Your message dated Sun, 16 Apr 2023 07:12:46 +0200
with message-id <[email protected]>
and subject line kdm has been superseded by sddm
has caused the Debian Bug report #734819,
regarding enable pam_keyinit by default
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
734819: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734819
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-runtime
Version: 1.1.3-10
Severity: wishlist
It would be better for any application that uses the kernel keyring
if pam_keyinit were run by default in the PAM session stack. Without
this module, users are placed in a default UID-based user session,
which doesn't isolate each session's keys.
Worse, currently (although this is a separate bug that's been
separately reported and may be fixed in the future), the kernel uses
the UID session for reading, but when writing creates a new session
keyring that's limited to children of the writing process. This
basically makes use of keyring Kerberos caches impossible unless one
does the equivalent of what pam_keyinit does first. It's rather
inobvious that this is necessary.
The problem with this, which will make it more complex, is that one
generally does not want to create a new session keyring when running
commands like su or sudo, just for login sessions, since you normally
want to preserve the user's existing credentials. I'm not sure what
this means for how to achieve this configuration.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.11-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-runtime depends on:
ii debconf [debconf-2.0] 1.5.52
ii libpam-modules 1.1.3-10
libpam-runtime recommends no packages.
libpam-runtime suggests no packages.
-- debconf information:
libpam-runtime/profiles: unix, systemd, consolekit
libpam-runtime/no_profiles_chosen:
libpam-runtime/conflicts:
libpam-runtime/title:
libpam-runtime/override: false
--- End Message ---
--- Begin Message ---
Version: 4:4.11.22-3+rm
kdm was last released with Debian 8 (jessie) in April 2015
and was removed from the Debian archive afterwards.
It has been superseded by sddm.
See https://bugs.debian.org/803635 for details on the removal.
I'm closing the remaining bug reports now.
Andreas
--- End Message ---
