From c44d290f3b5f221e7617bdb409bb8e44ceafef3e Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 20 Jul 2012 10:30:50 -0400 Subject: cifscreds: add a check and warnings for session keyring problems MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Many distros do not call into pam_keyinit to set up the session keyring properly at login time. When cifscreds add is used in such a session, the kernel will spawn a new session keyring in which to install the credentials. That keyring will then go away once the cifscreds process exits. Check for this situation by looking to see if the session and user-session keyrings are the same. Throw a warning if so, and add some verbiage to the cifscreds manpage that explains the issue. Also, if the session keyring can't be queried for any reason, then cause the program to error out. Acked-by: David Howells Reported-by: Milan Knížek Signed-off-by: Jeff Layton --- cifscreds.pod | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'cifscreds.pod') diff --git a/cifscreds.pod b/cifscreds.pod index 17e453f..c3bafb5 100644 --- a/cifscreds.pod +++ b/cifscreds.pod @@ -79,6 +79,14 @@ The cifscreds utility requires a kernel built with support for the B key type. That key type was added in v3.3 in mainline Linux kernels. +Since B adds keys to the session keyring, it is highly +recommended that one use B to ensure that a session keyring +is established at login time. + +=head1 SEE ALSO + +pam_keyinit(8) + =head1 AUTHORS The cifscreds program was originally developed by Igor Druzhinin -- cgit v1.2.3