Gentoo Forums :: View topic - ecryptfs - Could not find key with description:

ecryptfs - Could not find key with description:

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

R.A.P.S
n00b
n00b

Joined: 08 Nov 2008
Posts: 22

Posted: Tue May 19, 2015 9:42 pm Post subject: ecryptfs - Could not find key with description:

Hello,

Last friday i have changed my password (unix+ ecryptfs passphrase).

Today after a reboot the automount via pam.d is broken.

I created a whole new user and try it but i was getting same errors

I used this guide: http://gentoo-en.vfose.ru/wiki/Encrypt_home_directory_with_ecryptfs

DMESG (main problem i think)

Code:

[ 92.599071] Could not find key with description: [20a617c3482bc0bf]
[ 92.599075] process_request_key_err: No key
[ 92.599076] Could not find valid key in user session keyring for sig specified in mount option: [20a617c3482bc0bf]
[ 92.599077] One or more global auth toks could not properly register; rc = [-2]
[ 92.599078] Error parsing options; rc = [-2]

Code:

(rdconf1.c:744): path to luserconf set to /home/gentoo/.pam_mount.conf.xml
(pam_mount.c:568): pam_mount 2.15: entering session stage
(pam_mount.c:616): going to readconfig /home/gentoo/.pam_mount.conf.xml
reenter password for pam_mount:
(rdconf2.c:127): checking sanity of luserconf volume record (/home/.ecryptfs/gentoo/.Private/)
(mount.c:263): Mount info: luserconf, user=gentoo <volume fstype="ecryptfs" server="(null)" path="/home/.ecryptfs/gentoo/.Private/" mountpoint="/home/gentoo" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
(mount.c:660): Password will be sent to helper as-is.
command: '/bin/mount' '-i' '/home/.ecryptfs/gentoo/.Private/'
(spawn.c:136): setting uid to user gentoo
(mount.c:68): Messages from underlying mount program:
(mount.c:72): mount: mount(2) ist fehlgeschlagen: Datei oder Verzeichnis nicht gefunden
(mount.c:554): 14 0 0:14 /root / rw,relatime - btrfs /dev/md1 rw,space_cache
(mount.c:554): 15 14 0:5 / /dev rw,nosuid,relatime - devtmpfs devtmpfs rw,size=10240k,nr_inodes=501565,mode=755
(mount.c:554): 16 14 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
(mount.c:554): 17 14 0:17 / /run rw,nodev,relatime - tmpfs tmpfs rw,size=401476k,mode=755
(mount.c:554): 18 15 0:13 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
(mount.c:554): 19 15 0:11 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620
(mount.c:554): 20 15 0:18 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw
(mount.c:554): 21 14 0:19 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
(mount.c:554): 22 21 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime - debugfs debugfs rw
(mount.c:554): 23 21 0:20 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs cgroup_root rw,size=10240k,mode=755
(mount.c:554): 24 23 0:21 / /sys/fs/cgroup/openrc rw,nosuid,nodev,noexec,relatime - cgroup openrc rw,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc
(mount.c:554): 25 23 0:22 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cpuset rw,cpuset
(mount.c:554): 26 23 0:23 / /sys/fs/cgroup/cpu rw,nosuid,nodev,noexec,relatime - cgroup cpu rw,cpu
(mount.c:554): 27 23 0:24 / /sys/fs/cgroup/cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cpuacct rw,cpuacct
(mount.c:554): 28 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup freezer rw,freezer
(mount.c:554): 29 14 0:14 /marrap /home/.ecryptfs/marrap rw,relatime - btrfs /dev/md1 rw,space_cache
(mount.c:554): 30 16 0:28 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime - binfmt_misc binfmt_misc rw
(mount.c:554): 31 14 0:29 /m.raps /mnt/backup rw,relatime - cifs //10.20.1.134/home/m.raps/ rw,vers=1.0,cache=strict,username=m.raps,domain=intranet,uid=1000,forceuid,gid=1000,forcegid,addr=10.20.1.134,file_mode=0600,dir_mode=0700,nounix,serverino,rsize=61440,wsize=16580,actimeo=1
(mount.c:554): 32 14 0:30 /m.raps /mnt/terminal rw,relatime - cifs //10.20.1.121/users/m.raps/ rw,vers=1.0,cache=strict,username=m.raps,domain=intranet,uid=1000,forceuid,gid=1000,forcegid,addr=10.20.1.121,file_mode=0600,dir_mode=0700,nounix,serverino,rsize=61440,wsize=65536,actimeo=1
(pam_mount.c:522): mount of /home/.ecryptfs/gentoo/.Private/ failed
command: 'pmvarrun' '-u' 'gentoo' '-o' '1'
(pmvarrun.c:254): parsed count value 0
(pam_mount.c:441): pmvarrun says login count is 1
(pam_mount.c:660): done opening session (ret=0)

/etc/pam.d/system-auth

Code:

auth required pam_env.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_ecryptfs.so unwrap
auth optional pam_permit.so
auth optional pam_mount.so

account required pam_unix.so
account optional pam_permit.so

password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_ecryptfs.so
password optional pam_permit.so

session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so
session optional pam_mount.so

/etc/security/pam_mount.conf.xml

Code:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">

<pam_mount>

<debug enable="1" />

<luserconf name=".pam_mount.conf.xml" />

<mntoptions allow="verbosity,users,noauto,rw,exec,nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,ecryptfs_key_bytes,ecryptfs_cipher,ecryptfs_fnek_sig,ecryptfs_unlink_sigs,ecryptfs_sig" />
<mntoptions require="" />

<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>

<logout wait="0" hup="0" term="0" kill="0" />

<lclmount>/bin/mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount>

</pam_mount>

cat /home/gentoo/.pam_mount.conf.xml

Code:

<pam_mount>
<volume noroot="1" fstype="ecryptfs" path="/home/.ecryptfs/gentoo/.Private/" mountpoint="/home/gentoo"/>
</pam_mount>

ll /home/gentoo/.ecryptfs/

Code:

-rwx------ 1 gentoo gentoo 0 19. Mai 22:53 auto-mount
-rwx------ 1 gentoo gentoo 17 19. Mai 22:52 sig-cache.txt
-rwx------ 1 gentoo gentoo 32 19. Mai 22:53 wrapped-passphrase

/etc/fstab

Code:

/dev/md1 / btrfs defaults,subvol=root 0 1
/dev/md1 /home/.ecryptfs/gentoo btrfs defaults,subvol=gentoo 0 2
/dev/mapper/crypt-swap-md0 none swap sw 0 0

/home/.ecryptfs/gentoo/.Private/ /home/gentoo ecryptfs noauto,user,exec,rw,ecryptfs_sig=20a617c3482bc0bf,ecryptfs_cipher=aes,ecryptfs_key_bytes=24,ecryptfs_fnek_sig=20a617c3482bc0bf,ecryptfs_unlink_sigs 0 0

keyctl show

Code:

Session Keyring
586621881 --alswrv 0 65534 keyring: _uid_ses.0
317398737 --alswrv 0 65534 \_ keyring: _uid.0

I tried to fix it the whole day but now i am out of ideas.
I think there is some problem with pam.d that dosent pass trough the password correctly.

Have someone here already dealt with this?

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy