor; closes: #732441).
+  * Add the pam_keyinit session module, to create a new session keyring on
+    login (closes: #734816).
 
  -- Colin Watson <cjwatson@debian.org>  Sun, 09 Feb 2014 15:52:14 +0000
 
diff --git a/debian/openssh-server.sshd.pam b/debian/openssh-server.sshd.pam
index 5f7ab2f60..7978b0c64 100644
--- a/debian/openssh-server.sshd.pam
+++ b/debian/openssh-server.sshd.pam
@@ -21,6 +21,9 @@ session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_
 # Set the loginuid process attribute.
 session    required     pam_loginuid.so
 
+# Create a new session keyring.
+session    optional     pam_keyinit.so force revoke
+
 # Standard Un*x session setup and teardown.
 @include common-session
 
-- 
cgit v1.2.3