parthenon
n00b
Joined: 05 Aug 2008
Posts: 21
Location: USA
|
 Posted: Wed Aug 06, 2008 1:04 am Post subject: pam_mount broken by update |
 |
|
Hi everyone,
On my latest "emerge -auvD world", pam got updated to 1.0.1, pambase got updated to 20080318, and pam_mount got updated to 0.43. This seems to have broken pam_mount, since it no longer mounts any directories 
When I turn on debugging in /etc/security/pam_mount.conf.xml, I get the following output at a console login (after typing in password):
========
Password:
pam_mount(pam_mount.c:306) saving authtok for session code (authtok=0x6267b0)
pam_mount(pam_mount.c:458) Entered pam_mount session stage
pam_mount(pam_mount.c:479) back from global readconfig
pam_mount(pam_mount.c:481) per-user configurations not allowed by pam_mount.conf.xml
pam_mount(misc.c:43) Session open: (uid=1000, euid=0, gid=1004, egid=1004)
pam_mount(rdconf2.c:181) checking sanity of volume record (/dev/sda11)
pam_mount(pam_mount.c:533) about to perform mount operations
pam_mount(mount.c:366) information for mount:
pam_mount(mount.c:367) ----------------------
pam_mount(mount.c:368) (defined by globalconf)
pam_mount(mount.c:369) user: sourish
pam_mount(mount.c:370) server:
pam_mount(mount.c:371) volume: /dev/sda11
pam_mount(mount.c:372) mountpoint: /usr/home
pam_mount(mount.c:373) options: cipher=blowfish-cbc-essiv:sha256 hash=sha512 keysize=448
pam_mount(mount.c:374) fs_key_cipher: bf-cbc
pam_mount(mount.c:375) fs_key_path: /etc/crypt.keys/usrhome.key.sourish
pam_mount(mount.c:376) use_fstab: 0
pam_mount(mount.c:377) ----------------------
pam_mount(mount.c:170) realpath of volume "/usr/home" is "/usr/home"
pam_mount(mount.c:174) checking to see if /dev/mapper/_dev_sda11 is already mounted at /usr/home
pam_mount(mount.c:848) checking for encrypted filesystem key configuration
pam_mount(mount.c:857) decrypting FS key using system auth. token and bf-cbc
pam_mount(mount.c:874) about to start building mount command
pam_mount(misc.c:272) command: mount [-t] [crypt] [-o cipher=blowfish-cbc-essiv:sha256 hash=sha512 keysize=448] [/dev/sda11] [/usr/home]
pam_mount(misc.c:43) set_myuid<pre>: (uid=1000, euid=0, gid=1004, egid=1004)
pam_mount(misc.c:43) set_myuid<post>: (uid=0, euid=0, gid=1004, egid=1004)
========
and everything remains stuck here eternally. The relevant portion of my /etc/security/pam_mount.conf.xml is:
========
<volume user="myself"
path="/dev/sda11"
mountpoint="/usr/home"
fstype="crypt"
options="cipher=blowfish-cbc-essiv:sha256 hash=sha512 keysize=448"
fskeypath="/etc/crypt.keys/usrhome.key.myself"
fskeycipher="bf-cbc" />
========
This was working perfectly until this morning, when I updated my packages!
I used
openssl bf-cbc -d -in /etc/crypt.keys/usrhome.key.myself | cryptsetup -c blowfish-cbc-essiv:sha256 -h sha512 -s 448 -b `blockdev --getsize /dev/sda11` create usrhome /dev/sda11
to manually create a mountpoint and check the filesystem -- it's fine. So I finally disabled pam_mount, manually mounted /usr/home this way, and that's how I'm composing this post.
What am I missing?  Please help! |
|
Networking & Security
