pam: include pam_keyinit.so in our PAM fragments

We want that elogind --user gets its own keyring as usual, even if the
barebones PAM snippet we ship upstream is used. If we don't do this we get the
basic keyring elogind --system sets up for us.

diff --git a/src/login/elogind-user.m4 b/src/login/elogind-user.m4
index 2cb247488cc90ca58afb9d5b4cc643bd9cd8132c..8eb8b3bff53f2eba859d2e32f1afe56992bad733 100644 (file)
--- a/src/login/elogind-user.m4
+++ b/src/login/elogind-user.m4
@@ -3,10 +3,10 @@
 # Used by systemd --user instances.
 
 account required pam_unix.so
 # Used by systemd --user instances.
 
 account required pam_unix.so

-

 m4_ifdef(`HAVE_SELINUX',
 m4_ifdef(`HAVE_SELINUX',

-session  required pam_selinux.so close
-session  required pam_selinux.so nottys open
+session required pam_selinux.so close
+session required pam_selinux.so nottys open

 )m4_dnl
 )m4_dnl

-session  required pam_loginuid.so
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke

 session optional pam_elogind.so
 session optional pam_elogind.so