Okay, I'm not totally clear on what's left to this bug.
What I really need (Michal, Tyler) is a clear reproduce case.
Here's what I've tested ...
1) user "foo" has an encrypted home directory, logs in, is able to read/write his home data
2) user "foo" logs out of all open sessions, and his home directory is unmounted
3) in my testing, that user's key is cleared; i can't find any evidence of it still hanging around
4) at this point, i can login as root, i can't see the keyring for "foo", i can su - foo, but his key is not available
5) as root, if foo's key is not available, and ~foo is not mounted, I cannot see any of foo's data
This is all "as expected" as far as I can tell. Can you guys please clarify the vector by which the key is still exposed?
Okay, I'm not totally clear on what's left to this bug.
What I really need (Michal, Tyler) is a clear reproduce case.
Here's what I've tested ...
1) user "foo" has an encrypted home directory, logs in, is able to read/write his home data
2) user "foo" logs out of all open sessions, and his home directory is unmounted
3) in my testing, that user's key is cleared; i can't find any evidence of it still hanging around
4) at this point, i can login as root, i can't see the keyring for "foo", i can su - foo, but his key is not available
5) as root, if foo's key is not available, and ~foo is not mounted, I cannot see any of foo's data
This is all "as expected" as far as I can tell. Can you guys please clarify the vector by which the key is still exposed?
:-Dustin