Re: ecryptfs doesn´t like noauto and noatime

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, Jan 30, 2012 at 4:58 AM, Martin Steigerwald <ms@xxxxxxxxx> wrote:
>
> Hi Jakob,
>
> Am Dienstag, 17. Januar 2012 schrieb Jakob Unterwurzacher:
> > On 17.01.2012 09:37, Martin Steigerwald wrote:
> > > Am Dienstag, 17. Januar 2012 schrieb Jakob Unterwurzacher:
> > >> On 16.01.2012 10:44, Martin Steigerwald wrote:
> > >>> Hi!
> > >>>
> > >>> I have
> > >>>
> > >>> merkaba:~> grep ecrypt /etc/fstab
> > >>> /home/.ms               /home/ms                ecryptfs
> > >>> noatime,noauto  0       0
> > >>>
> > >>> And get:
> > >>>
> > >>> merkaba:~> mount /home/ms
> > >
> > >>> Passphrase:
> > > […]
> > >
> > >>> Error mounting eCryptfs: [-5] Input/output error
> > >
> > > […]
> > >
> > >>> Still it works.
> > >>>
> > >>>
> > >>> In dmesg I see:
> > >>>
> > >>> [ 2657.888355] ecryptfs_parse_options: eCryptfs: unrecognized option
> > >>> [noauto]
> > >>> [ 2657.888359] ecryptfs_parse_options: eCryptfs: unrecognized option
> > >>> [noatime]
> > >>> [ 2657.913215] alg: No test for __gcm-aes-aesni
> > >>> (__driver-gcm-aes-aesni)
> > >>>
> > >>>
> > >>> Thus I removed at least noatime, but then I still see:
> > >>>
> > >>> [ 2839.460200] ecryptfs_parse_options: eCryptfs: unrecognized option
> > >>> [noauto]
> > >
> > > […]
> > >
> > >>> Without noatime it would ask me the passwort upon boot, but I do not
> > >>> like that since I do not use that user everytime.
> > >
> > > noauto that is.
> > >
> > >>> I could use mounting via pam, but I like to have a different password
> > >>> for the user stored in /etc/shadow than the password from the
> > >>> filesystem itself.
> > >>
> > >> Note that this should work by creating ~/.ecryptfs/wrapping-independent
> > >> . Pam will ask for the ecryptfs password explicitely then.
> > >
> > > Thanks.
> > >
> > > Would that also work within a display manager like kdm?
> > >
> > > Ciao,
> >
> > Yes! It will ask for two passwords on login.
>
> Hmmm, I think this won't work for me.
>
> This is used by ecryptfs-mount-private it seems, but I am not only encrypting
> /home/$USER/Private, but /home/$USER itself. Thus I'd like to mount ~ as is
> with a different passphrase than my PAM login password.
>
> I tried putting an empty ~/.ecryptfs/wrapping-independent, which has the sig-
> cache.txt for the /home/ms mount but this doesn't do the trick, I am not asked
> for a password and home directory remains empty. I could put
>
> Is it true that PAM ecryptfs stuff is only for a ~/Private directory?

Definitely not.  pam_ecryptfs.so is the method by which keys are
loaded into your keyring at login time, by unwrapping
~/.ecryptfs/wrapped-passphrase using your login passphrase.

It should work with either a randomly generated one, or one of your
choosing.  It doesn't really care what's inside of
~/.ecryptfs/wrapped-passphrase -- just that your login passphrase can
symmetrically decrypt it.

Now, getting a passphrase of your choosing into that file requires
running ecryptfs-setup-private by hand, rather than using wrappers,
like the Ubuntu installer or the adduser utility.

> Then that would be a reason for me to make a feature request ;).

-- 
:-Dustin

Dustin Kirkland
Chief Architect
Gazzang, Inc.
www.gazzang.com
--
To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

Powered by Linux