Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   8420 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PAM_KEYINIT(8)							PAM_KEYINIT(8)

NAME
       pam_keyinit - Kernel session keyring initialiser module

SYNOPSIS
       pam_keyinit.so [debug] [force] [revoke]

DESCRIPTION
       The pam_keyinit PAM module ensures that the invoking process has a ses‐
       sion keyring other than the user default session keyring.

       The session component of the module checks to see if the process's ses‐
       sion  keyring  is the user default, and, if it is, creates a new anony‐
       mous session keyring with which to replace it.

       If a new session keyring is created, it will install a link to the user
       common  keyring	in the session keyring so that keys common to the user
       will be automatically accessible through it.

       The session keyring of the invoking process will thenceforth be	inher‐
       ited by all its children unless they override it.

       This  module is intended primarily for use by login processes. Be aware
       that after the session keyring  has  been  replaced,  the  old  session
       keyring and the keys it contains will no longer be accessible.

       This  module  should  not,  generally,  be invoked by programs like su,
       since it is usually desirable for the key set to percolate  through  to
       the  alternate  context.	 The keys have their own permissions system to
       manage this.

       This module should be included as early as possible in a PAM configura‐
       tion, so that other PAM modules can attach tokens to the keyring.

       The keyutils package is used to manipulate keys more directly. This in‐
       cluded in the Fedora Extras 5+ and Red Hat Enterprise Linux 4  U2+  and
       can also be obtained from:

	Keyutils : http://people.redhat.com/~dhowells/keyutils/

OPTIONS
       debug  Log debug information with syslog(3).

       force  Causes  the  session  keyring  of the invoking process to be re‐
	      placed unconditionally.

       revoke Causes the session keyring of the invoking process to be revoked
	      when  the invoking process exits if the session keyring was cre‐
	      ated for this process in the first place.

MODULE SERVICES PROVIDED
       Only the session service is supported.

RETURN VALUES
       PAM_SUCCESS
	      This module will usually return this value

       PAM_AUTH_ERR
	      Authentication failure.

       PAM_BUF_ERR
	      Memory buffer error.

       PAM_IGNORE
	      The return value should be ignored by PAM dispatch.

       PAM_SERVICE_ERR
	      Cannot determine the user name.

       PAM_SESSION_ERR
	      This module will return this value if its arguments are  invalid
	      or if a system error such as ENOMEM occurs.

       PAM_USER_UNKNOWN
	      User not known.

EXAMPLES
       Add  this  line	to your login entries to start each login session with
       its own session keyring:

       session	required  pam_keyinit.so

       This will prevent keys from one session leaking	into  another  session
       for the same user.

SEE ALSO
	pam.conf(5), pam.d(8), pam(8)  keyctl(1)

AUTHOR
       pam_keyinit was written by David Howells, <dhowells@redhat.com>.

								PAM_KEYINIT(8)

Vote for polarhome