should be specified, and
.I plen
should be zero.
+.TP
+.IR """logon""" " (since Linux 3.3)"
+.\" commit 9f6ed2ca257fa8650b876377833e6f14e272848b
+This key type is essentially the same as
+.IR """user""" ,
+but does not provide a read operation,
+meaning that the key payload is never visible from user space.
+This is suitable for storing username and password pairs in the keyring
+that you do not want to be readable from user space.
+
+This key type also vets the
+.I description
+to ensure that it is qualified by a "service" prefix,
+by checking to ensure that the
+.I description
+contains a ':' that is preceded by other characters.
.SH RETURN VALUE
On success,
.BR add_key ()
.B EINVAL
The payload data was invalid.
.TP
+.B EINVAL
+.IR type
+was
+.IR """logon"""
+and the
+.I description
+was not qualified with a prefix string of the form
+.IR """service:""" .
+.TP
.B EKEYEXPIRED
The keyring has expired.
.TP