1 |
On Tuesday 2010-05-18 23:49, Stefan G. Weichinger wrote: |
2 |
|
3 |
>> # ./mount.crypt -vo |
4 |
>> keyfile=t-crypt.key,fsk_cipher=aes-256-cbc,fsk_hash=md5 /dev/loop94 |
5 |
>> /mnt command: 'readlink' '-fn' '/dev/loop94' command: 'readlink' |
6 |
>> '-fn' '/mnt' Password: mount.crypt(crypto-dmc.c:144): Using |
7 |
>> _dev_loop94 as dmdevice name command: 'mount' '-n' |
8 |
>> '/dev/mapper/_dev_loop94' '/mnt' # df /mnt Filesystem |
9 |
>> 1K-blocks Used Available Use% Mounted on /dev/loop94 |
10 |
>> 62465 5365 53875 10% /mnt |
11 |
>> |
12 |
>> Match? |
13 |
> |
14 |
>Frankly: dunno ;-) |
15 |
>Yes, I am able to follow and understand in general so far ... but ... |
16 |
|
17 |
Right now it's more a case of "let's do it and compare results" |
18 |
than having to thoroughly understand when and where cryptsetup |
19 |
chops off a byte and pads another. |
20 |
|
21 |
That went fine, up to |
22 |
|
23 |
># mount the new fs |
24 |
>mount /dev/mapper/newhome /mnt/gschwind |
25 |
>all this worked OK so far, but not with pam_mount. |
26 |
>OK? |
27 |
|
28 |
OK, but don't stop there. pam_mount really just ultimatively runs |
29 |
mount.crypt; and it tells you that it does by means of syslog |
30 |
(with enabled debug=1 of course). |
31 |
|
32 |
command: 'mount.crypt' '-ofsk.... |
33 |
|
34 |
And that is what you can run from shell, which eliminates |
35 |
pam_mount from the path and only leaves the usual suspects. |
36 |
|
37 |
Keep on it, marine! |
38 |
|
39 |
|
40 |
>Assuming that "I am too stupid": Where is the how-to-do-it? |
41 |
>So far the only thing I really understood "You are doing it wrong". |
42 |
>But where is the "Do it this way and you are safe" ? |
43 |
|
44 |
http://archives.gentoo.org/gentoo-user/msg_e80d6e5a662b7595a2a8a70a0fa166dd.xml |
45 |
was basically it: pmt-ehd and you're safe. Short of the current |
46 |
...missing feature though, mentioned in that same mail. |