View previous topic :: View next topic |
Author |
Message |
petan n00b
Joined: 18 Jan 2016 Posts: 55
|
Posted: Tue Jan 19, 2016 8:24 pm Post subject: Unable to mount ecryptfs on login in KDE login screen |
|
|
I tried following this manual, which is almost perfect http://gentoo-en.vfose.ru/wiki/Encrypt_home_directory_with_ecryptfs except it doesn't work
Now I have a problem that my home doesn't get mounted on login, in logs I have
Code: | Jan 19 21:08:21 localhost kdm[4180]: :0[4180]: pam_ecryptfs: NULL passphrase; aborting
Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: pam_unix(kde:session): session opened for user petanb by (uid=0)
Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: PAM prompt outside authentication phase
Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: (pam_mount.c:173): conv->conv(...): Conversation error
Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: (pam_mount.c:477): warning: could not obtain password interactively either
Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: (rdconf2.c:70): option "nodev" required
Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: Luser volume for /home/petanb is missing options that are required by global <mntoptions>
Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: pam_ck_connector(kde:session): nox11 mode, ignoring PAM_TTY :0 |
it seems that PAM for some reason doesn't forward the password to ecryptfs modules |
|
Back to top |
|
|
petan n00b
Joined: 18 Jan 2016 Posts: 55
|
Posted: Thu Jan 21, 2016 8:53 am Post subject: |
|
|
I got more information after debugging, there were issues with configuration of /etc/security/pam_mount* there was missing line:
Code: | <mntoptions require="" /> |
However, now that I try to switch to my user I get another error:
mount: only root can use --types option
Or eventually after some hacking:
mount: only root can mount /home/.ecryptfs/petr.bena/.Private on /home/petr.bena
Is there any way to allow PAM module to execute mount? I don't really care if giving PAM or regular users powers to do mount is security issue, having non-encrypted home folder is 200 times bigger issue to me. |
|
Back to top |
|
|
petan n00b
Joined: 18 Jan 2016 Posts: 55
|
Posted: Thu Jan 21, 2016 9:50 am Post subject: |
|
|
When I added "users" options in fstab for my mount, I get
Code: | localhost .ecryptfs # su - petr.bena
(rdconf1.c:744): path to luserconf set to /home/petr.bena/.pam_mount.conf.xml
(pam_mount.c:568): pam_mount 2.15: entering session stage
(pam_mount.c:616): going to readconfig /home/petr.bena/.pam_mount.conf.xml
reenter password for pam_mount:
(rdconf2.c:127): checking sanity of luserconf volume record (/home/.ecryptfs/petr.bena/.Private)
(mount.c:263): Mount info: luserconf, user=petr.bena <volume fstype="ecryptfs" server="(null)" path="/home/.ecryptfs/petr.bena/.Private" mountpoint="/home/petr.bena" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="noauto,users,rw,nodev,nosuid,relatime,ecryptfs_fnek_sig=3eaebb9ccb5a25be,ecryptfs_sig=3eaebb9ccb5a25be,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs" /> fstab=1 ssh=0
(mount.c:660): Password will be sent to helper as-is.
command: '/bin/mount' '-i' '/home/.ecryptfs/petr.bena/.Private'
(spawn.c:136): setting uid to user petr.bena
(mount.c:68): Messages from underlying mount program:
(mount.c:72): mount: mount(2) failed: No such file or directory
|
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|