diff options
| author | ppkarwasz <piotr.github@karwasz.org> | 2019-11-28 15:33:51 +0100 |
|---|---|---|
| committer | Tomáš Mráz <t8m@users.noreply.github.com> | 2019-11-28 15:33:51 +0100 |
| commit | 3798dfdc346e482c9678dd376e6d1ebe5dd66714 (patch) | |
| tree | 2c32fadbf98a3116678c601383d937ddb0ce5ffb /modules/pam_keyinit/pam_keyinit.8.xml | |
| parent | 7fbb8592fb75dac96b31a26de7528917060eb589 (diff) | |
| download | pam-3798dfdc346e482c9678dd376e6d1ebe5dd66714.tar.gz pam-3798dfdc346e482c9678dd376e6d1ebe5dd66714.tar.bz2 pam-3798dfdc346e482c9678dd376e6d1ebe5dd66714.zip | |
Adds an auth module to pam_keyinit (#150)
Adds an auth module to pam_keyinit, whose implementation of
pam_sm_setcred
is identical to the implementation of pam_sm_open_session.
It is useful with PAM applications, which call pam_setcred,
before calling pam_open_session.
* modules/pam_keyinit/pam_keyinit.c: Add an auth module to pam_keyinit.
* modules/pam_keyinit/pam_keyinit.8.xml: Update the manpage
to describe the new functionality.
Diffstat (limited to 'modules/pam_keyinit/pam_keyinit.8.xml')
| -rw-r--r-- | modules/pam_keyinit/pam_keyinit.8.xml | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml index bcc50964..43189494 100644 --- a/modules/pam_keyinit/pam_keyinit.8.xml +++ b/modules/pam_keyinit/pam_keyinit.8.xml @@ -37,18 +37,32 @@ session keyring other than the user default session keyring. </para> <para> - The session component of the module checks to see if the process's - session keyring is the user default, and, if it is, creates a new - anonymous session keyring with which to replace it. - </para> - <para> - If a new session keyring is created, it will install a link to the user - common keyring in the session keyring so that keys common to the user - will be automatically accessible through it. + The module checks to see if the process's session keyring is the + <citerefentry> + <refentrytitle>user-session-keyring</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>, + and, if it is, creates a new + <citerefentry> + <refentrytitle>session-keyring</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + with which to replace it. If a new session keyring is created, it will + install a link to the + <citerefentry> + <refentrytitle>user-keyring</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + in the session keyring so that keys common to the user will be + automatically accessible through it. The session keyring of the invoking + process will thenceforth be inherited by all its children unless they override it. </para> <para> - The session keyring of the invoking process will thenceforth be inherited - by all its children unless they override it. + In order to allow other PAM modules to attach tokens to the keyring, this module + provides both an <emphasis>auth</emphasis> (limited to + <citerefentry> + <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> + and a <emphasis>session</emphasis> component. The session keyring is created + in the module called. Moreover this module should be included as early as + possible in a PAM configuration. </para> <para> This module is intended primarily for use by login processes. Be aware @@ -62,11 +76,6 @@ their own permissions system to manage this. </para> <para> - This module should be included as early as possible in a PAM - configuration, so that other PAM modules can attach tokens to the - keyring. - </para> - <para> The keyutils package is used to manipulate keys more directly. This can be obtained from: </para> |