Comment 14 for bug 313812
Revision history for this message
| Dustin Kirkland (kirkland) wrote Re: umount of ecryptfs does not automatically clear the keyring (was: ecryptfs can be mounted with any passphrase) | #14 |
With the help of David Howells here at LCA2010, I actually have a working fix for this.
There's a couple of moving pieces. There's a minor patch to pam_keyinit.so, a small patch to ecryptfs-utils using the session keyring, rather than the user keyring, and adding pam_keyinit.so in the proper places in the pam stack (I think Fedora already has it, however, SELinux might cause some problems).
Stay tuned, I'll commit a fix once I'm satisfied with my testing.
:-Dustin