DM-Crypt and SDDM

lokesh987 · 2015-12-17 15:24:23

Hello,

I am in the process to learn the usage of dm-crypt. After 2 days I can encrypt, open, mount, and back, a partition (the corresponding Wiki was a nightmare due to me, I did not understand much). However, now that hurdle has been taken.

But how do I configure SDDM to decrypt a partion at login? My next step is de-crypting, i.e. opening, the secured partition at login. The Wiki provides examples for GDM an SLiM.

I did not find any hints any wherre in the internet or here in the forums. The problem is a) there are 3 files, which b) are different to the examples in the Wiki.

ls /etc/pam.d/sddm* 
/etc/pam.d/sddm  /etc/pam.d/sddm-autologin  /etc/pam.d/sddm-greeter

I entered the 3 lines into sddm-greeter, as this seemed to me come closets to the examples from GDM and SLiM. However, when I did that login resultet in an almost black screen (conky was visible).

/etc/pam.d/system-auth has been changed (does not do anything), and I am using plasma as DE.

Any advice from the experts?

cat /etc/pam.d/system-auth 
#%PAM-1.0

auth      required  pam_unix.so     try_first_pass nullok
auth      optional  pam_permit.so
auth      required  pam_env.so
#auth      optional  pam_mount.so

account   required  pam_unix.so
account   optional  pam_permit.so
account   required  pam_time.so

#password  optional  pam_mount.so
password  required  pam_unix.so     try_first_pass nullok sha512 shadow
password  optional  pam_permit.so

#session   optional  pam_mount.so
session   required  pam_limits.so
session   required  pam_unix.so
session   optional  pam_permit.so

cat /etc/pam.d/sddm

#%PAM-1.0
auth		include		system-login
account		include		system-login
password	include		system-login
session		include		system-login

cat /etc/pam.d/sddm-greeter 
#%PAM-1.0
# Load environment from /etc/environment and ~/.pam_environment
auth		required pam_env.so

# Always let the greeter start without authentication
auth		required pam_permit.so

# No action required for account management
account		required pam_permit.so

# Can't change password
password	required pam_deny.so

# Setup session
session		required pam_unix.so
session		optional pam_systemd.so

cat /etc/pam.d/sddm-autologin 
#%PAM-1.0
auth        required    pam_env.so
auth        required    pam_tally.so file=/var/log/faillog onerr=succeed
auth        required    pam_shells.so
auth        required    pam_nologin.so
auth        required    pam_permit.so
-auth       optional    pam_gnome_keyring.so
account     include     system-local-login
password    include     system-local-login
session     include     system-local-login
-session    optional    pam_gnome_keyring.so auto_start

Cheers
Lokesh

lokesh987 · 2015-12-17 19:42:54

Nobody?

SDDM is the recommended login manager for plasma, and encryption is a must for laptops (or at least it should be). This might be important also for others, no?

Cheers
Lokesh

jasonwryan · 2015-12-17 19:50:21

lokesh987 wrote:

encryption is a must for laptops (or at least it should be).

Yes. Most people use FDE, though.

lokesh987 · 2015-12-18 12:39:35

jasonwryan wrote:

Yes. Most people use FDE, though.

Quite funny to use cryptic reply . Took me only 5 minutes to find out that FDE stands for Full Disk Encryption. That's the next step, though, I am in the process to learn and understand the procedures and I do not want to be locked out from my entire system if something goes wrong, as e.g. which is the reason for this thread. I still had access to the terminal and could correct wrong entries.

I tested the codes into /etc/pam.d/SDDM and /etc/pam.d/SDDM-greeter, the first having no effect at all, the later prevented Xorg from start (or resulted in crashing it).

Anyone else knows what to do?

Cheers
Lokesh

Arch Linux

#1 2015-12-17 15:24:23

DM-Crypt and SDDM

#2 2015-12-17 19:42:54

Re: DM-Crypt and SDDM

#3 2015-12-17 19:50:21

Re: DM-Crypt and SDDM

#4 2015-12-18 12:39:35

Re: DM-Crypt and SDDM

Board footer