| 1 |
Am 04.05.2010 19:38, schrieb Stefan G. Weichinger: |
| 2 |
|
| 3 |
> I don't yet have the whole picture ... |
| 4 |
|
| 5 |
I did some "emerge -avuDN world", quite some packages updated even |
| 6 |
though I am doing "emerge -avu world" nearly every day ... |
| 7 |
|
| 8 |
After a reboot and setting debug to 1 for pam_mount it says: |
| 9 |
|
| 10 |
May 4 21:25:38 enzo slim: pam_mount(pam_mount.c:364): pam_mount 2.0: |
| 11 |
entering auth stage |
| 12 |
May 4 21:25:38 enzo slim: gkr-pam: invalid option: use_first_pass |
| 13 |
May 4 21:25:38 enzo slim: pam_unix(slim:session): session opened for |
| 14 |
user sgw by (uid=0) |
| 15 |
May 4 21:25:38 enzo slim: pam_mount(pam_mount.c:552): pam_mount 2.0: |
| 16 |
entering session stage |
| 17 |
May 4 21:25:38 enzo slim: pam_mount(misc.c:38): Session open: (uid=0, |
| 18 |
euid=0, gid=0, egid=0) |
| 19 |
May 4 21:25:38 enzo slim: pam_mount(mount.c:196): Mount info: |
| 20 |
globalconf, user=sgw <volume fstype="crypt" server="(null)" |
| 21 |
path="/dev/mapper/VG01-crypthome" mountpoint="/home/sgw" |
| 22 |
cipher="aes-cbc-plain" fskeypath="/etc/security/verysekrit.key" |
| 23 |
fskeycipher="aes-256-cbc" fskeyhash="md5" |
| 24 |
options="data=journal,commit=15" /> fstab=0 |
| 25 |
May 4 21:25:38 enzo slim: command: 'mount.crypt' |
| 26 |
'-ocipher=aes-cbc-plain' '-ofsk_cipher=aes-256-cbc' '-ofsk_hash=md5' |
| 27 |
'-okeyfile=/etc/security/verysekrit.key' '-odata=journal,commit=15' |
| 28 |
'/dev/mapper/VG01-crypthome' '/home/sgw' |
| 29 |
May 4 21:25:38 enzo slim: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, |
| 30 |
euid=0, gid=0, egid=0) |
| 31 |
May 4 21:25:38 enzo slim: pam_mount(misc.c:38): set_myuid<post>: |
| 32 |
(uid=0, euid=0, gid=0, egid=0) |
| 33 |
May 4 21:25:40 enzo slim: pam_mount(mount.c:64): Errors from underlying |
| 34 |
mount program: |
| 35 |
May 4 21:25:40 enzo slim: pam_mount(mount.c:68): |
| 36 |
crypt_activate_by_passphrase: Operation not permitted |
| 37 |
May 4 21:25:40 enzo slim: pam_mount(pam_mount.c:520): mount of |
| 38 |
/dev/mapper/VG01-crypthome failed |
| 39 |
May 4 21:25:40 enzo slim: command: 'pmvarrun' '-u' 'sgw' '-o' '1' |
| 40 |
May 4 21:25:40 enzo slim: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, |
| 41 |
euid=0, gid=0, egid=0) |
| 42 |
May 4 21:25:40 enzo slim: pam_mount(misc.c:38): set_myuid<post>: |
| 43 |
(uid=0, euid=0, gid=0, egid=0) |
| 44 |
May 4 21:25:40 enzo slim: pam_mount(pam_mount.c:440): pmvarrun says |
| 45 |
login count is 1 |
| 46 |
May 4 21:25:40 enzo slim: pam_mount(pam_mount.c:642): done opening |
| 47 |
session (ret=0) |
| 48 |
May 4 21:25:40 enzo slim: pam_mount(pam_mount.c:115): Clean global |
| 49 |
config (0) |
| 50 |
May 4 21:25:40 enzo slim: pam_mount(pam_mount.c:132): clean system |
| 51 |
authtok=0x80e6870 (0) |
| 52 |
May 4 21:25:40 enzo seahorse-daemon[1426]: DNS-SD initialization |
| 53 |
failed: Daemon not running |
| 54 |
May 4 21:25:40 enzo seahorse-daemon[1426]: unsupported key server uri |
| 55 |
scheme: ldap |
| 56 |
May 4 21:25:40 enzo seahorse-daemon[1426]: init gpgme version 1.3.0 |
| 57 |
May 4 21:25:41 enzo pulseaudio[1475]: module-alsa-card.c: Failed to |
| 58 |
find a working profile. |
| 59 |
May 4 21:25:41 enzo pulseaudio[1475]: module.c: Failed to load module |
| 60 |
"module-alsa-card" (argument: "device_id="5" |
| 61 |
name="platform-thinkpad_acpi" |
| 62 |
card_name="alsa_card.platform-thinkpad_acpi" tsched=yes ignore_dB=no |
| 63 |
card_properties="module-udev-detect.discovered=1""): initialization failed. |
| 64 |
May 4 21:25:41 enzo polkitd(authority=local): Registered Authentication |
| 65 |
Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name |
| 66 |
:1.49 [/usr/libexec/polkit-gnome-authentication-agent-1], object path |
| 67 |
/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) |
| 68 |
|
| 69 |
|
| 70 |
----- (maybe I pasted too much, this was everything from typing my |
| 71 |
username to the Gnome-session opened, but with the "wrong" /home for |
| 72 |
user sgw) |
| 73 |
|
| 74 |
Some bits of additional info: |
| 75 |
|
| 76 |
# cat /etc/pam.d/system-auth |
| 77 |
auth required pam_env.so |
| 78 |
auth required pam_unix.so try_first_pass likeauth nullok |
| 79 |
auth optional pam_mount.so |
| 80 |
auth optional pam_gnome_keyring.so |
| 81 |
|
| 82 |
account required pam_unix.so |
| 83 |
|
| 84 |
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 |
| 85 |
retry=3 |
| 86 |
password optional pam_gnome_keyring.so |
| 87 |
password required pam_unix.so try_first_pass use_authtok nullok sha512 |
| 88 |
shadow |
| 89 |
session required pam_limits.so |
| 90 |
session optional pam_gnome_keyring.so auto_start |
| 91 |
session required pam_env.so |
| 92 |
session required pam_unix.so |
| 93 |
session optional pam_permit.so |
| 94 |
session optional pam_mount.so |
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
# cat /etc/security/pam_mount.conf.xml |
| 99 |
<?xml version="1.0" encoding="utf-8" ?> |
| 100 |
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> |
| 101 |
<!-- |
| 102 |
See pam_mount.conf(5) for a description. |
| 103 |
--> |
| 104 |
|
| 105 |
<pam_mount> |
| 106 |
|
| 107 |
<!-- debug should come before everything else, |
| 108 |
since this file is still processed in a single pass |
| 109 |
from top-to-bottom --> |
| 110 |
|
| 111 |
<debug enable="0" /> |
| 112 |
|
| 113 |
|
| 114 |
<!-- Volume definitions --> |
| 115 |
|
| 116 |
<!-- |
| 117 |
|
| 118 |
<volume user="username" |
| 119 |
path="/dev/mmcblk0p1" |
| 120 |
mountpoint="/mnt/mmc" |
| 121 |
fstype="auto" /> |
| 122 |
|
| 123 |
--> |
| 124 |
|
| 125 |
<volume user="sgw" |
| 126 |
path="/dev/mapper/VG01-crypthome" |
| 127 |
mountpoint="/home/sgw" |
| 128 |
fstype="crypt" |
| 129 |
options="data=journal,commit=15" |
| 130 |
cipher="aes-cbc-plain" |
| 131 |
fskeypath="/etc/security/verysekrit.key" |
| 132 |
fskeycipher="aes-256-cbc" |
| 133 |
fskeyhash="md5" /> |
| 134 |
|
| 135 |
<!-- pam_mount parameters: General tunables --> |
| 136 |
|
| 137 |
<debug enable="1" /> |
| 138 |
<!-- |
| 139 |
<luserconf name=".pam_mount.conf.xml" /> |
| 140 |
--> |
| 141 |
|
| 142 |
<!-- Note that commenting out mntoptions will give you the defaults. |
| 143 |
You will need to explicitly initialize it with the empty string |
| 144 |
to reset the defaults to nothing. --> |
| 145 |
<mntoptions |
| 146 |
allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /> |
| 147 |
<!-- |
| 148 |
<mntoptions deny="suid,dev" /> |
| 149 |
<mntoptions allow="*" /> |
| 150 |
<mntoptions deny="*" /> |
| 151 |
--> |
| 152 |
<mntoptions require="nosuid,nodev" /> |
| 153 |
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path> |
| 154 |
|
| 155 |
<logout wait="0" hup="0" term="0" kill="0" /> |
| 156 |
|
| 157 |
|
| 158 |
<!-- pam_mount parameters: Volume-related --> |
| 159 |
|
| 160 |
<mkmountpoint enable="1" remove="true" /> |
| 161 |
|
| 162 |
|
| 163 |
</pam_mount> |
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
--- I didn't change both files except for the debug-parameter ... |
| 168 |
|
| 169 |
|
| 170 |
[root@enzo]:~ # eix pam_mount |
| 171 |
[I] sys-auth/pam_mount |
| 172 |
Available versions: (~)1.20 (~)1.21 (~)1.22 (~)1.24 (~)1.25 |
| 173 |
(~)1.25-r1 (~)1.26 (~)1.31 (~)1.32 (~)1.33 (~)2.0 {crypt} |
| 174 |
Installed versions: 2.0(12:45:53 04.05.2010)(crypt) |
| 175 |
Homepage: http://pam-mount.sourceforge.net |
| 176 |
Description: A PAM module that can mount volumes for a user |
| 177 |
session |
| 178 |
|
| 179 |
[root@enzo]:~ # eix cryptset |
| 180 |
[I] sys-fs/cryptsetup |
| 181 |
Available versions: 0.1-r3 1.0.5-r1 1.0.6-r2 (~)1.0.7 (~)1.0.7-r1 |
| 182 |
(~)1.1.0 (~)1.1.1_rc1{tbz2} {dynamic nls selinux} |
| 183 |
Installed versions: 1.1.1_rc1{tbz2}(13:04:41 04.05.2010)(nls |
| 184 |
-dynamic -selinux) |
| 185 |
Homepage: http://code.google.com/p/cryptsetup/ |
| 186 |
Description: Tool to setup encrypted devices with dm-crypt |
| 187 |
|
| 188 |
|
| 189 |
Thanks for any hints, Stefan |
Archives