2.12.e pam_keystore


Pam_keystore is a PAM module for storing the user name and password in the keystore service provided by the Linux kernel. keyexec needs it to run. It is used for mounting network drives, with user accounts stored on the server. This module is included in Calculate Linux Desktop.

Using pam_keystore

On a Gentoo distribution

To activate the module, modify the /etc/pam.d/system-auth file as shown below:

auth       required     pam_env.so
auth       optional     pam_keystore.so use_first_pass
auth       sufficient   pam_unix.so use_first_pass
auth       required     pam_deny.so

Namely, you must add

auth      optional   pam_keystore.so use_first_pass

Getting user password from the kernel keystore service

The password of an authorised user can be obtained by the root user only.

The user cannot get their password by themselves.

To get the user password, execute as root:

keyctl print $( keyctl request user user_name )

where user_name is the name of the authorised user.

Note: keyctl is included in sys-apps/keyutils.

Thank you!