To fix this bug, some package would need to provide a PAM module to integrate with this keystore and rekey when the password changes. I don't think pam itself is an appropriate place for this; it should be maintained somewhere more closely tied to the implementation of the keystore in question - either cryptsetup, or in some standalone package that provides this integration.
To fix this bug, some package would need to provide a PAM module to integrate with this keystore and rekey when the password changes. I don't think pam itself is an appropriate place for this; it should be maintained somewhere more closely tied to the implementation of the keystore in question - either cryptsetup, or in some standalone package that provides this integration.
Reassigning to cryptsetup for the moment.