| 1 |
On 05/05/2010 10:23 PM, Stefan G. Weichinger wrote: |
| 2 |
> Am 05.05.2010 22:17, schrieb Stefan G. Weichinger: |
| 3 |
> |
| 4 |
>> Remember that I said: "I am not sure which HOWTO I followed" ? |
| 5 |
>> |
| 6 |
>> What if I didn't use aes-256-ecb? |
| 7 |
You don't need to supplay that information to cryptsetup, it can |
| 8 |
(should) autodetect it. To see that info for yourself run: |
| 9 |
$ cryptsetup luksDump /dev/mapper/VG01-crypthome |
| 10 |
|
| 11 |
> Yep. See pam_mount.conf.xml: |
| 12 |
> It's "aes-256-cbc" in my case. |
| 13 |
> |
| 14 |
> I was now able to luksOpen and I have the decrypted device mounted. |
| 15 |
Hooray :) |
| 16 |
|
| 17 |
|
| 18 |
> Nice. |
| 19 |
> |
| 20 |
> So: |
| 21 |
> |
| 22 |
> the user-pw didn't change and the keyfile is OK. |
| 23 |
> |
| 24 |
> So why is pam_mount unable to mount it? |
| 25 |
> |
| 26 |
> I will now pull another backup and check/add fallback keys ;-) |
| 27 |
There are interesting options in the cryptsetup-man page: |
| 28 |
luksHeaderBackup and luksHeaderRestore... I think I'll add that to my |
| 29 |
backup scripts :) |
| 30 |
|
| 31 |
|
| 32 |
Bye, |
| 33 |
Daniel |
| 34 |
|
| 35 |
|
| 36 |
-- |
| 37 |
PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get |
| 38 |
# gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887 |
Archives