1 |
On 05/05/2010 10:23 PM, Stefan G. Weichinger wrote: |
2 |
> Am 05.05.2010 22:17, schrieb Stefan G. Weichinger: |
3 |
> |
4 |
>> Remember that I said: "I am not sure which HOWTO I followed" ? |
5 |
>> |
6 |
>> What if I didn't use aes-256-ecb? |
7 |
You don't need to supplay that information to cryptsetup, it can |
8 |
(should) autodetect it. To see that info for yourself run: |
9 |
$ cryptsetup luksDump /dev/mapper/VG01-crypthome |
10 |
|
11 |
> Yep. See pam_mount.conf.xml: |
12 |
> It's "aes-256-cbc" in my case. |
13 |
> |
14 |
> I was now able to luksOpen and I have the decrypted device mounted. |
15 |
Hooray :) |
16 |
|
17 |
|
18 |
> Nice. |
19 |
> |
20 |
> So: |
21 |
> |
22 |
> the user-pw didn't change and the keyfile is OK. |
23 |
> |
24 |
> So why is pam_mount unable to mount it? |
25 |
> |
26 |
> I will now pull another backup and check/add fallback keys ;-) |
27 |
There are interesting options in the cryptsetup-man page: |
28 |
luksHeaderBackup and luksHeaderRestore... I think I'll add that to my |
29 |
backup scripts :) |
30 |
|
31 |
|
32 |
Bye, |
33 |
Daniel |
34 |
|
35 |
|
36 |
-- |
37 |
PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get |
38 |
# gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887 |