You are not logged in.

Pages: 1

#1 2018-01-20 20:12:56

cscphy
Member
Registered: 2017-05-06
Posts: 36

dm-crypt automount at login not working after hw update: bug?

Hi,

I cloned my arch installation on a new hd, creating, as in the previous installation, a root partition /dev/sda1 and an dm-encrypted partition /dev/sda2.
The system boots regularly, but the automount at login described here does not work anymore.

Here is my /etc/pam.d/system-login

/etc/pam.d/system-login
---------------------------------
#%PAM-1.0

auth       required   pam_tally.so         onerr=succeed file=/var/log/faillog
auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth
auth       optional   pam_exec.so debug expose_authtok log=/tmp/pamlog.txt /usr/bin/pam_crypt_login.bash

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    include    system-auth
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
-session   optional   pam_systemd.so
session    required   pam_env.so

Previously I was not using neither the debug option, nor the log=/tmp/pamlog.txt option; I have inserted here now in the hope to get some diagnostics.

The script pam_crypt_login.bash is a convenience script:

/usr/bin/pam_crypt_login.bash
--------------------------------------
#!/bin/bash
if [ "$PAM_USER" == "user" ]
then
    cryptsetup open /dev/sda2 home-user                                                                                                                                  
fi

When I try to login from the text console, I get

/usr/bin/pam_crypt_login.bash failed: exit code 1

The log file /tmp/pamlog.txt does not contain anything useful (only the date/time). I presume that "exit code 1" refers to the exit code of cryptsetup, which would mean wrong password. However, I am able, as root, to run the same script /usr/bin/pam_crypt_login.bash, and entering the user password, I can open the device. Hence the password must be correct. Notice also that the error I am getting suggests that the user password  for login is correct. It is as if pam_exec is not exposing the password to cryptsetup...

Any idea what could have gone wrong? Where could I get some more information? The strange thing is that I just duplicated the root partition (cp -a) to the new hard disk, the partitions numbers are the same as before.

Last edited by cscphy (2018-01-21 09:35:23)

Offline

#2 2018-01-21 09:33:45

cscphy
Member
Registered: 2017-05-06
Posts: 36

Re: dm-crypt automount at login not working after hw update: bug?

I found a workaround, by modifying the script as follows:

/usr/bin/pam_crypt_login.bash
--------------------------------------
#!/bin/bash
if [ "$PAM_USER" == "user" ]
then
    read pwd
    echo "$pwd"|cryptsetup --allow-discards open /dev/sda2 home-user
fi

I cannot see any meaningful difference with the previous script, still this one works, the previous one does not.

Is it a bug of pam or of cryptsetup?

Offline

Pages: 1

Board footer

Powered by FluxBB