Encrypted home partition pam_mount error

glsk · 2014-08-05 10:29:07

I have dm-crypt encrypted LUKS home partition which is mounted by pam_mount on user login as described in Wiki. After util-linux upgrade today (2.24.2-1 -> 2.25-3) auto-mount stopped working with this message in journal:

kdm[310]: :0[310]: (mount.c:68): Messages from underlying mount program:
kdm[310]: :0[310]: (mount.c:72): mount: invalid option -- 'p'

I used to have warnings about mount options before the upgrade, but mounting was working:

kdm[352]: :0[352]: (mount.c:68): Messages from underlying mount program:
kdm[352]: :0[352]: (mount.c:72): mount: --pass-fd is no longer supported
kdm[352]: :0[352]: (mount.c:72): NOTE: mount.crypt does not support utab (systems with no mtab or read-only mtab) yet...

I believe that -p (--pass-fd) option was removed from mount utility but pam_mount still relies on it (see bug 109). I was able to solve the issue by downgrading to util-linux and libutil-linux 2.24.2-1.

Is there any other (preferred) way to mount encrypted home partition on user login using the same password?

cjj · 2014-08-05 16:30:24

A workaround that works for me is modifying the invocation of "mount" to leave out the "-p0" by adding the line:

<lclmount>mount -t %(FSTYPE) %(VOLUME) %(MNTPT) "%(ifnempty=\"-o\" OPTIONS)" %(OPTIONS)</lclmount>

to "pam_mount.conf.xml".

windy · 2014-08-05 19:22:16

Thanks for sharing the workaround, but you forgot an "-o":

<lclmount>mount -t %(FSTYPE) %(VOLUME) %(MNTPT) "%(ifnempty=\"-o\" OPTIONS)" -o %(OPTIONS)</lclmount>

Xyne · 2014-08-06 00:39:37

@cjj, windy
Thanks for the workaround.

glsk wrote:

Is there any other (preferred) way to mount encrypted home partition on user login using the same password?

I would like to know this too. I suspect/hope that there's a way to do it with systemd's automount magic but my online searches have proven futile.

cjj · 2014-08-06 03:52:27

windy wrote:

Thanks for sharing the workaround, but you forgot an "-o":
<lclmount>mount -t %(FSTYPE) %(VOLUME) %(MNTPT) "%(ifnempty=\"-o\" OPTIONS)" -o %(OPTIONS)</lclmount>

Thank you for the catch. The "-o" is needed only when %(OPTIONS) is not empty. But, as it seems that "ifnempty" is not working anymore, it might be preferable to changed it to something like:

<lclmount>mount -t%(FSTYPE) %(VOLUME) %(MNTPT) %(if %(OPTIONS),-o%(OPTIONS))</lclmount>

gnomen · 2014-08-06 05:06:32

Works. Thank you so much for this solution! Brilliant archlinux forum!

glsk · 2014-08-06 14:13:11

Thanks a lot to everybody involved!

cjj wrote:

Thank you for the catch. The "-o" is needed only when %(OPTIONS) is not empty. But, as it seems that "ifnempty" is not working anymore, it might be preferable to changed it to something like:
<lclmount>mount -t%(FSTYPE) %(VOLUME) %(MNTPT) %(if %(OPTIONS),-o%(OPTIONS))</lclmount>

This worked after I enclosed the condition in quotes (I guess this is needed because of the space):

<lclmount>mount -t%(FSTYPE) %(VOLUME) %(MNTPT) "%(if %(OPTIONS),-o%(OPTIONS))"</lclmount>

Unless there are any objections, I will try to update the Wiki page by adding the above line to pam_mount.conf.xml snippet.

Unia · 2014-08-06 20:33:36

Please do update the Wiki page. I've spent the last two days looking through man pages, configuration files and google results to find out the cause. I hadn't thought of an update, since I had to reinstall. Thank you all for the solution!

Shiba · 2014-08-07 01:14:31

I reported the bug here
https://bugs.archlinux.org/task/41496

mosquitogang201 · 2014-09-27 18:09:06

The workaround in post #7 and the wiki no longer seems to be working for me since I updated my system on Tuesday. I saw that util-linux got another bump to 2.25.1-1. Anyone know what's going on?

If fact I just downgraded util-linux and libutil-linux back to 2.24.2-1 and reverted back to the pam_mount.conf.xml file that had worked for me for a couple years but automount still isn't working when I login. I have to manually mount my home drive from a root terminal before I can log into KDE.

Last edited by mosquitogang201 (2014-09-27 18:33:55)

glsk · 2014-09-28 09:02:15

mosquitogang201, automount works fine for me with util-linux 2.25.1-1. Do you see any mount errors in journalctl? Do you have pam_mount.so references in /etc/pam.d/system-auth? I use lightdm and I guess it uses this config file in /etc/pam.d/system-login which is in turn included in /etc/pam.d/lightdm. Should be the same for KDM I believe.

mosquitogang201 · 2014-09-28 12:48:02

Journalctl gives me the following errors that look relevant:

Sep 28 08:23:29 arch-linux systemd[393]: (pam_mount.c:173): conv->conv(...): Conversation error
Sep 28 08:23:29 arch-linux systemd[393]: (pam_mount.c:477): warning: could not obtain password interactively either
Sep 28 08:23:29 arch-linux systemd[393]: (pam_mount.c:522): mount of /dev/sda7 failed

So I'm thinking this is a different problem than the original one but still just as clueless on how to fix it! I backed up my old config files and reinstalled everything related to pam, following the pam_mount wiki exactly to set everything up again but it still doesn't work. I also verified that system-auth is included in system-login which is included in the kdm file.

glsk · 2014-09-28 13:11:46

In fact I have the same systemd errors. My understanding is that mounting happens right before that, in display manager:

lightdm[287]: (mount.c:68): Messages from underlying mount program:
lightdm[287]: (mount.c:72): NOTE: mount.crypt does not support utab [...]

And then systemd attempts to do something similar and fails.

mosquitogang201 · 2014-09-30 01:55:18

So I created a new directory /mnt/homedir and edited the pam_mount.conf.xml to load my home partition to that. Login at the terminal and it unlocks the partition automatically perfectly fine! (Of course I got the error message of using / as home since my home folder wasn't at the right place.) But when I tell pam_mount to mount the partition to /home it refuses to do so!

Glsk, you're right about those error messages I mentioned in post #12 not meaning anything. When I had it mount to the different folder I still got the messages but it worked. I enabled debugging on pam_mount but don't get any other error messages. Then I thought, maybe there's some files hidden in the home folder on the root drive that were keeping it from mounting but that's not the case. Permissions were correct. I still deleted and re-created the home folder just for good measure. But I still can't get it to automount there.

EDIT: This problem is introduced in the latest systemd update. I downgraded from 216-3 back to 215-4 and everything is right again. Not sure what changed but it looks like I'll have to hold systemd back from updates for a while.

Last edited by mosquitogang201 (2014-09-30 02:18:10)

Corubba · 2015-03-04 02:09:29

Version 2.15 of pam_mount was released by the end of last year [1], where they fixed the problem with the deprecated -p option for mount. [2] Currently in the community repo is v2.14, so I marked the package out of date. When v2.15 hits the community repo, the <lclmount> line is no longer needed and should be removed from the wiki too.

[1] http://sourceforge.net/projects/pam-mou … ount/2.15/
[2] http://sourceforge.net/p/pam-mount/pam- … f7b0231eb/

Edit: pam_mount 2.15-1 is available in the community repo now.

Last edited by Corubba (2015-03-05 00:37:40)

Arch Linux

#1 2014-08-05 10:29:07

Encrypted home partition pam_mount error

#2 2014-08-05 16:30:24

Re: Encrypted home partition pam_mount error

#3 2014-08-05 19:22:16

Re: Encrypted home partition pam_mount error

#4 2014-08-06 00:39:37

Re: Encrypted home partition pam_mount error

#5 2014-08-06 03:52:27

Re: Encrypted home partition pam_mount error

#6 2014-08-06 05:06:32

Re: Encrypted home partition pam_mount error

#7 2014-08-06 14:13:11

Re: Encrypted home partition pam_mount error

#8 2014-08-06 20:33:36

Re: Encrypted home partition pam_mount error

#9 2014-08-07 01:14:31

Re: Encrypted home partition pam_mount error

#10 2014-09-27 18:09:06

Re: Encrypted home partition pam_mount error

#11 2014-09-28 09:02:15

Re: Encrypted home partition pam_mount error

#12 2014-09-28 12:48:02

Re: Encrypted home partition pam_mount error

#13 2014-09-28 13:11:46

Re: Encrypted home partition pam_mount error

#14 2014-09-30 01:55:18

Re: Encrypted home partition pam_mount error

#15 2015-03-04 02:09:29

Re: Encrypted home partition pam_mount error

Board footer