gdm 3.2 (gnome 3.2) update brakes ecryptfs homefolders, gdm is not able to mount them correctly at login.
The problem seems to be some new structures in /etc/pam.d/, there are now several files for gdm like gdm, gdm-password, gdm-fingerprint, etc.
Before 3.2 this was my /etc/pam.d/gdm:
#%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so auth required pam_unix.so auth optional pam_ecryptfs.so unwrap auth optional pam_gnome_keyring.so account required pam_unix.so session required pam_limits.so session required pam_unix.so session optional pam_ecryptfs.so unwrap session optional pam_gnome_keyring.so auto_start password required pam_unix.so password optional pam_ecryptfs.so
I tried to copy the important lines for ecryptfs to gdm-password, but that did not help.
Does anyone know how to solve this?
Edit: I hope this is the correct forum .. but other ecryptfs threads are also here.
Last edited by Evilandi666 (2011-10-02 14:57:55)
gdm-password is the right file. did you restarted gdm after adding those lines right?
Give what you have. To someone, it may be better than you dare to think.
Yes I did even reboot my machine.
Here is my /etc/pam.d/gdm-password:
#%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so auth requisite pam_unix.so nullok auth optional pam_ecryptfs.so unwrap auth optional pam_gnome_keyring.so auth sufficient pam_succeed_if.so uid >= 1000 quiet auth required pam_deny.so account required pam_unix.so password required pam_unix.so password optional pam_ecryptfs.so session required pam_loginuid.so -session optional pam_systemd.so session optional pam_keyinit.so revoke session required pam_limits.so session required pam_unix.so session optional pam_ecryptfs.so unwrap session optional pam_gnome_keyring.so auto_start
Maybe there is something wrong with it? (some people reported the same problem to me, some of them also tried gdm-password, but no one figured it out correctly yet.)
Try adding the force option to pam_keyinit.so:
session optional pam_keyinit.so force revoke
(I haven't the faintest idea why, but it fixes stuff. I think the option was present upstream as well...)
Last edited by grawity (2011-10-02 16:04:10)
Thx, that fixed it !