You are not logged in.
Hi,
I cloned my arch installation on a new hd, creating, as in the previous installation, a root partition /dev/sda1 and an dm-encrypted partition /dev/sda2.
The system boots regularly, but the automount at login described here does not work anymore.
Here is my /etc/pam.d/system-login
/etc/pam.d/system-login
---------------------------------
#%PAM-1.0
auth required pam_tally.so onerr=succeed file=/var/log/faillog
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
auth optional pam_exec.so debug expose_authtok log=/tmp/pamlog.txt /usr/bin/pam_crypt_login.bash
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_systemd.so
session required pam_env.so
Previously I was not using neither the debug option, nor the log=/tmp/pamlog.txt option; I have inserted here now in the hope to get some diagnostics.
The script pam_crypt_login.bash is a convenience script:
/usr/bin/pam_crypt_login.bash
--------------------------------------
#!/bin/bash
if [ "$PAM_USER" == "user" ]
then
cryptsetup open /dev/sda2 home-user
fi
When I try to login from the text console, I get
/usr/bin/pam_crypt_login.bash failed: exit code 1
The log file /tmp/pamlog.txt does not contain anything useful (only the date/time). I presume that "exit code 1" refers to the exit code of cryptsetup, which would mean wrong password. However, I am able, as root, to run the same script /usr/bin/pam_crypt_login.bash, and entering the user password, I can open the device. Hence the password must be correct. Notice also that the error I am getting suggests that the user password for login is correct. It is as if pam_exec is not exposing the password to cryptsetup...
Any idea what could have gone wrong? Where could I get some more information? The strange thing is that I just duplicated the root partition (cp -a) to the new hard disk, the partitions numbers are the same as before.
Last edited by cscphy (2018-01-21 09:35:23)
Offline
I found a workaround, by modifying the script as follows:
/usr/bin/pam_crypt_login.bash
--------------------------------------
#!/bin/bash
if [ "$PAM_USER" == "user" ]
then
read pwd
echo "$pwd"|cryptsetup --allow-discards open /dev/sda2 home-user
fi
I cannot see any meaningful difference with the previous script, still this one works, the previous one does not.
Is it a bug of pam or of cryptsetup?
Offline