Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure.

Tue, 04 May 2010 14:26:15 -0700 

On 05/04/2010 09:28 PM, Stefan G. Weichinger wrote:
> Am 04.05.2010 19:38, schrieb Stefan G. Weichinger:
> 
>> I don't yet have the whole picture ...
> 
> I did some "emerge -avuDN world", quite some packages updated even
> though I am doing "emerge -avu world" nearly every day ...
> 
> After a reboot and setting debug to 1 for pam_mount it says:
> 
> May  4 21:25:38 enzo slim: pam_mount(pam_mount.c:364): pam_mount 2.0:
> entering auth stage
> May  4 21:25:38 enzo slim: gkr-pam: invalid option: use_first_pass
> May  4 21:25:38 enzo slim: pam_unix(slim:session): session opened for
> user sgw by (uid=0)
> May  4 21:25:38 enzo slim: pam_mount(pam_mount.c:552): pam_mount 2.0:
> entering session stage
> May  4 21:25:38 enzo slim: pam_mount(misc.c:38): Session open: (uid=0,
> euid=0, gid=0, egid=0)
> May  4 21:25:38 enzo slim: pam_mount(mount.c:196): Mount info:
> globalconf, user=sgw <volume fstype="crypt" server="(null)"
> path="/dev/mapper/VG01-crypthome" mountpoint="/home/sgw"
> cipher="aes-cbc-plain" fskeypath="/etc/security/verysekrit.key"
> fskeycipher="aes-256-cbc" fskeyhash="md5"
> options="data=journal,commit=15" /> fstab=0
> May  4 21:25:38 enzo slim: command: 'mount.crypt'
> '-ocipher=aes-cbc-plain' '-ofsk_cipher=aes-256-cbc' '-ofsk_hash=md5'
> '-okeyfile=/etc/security/verysekrit.key' '-odata=journal,commit=15'
> '/dev/mapper/VG01-crypthome' '/home/sgw'
> May  4 21:25:38 enzo slim: pam_mount(misc.c:38): set_myuid<pre>: (uid=0,
> euid=0, gid=0, egid=0)
> May  4 21:25:38 enzo slim: pam_mount(misc.c:38): set_myuid<post>:
> (uid=0, euid=0, gid=0, egid=0)
> May  4 21:25:40 enzo slim: pam_mount(mount.c:64): Errors from underlying
> mount program:
> May  4 21:25:40 enzo slim: pam_mount(mount.c:68):
> crypt_activate_by_passphrase: Operation not permitted
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:520): mount of
> /dev/mapper/VG01-crypthome failed
> May  4 21:25:40 enzo slim: command: 'pmvarrun' '-u' 'sgw' '-o' '1'
> May  4 21:25:40 enzo slim: pam_mount(misc.c:38): set_myuid<pre>: (uid=0,
> euid=0, gid=0, egid=0)
> May  4 21:25:40 enzo slim: pam_mount(misc.c:38): set_myuid<post>:
> (uid=0, euid=0, gid=0, egid=0)
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:440): pmvarrun says
> login count is 1
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:642): done opening
> session (ret=0)
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:115): Clean global
> config (0)
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:132): clean system
> authtok=0x80e6870 (0)
> May  4 21:25:40 enzo seahorse-daemon[1426]: DNS-SD initialization
> failed: Daemon not running
> May  4 21:25:40 enzo seahorse-daemon[1426]: unsupported key server uri
> scheme: ldap
> May  4 21:25:40 enzo seahorse-daemon[1426]: init gpgme version 1.3.0
> May  4 21:25:41 enzo pulseaudio[1475]: module-alsa-card.c: Failed to
> find a working profile.
> May  4 21:25:41 enzo pulseaudio[1475]: module.c: Failed to load  module
> "module-alsa-card" (argument: "device_id="5"
> name="platform-thinkpad_acpi"
> card_name="alsa_card.platform-thinkpad_acpi" tsched=yes ignore_dB=no
> card_properties="module-udev-detect.discovered=1""): initialization failed.
> May  4 21:25:41 enzo polkitd(authority=local): Registered Authentication
> Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name
> :1.49 [/usr/libexec/polkit-gnome-authentication-agent-1], object path
> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
> 
> 
> ----- (maybe I pasted too much, this was everything from typing my
> username to the Gnome-session opened, but with the "wrong" /home for
> user sgw)
> 
> Some bits of additional info:
> 
> # cat /etc/pam.d/system-auth
> auth          required        pam_env.so
> auth          required        pam_unix.so try_first_pass likeauth nullok
> auth optional pam_mount.so
> auth optional pam_gnome_keyring.so
> 
> account               required        pam_unix.so
> 
> password      required        pam_cracklib.so difok=2 minlen=8 dcredit=2 
> ocredit=2
> retry=3
> password optional pam_gnome_keyring.so
> password      required        pam_unix.so try_first_pass use_authtok nullok 
> sha512
> shadow
> session               required        pam_limits.so
> session optional pam_gnome_keyring.so auto_start
> session               required        pam_env.so
> session               required        pam_unix.so
> session               optional        pam_permit.so
> session optional pam_mount.so
> 
> 
> 
> # cat /etc/security/pam_mount.conf.xml
> <?xml version="1.0" encoding="utf-8" ?>
> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
> <!--
>       See pam_mount.conf(5) for a description.
> -->
> 
> <pam_mount>
> 
>                <!-- debug should come before everything else,
>                since this file is still processed in a single pass
>                from top-to-bottom -->
> 
>  <debug enable="0" />
> 
> 
>               <!-- Volume definitions -->
> 
> <!--
> 
> <volume user="username"
> path="/dev/mmcblk0p1"
> mountpoint="/mnt/mmc"
> fstype="auto" />
> 
> -->
> 
> <volume user="sgw"
> path="/dev/mapper/VG01-crypthome"
> mountpoint="/home/sgw"
> fstype="crypt"
> options="data=journal,commit=15"
> cipher="aes-cbc-plain"
> fskeypath="/etc/security/verysekrit.key"
> fskeycipher="aes-256-cbc"
> fskeyhash="md5" />
> 
>               <!-- pam_mount parameters: General tunables -->
> 
> <debug enable="1" />
> <!--
> <luserconf name=".pam_mount.conf.xml" />
> -->
> 
> <!-- Note that commenting out mntoptions will give you the defaults.
>      You will need to explicitly initialize it with the empty string
>      to reset the defaults to nothing. -->
> <mntoptions
> allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
> <!--
> <mntoptions deny="suid,dev" />
> <mntoptions allow="*" />
> <mntoptions deny="*" />
> -->
> <mntoptions require="nosuid,nodev" />
> <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
> 
> <logout wait="0" hup="0" term="0" kill="0" />
> 
> 
>               <!-- pam_mount parameters: Volume-related -->
> 
> <mkmountpoint enable="1" remove="true" />
> 
> 
> </pam_mount>
> 
> 
> 
> --- I didn't change both files except for the debug-parameter ...
> 
> 
> [r...@enzo]:~ # eix pam_mount
> [I] sys-auth/pam_mount
>      Available versions:  (~)1.20 (~)1.21 (~)1.22 (~)1.24 (~)1.25
> (~)1.25-r1 (~)1.26 (~)1.31 (~)1.32 (~)1.33 (~)2.0 {crypt}
>      Installed versions:  2.0(12:45:53 04.05.2010)(crypt)
>      Homepage:            http://pam-mount.sourceforge.net
>      Description:         A PAM module that can mount volumes for a user
> session
> 
> [r...@enzo]:~ # eix cryptset
> [I] sys-fs/cryptsetup
>      Available versions:  0.1-r3 1.0.5-r1 1.0.6-r2 (~)1.0.7 (~)1.0.7-r1
> (~)1.1.0 (~)1.1.1_rc1{tbz2} {dynamic nls selinux}
>      Installed versions:  1.1.1_rc1{tbz2}(13:04:41 04.05.2010)(nls
> -dynamic -selinux)
>      Homepage:            http://code.google.com/p/cryptsetup/
>      Description:         Tool to setup encrypted devices with dm-crypt
> 
> 
> Thanks for any hints, Stefan
> 
I'm using sys-fs/cryptsetup-1.1.1_rc1 since 02.05.2010 and didn't have
any issues.
Please decrypt your partition from the command line, so we can see if it
is a cryptsetup/luks/kernel problem or a pam_mount problem.

Cmdline should something like:
$ sudo cryptsetup -d /etc/security/verysekrit.key luksOpen
/dev/mapper/VG01-crypthome myhome
Which should create /dev/mapper/myhome.

Bye,
Daniel


-- 
PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get
# gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to