© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
> kirkland@t61p:~$ keyctl show
> Session Keyring
> -3 --alswrv 1000 -1 keyring: _uid_ses.1000
> 698440950 --alswrv 1000 -1 \_ keyring: _uid.1000
> 575594151 --alswrv 1000 0 \_ user: 67354f2e3a6c1216
> 940463712 --alswrv 1000 0 \_ user: 1cb12fd405033223
Interesting. You shouldn't have seen this at all. PAM should have given you your own session keyring when you logged in, which should be called "_ses". "_uid_ses.<UID>" is the backup session keyring you fall back to if you don't get a session keyring for some reason.
PAM (pam_keyinit.so) should then make a link to the user keyring in the session keyring. This is done in userspace, not in the kernel.
Can you try stracing "su - kirkland" from root? I see:
keyctl(0x1, 0, 0xffffffffffffffff, 0xfcb, 0) = 355497645
keyctl(0x8, 0xfffffffc, 0xfffffffd, 0, 0x1132700) = 0
which is KEYCTL_
David