You are not logged in.
- Topics: Active | Unanswered
#1 2025-07-07 21:05:13
- Shino
- Member
- From: Germany
- Registered: 2015-02-01
- Posts: 80
[SOLVED] Make login possible with failing PAM automount of luks crypto
Hi,
I setup my old PC a few years back with this guide:
https://wiki.archlinux.org/title/Dm-cry … g_at_login
Now I removed the crypted drive and put it into my new hardware. I tried logging into my old system, but the user login fails, because the PAM auto-decrypt script fails due to the missing drive.
Is there a possibility to make a missing / broken drive not kill the complete user login?
Do I have to adapt the decrypt script to catch the failing cryptsetup call, or is there a more elegant solution to tell PAM, that the script is not required to succeed?
I always thought that
auth optional pam_exec.so expose_authtok /etc/pam_cryptsetup.shwould do that because of the "optional" but that doesn't seem to be the case.
Thank you very much.
Last edited by Shino (2025-07-10 21:39:46)
Offline
#2 2025-07-07 22:58:08
- seth
- Member
- Registered: 2012-09-03
- Posts: 66,197
Re: [SOLVED] Make login possible with failing PAM automount of luks crypto
optional is optional (unless it's the only auth module) and the script in https://wiki.archlinux.org/title/Dm-cry … g_at_login will not fail if "/dev/mapper/$NAME" doesn't exist, but the big, fat DEs will fail to start if you don't have a $HOME directory.
What are the exact symptoms leading to your conclusion? Log? (the system journal logs pam)
Offline
#3 2025-07-08 19:55:15
- Shino
- Member
- From: Germany
- Registered: 2015-02-01
- Posts: 80
Re: [SOLVED] Make login possible with failing PAM automount of luks crypto
What are the exact symptoms leading to your conclusion? Log? (the system journal logs pam)
I did some further investigation. I thought the failing /etc/pam_cryptsetup.sh was the culprit, since GDM shows the error message "/etc/pam_cryptsetup.sh failed with exit code 4".
However, the problem indeed isnt't the cryptsetup script, but the systemd mount that is tied to the user service https://wiki.archlinux.org/title/Dm-cry … omatically
This obviously fails and prevents the login.
I temporarily removed the it by "systemctl disable my-crypto-mount.mount" and the login is working again.
is there a possibility, to make that auto-mount fail-safe? (The drive is not my home directory. So the user is fine without it).
Thanks.
Last edited by Shino (2025-07-08 19:58:06)
Offline
#4 2025-07-08 21:02:19
- seth
- Member
- Registered: 2012-09-03
- Posts: 66,197
Re: [SOLVED] Make login possible with failing PAM automount of luks crypto
is there a possibility, to make that auto-mount fail-safe? (The drive is not my home directory. So the user is fine without it).
How is the partition currently being mounted? fstab?
https://wiki.archlinux.org/title/Fstab# … th_systemd will attempt to mount the drive on first access
Offline
#5 2025-07-09 07:39:46
- dimich
- Member
- From: Kharkiv, Ukraine
- Registered: 2009-11-03
- Posts: 380
Re: [SOLVED] Make login possible with failing PAM automount of luks crypto
Guess: try change
[Install]
RequiredBy=user@1000.serviceto
[Install]
WantedBy=user@1000.serviceOffline
#6 2025-07-10 21:39:22
- Shino
- Member
- From: Germany
- Registered: 2015-02-01
- Posts: 80
Re: [SOLVED] Make login possible with failing PAM automount of luks crypto
@dimich: Thanks. That's the solution!
Offline