You are not logged in.
I'm in the process of migrating from Ubuntu to Arch. I've set up my installation to mount my Ubuntu home directory to /home/<myuser>/UbuntuDocs/ at login. The Ubuntu home folder is encrypted, and I had set up the auto-mount according to the "New" Pam_Mount method described in the Wiki.
Up until a few days ago, this was working great. My understanding is that on login, PAM would read my user password, use it to "unwrap" the encryption keys stored on the Ubuntu home partition, insert them into the keyring, then mount the partition using the signatures provided in /etc/fstab. Now, it seems that Arch tries to mount the encrypted partition during boot, before I ever get to my login prompt. It interrupts the boot sequence to ask me how to mount the partition (e.g. passphrase, mount options, etc.). If I ignore this and login normally, I can't mount the directory until I manually use
ecryptfs-add-passphrase --fnek
to insert the appropriate key into the keyring. Then I can mount easily using the mount -i command.
I'm confused by a couple of things. First, why is Arch now trying to mount the partition before login, and why WASN'T it before? Second, even with the failed mount during boot, why isn't pam_mount still unwrapping my passphrase and adding to the keyring?
My /etc/fstab entry looks like this:
# Mount Ubuntu home dir
/dev/sdb6 /media/UbuntuHome ext4 defaults,user 0 1
#mount encrypted Ubuntu home
/media/UbuntuHome/.ecryptfs/ryan/.Private /home/ryan/UbuntuDocs ecryptfs rw,user,ecryptfs_sig=XXXXXXXXXX,ecryptfs_fnek_sig=XXXXXXXXXXX,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs 0 0
/etc/pam.d/gdm and /etc/pam.d/login are set up according to the Wiki.
Is it possible that the recent init scripts update broke something here? Thanks in advance for your help!
Last edited by rsking84 (2011-05-22 18:53:02)
Offline
Add noauto to mount options of eCryptfs mount.
For pam_mount bugs I can't offer you anything. There are far more simpler methods to auto-mount, and more reliable. See Advanced
You need to install an RTFM interface.
Offline
Hi anrxc,
Thanks for replying. I tried the "noauto" option. It keeps the mount from interrupting boot, but I still have to manually insert the encryption key and mount the directory after I login.
I'm a bit confused by your suggestion - the "Advanced" link points right to the pam_mount method that I have set up. There's also the link to your article that outlines how to do it with init scripts, but I already have the pam_mount (new method) set up and it WAS working just fine.
I'm not out to reinvent the wheel (yet), only to understand what broke it.
Offline
Yeah, and I didn't write that pam_mount section, can't vouch for it or help with pam_mount bugs. I was refering to the shell init (!= init).
Last edited by anrxc (2011-05-17 00:58:35)
You need to install an RTFM interface.
Offline
I managed to fix it, though still don't understand what broke in the first place.
Step 1: the file ~./ecryptfs/auto-mount had been deleted somehow. This must be present in order for pam_mount to unwrap the passphrase and add it to the keyring. Fixed by executing:
touch /.ecryptfs/auto-mount
Step 2: Once the passphrase is inserted, the directory can be mounted with the mount -i command since all the necessary options are already specified in /etc/fstab. I had to add the following to /etc/profile
mount -i /media/UbuntuHome/.ecryptfs/ryan/.Private
Previously the directory was mounting automatically after login; it seems like something altered how /etc/fstab is processed so that it tries to mount before login (and fails). Hence the need to explicitly add the mount command.
Last edited by rsking84 (2011-05-22 19:15:17)
Offline