R.A.P.S n00b
Joined: 08 Nov 2008 Posts: 22
|
Posted: Tue May 19, 2015 9:42 pm Post subject: ecryptfs - Could not find key with description: |
|
|
Hello,
Last friday i have changed my password (unix+ ecryptfs passphrase).
Today after a reboot the automount via pam.d is broken.
I created a whole new user and try it but i was getting same errors
I used this guide: http://gentoo-en.vfose.ru/wiki/Encrypt_home_directory_with_ecryptfs
DMESG (main problem i think)
Code: |
[ 92.599071] Could not find key with description: [20a617c3482bc0bf]
[ 92.599075] process_request_key_err: No key
[ 92.599076] Could not find valid key in user session keyring for sig specified in mount option: [20a617c3482bc0bf]
[ 92.599077] One or more global auth toks could not properly register; rc = [-2]
[ 92.599078] Error parsing options; rc = [-2]
|
Login via KDM/SSH/SU/SHELL
Code: |
(rdconf1.c:744): path to luserconf set to /home/gentoo/.pam_mount.conf.xml
(pam_mount.c:568): pam_mount 2.15: entering session stage
(pam_mount.c:616): going to readconfig /home/gentoo/.pam_mount.conf.xml
reenter password for pam_mount:
(rdconf2.c:127): checking sanity of luserconf volume record (/home/.ecryptfs/gentoo/.Private/)
(mount.c:263): Mount info: luserconf, user=gentoo <volume fstype="ecryptfs" server="(null)" path="/home/.ecryptfs/gentoo/.Private/" mountpoint="/home/gentoo" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
(mount.c:660): Password will be sent to helper as-is.
command: '/bin/mount' '-i' '/home/.ecryptfs/gentoo/.Private/'
(spawn.c:136): setting uid to user gentoo
(mount.c:68): Messages from underlying mount program:
(mount.c:72): mount: mount(2) ist fehlgeschlagen: Datei oder Verzeichnis nicht gefunden
(mount.c:554): 14 0 0:14 /root / rw,relatime - btrfs /dev/md1 rw,space_cache
(mount.c:554): 15 14 0:5 / /dev rw,nosuid,relatime - devtmpfs devtmpfs rw,size=10240k,nr_inodes=501565,mode=755
(mount.c:554): 16 14 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
(mount.c:554): 17 14 0:17 / /run rw,nodev,relatime - tmpfs tmpfs rw,size=401476k,mode=755
(mount.c:554): 18 15 0:13 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
(mount.c:554): 19 15 0:11 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620
(mount.c:554): 20 15 0:18 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw
(mount.c:554): 21 14 0:19 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
(mount.c:554): 22 21 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime - debugfs debugfs rw
(mount.c:554): 23 21 0:20 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs cgroup_root rw,size=10240k,mode=755
(mount.c:554): 24 23 0:21 / /sys/fs/cgroup/openrc rw,nosuid,nodev,noexec,relatime - cgroup openrc rw,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc
(mount.c:554): 25 23 0:22 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cpuset rw,cpuset
(mount.c:554): 26 23 0:23 / /sys/fs/cgroup/cpu rw,nosuid,nodev,noexec,relatime - cgroup cpu rw,cpu
(mount.c:554): 27 23 0:24 / /sys/fs/cgroup/cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cpuacct rw,cpuacct
(mount.c:554): 28 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup freezer rw,freezer
(mount.c:554): 29 14 0:14 /marrap /home/.ecryptfs/marrap rw,relatime - btrfs /dev/md1 rw,space_cache
(mount.c:554): 30 16 0:28 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime - binfmt_misc binfmt_misc rw
(mount.c:554): 31 14 0:29 /m.raps /mnt/backup rw,relatime - cifs //10.20.1.134/home/m.raps/ rw,vers=1.0,cache=strict,username=m.raps,domain=intranet,uid=1000,forceuid,gid=1000,forcegid,addr=10.20.1.134,file_mode=0600,dir_mode=0700,nounix,serverino,rsize=61440,wsize=16580,actimeo=1
(mount.c:554): 32 14 0:30 /m.raps /mnt/terminal rw,relatime - cifs //10.20.1.121/users/m.raps/ rw,vers=1.0,cache=strict,username=m.raps,domain=intranet,uid=1000,forceuid,gid=1000,forcegid,addr=10.20.1.121,file_mode=0600,dir_mode=0700,nounix,serverino,rsize=61440,wsize=65536,actimeo=1
(pam_mount.c:522): mount of /home/.ecryptfs/gentoo/.Private/ failed
command: 'pmvarrun' '-u' 'gentoo' '-o' '1'
(pmvarrun.c:254): parsed count value 0
(pam_mount.c:441): pmvarrun says login count is 1
(pam_mount.c:660): done opening session (ret=0)
|
/etc/pam.d/system-auth
Code: |
auth required pam_env.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_ecryptfs.so unwrap
auth optional pam_permit.so
auth optional pam_mount.so
account required pam_unix.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_ecryptfs.so
password optional pam_permit.so
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so
session optional pam_mount.so
|
/etc/security/pam_mount.conf.xml
Code: |
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="1" />
<luserconf name=".pam_mount.conf.xml" />
<mntoptions allow="verbosity,users,noauto,rw,exec,nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,ecryptfs_key_bytes,ecryptfs_cipher,ecryptfs_fnek_sig,ecryptfs_unlink_sigs,ecryptfs_sig" />
<mntoptions require="" />
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
<logout wait="0" hup="0" term="0" kill="0" />
<lclmount>/bin/mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount>
</pam_mount>
|
cat /home/gentoo/.pam_mount.conf.xml
Code: |
<pam_mount>
<volume noroot="1" fstype="ecryptfs" path="/home/.ecryptfs/gentoo/.Private/" mountpoint="/home/gentoo"/>
</pam_mount>
|
ll /home/gentoo/.ecryptfs/
Code: |
-rwx------ 1 gentoo gentoo 0 19. Mai 22:53 auto-mount
-rwx------ 1 gentoo gentoo 17 19. Mai 22:52 sig-cache.txt
-rwx------ 1 gentoo gentoo 32 19. Mai 22:53 wrapped-passphrase
|
/etc/fstab
Code: |
/dev/md1 / btrfs defaults,subvol=root 0 1
/dev/md1 /home/.ecryptfs/gentoo btrfs defaults,subvol=gentoo 0 2
/dev/mapper/crypt-swap-md0 none swap sw 0 0
/home/.ecryptfs/gentoo/.Private/ /home/gentoo ecryptfs noauto,user,exec,rw,ecryptfs_sig=20a617c3482bc0bf,ecryptfs_cipher=aes,ecryptfs_key_bytes=24,ecryptfs_fnek_sig=20a617c3482bc0bf,ecryptfs_unlink_sigs 0 0
|
keyctl show
Code: |
Session Keyring
586621881 --alswrv 0 65534 keyring: _uid_ses.0
317398737 --alswrv 0 65534 \_ keyring: _uid.0
|
I tried to fix it the whole day but now i am out of ideas.
I think there is some problem with pam.d that dosent pass trough the password correctly.
Have someone here already dealt with this? |
|