<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Till Maas escreveu:
<blockquote cite="mid:200809131706.12332.opensource@till.name"
type="cite">
<pre wrap="">On Sat September 13 2008, Casimiro de Almeida Barreto wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Till Maas escreveu:
</pre>
<blockquote type="cite">
<pre wrap="">On Sat September 13 2008, Casimiro de Almeida Barreto wrote:
[nothing about pam_mount]
Regarding the subject, what is in which version of pam_mount for you
broken? And please create a bug report for this, if it is not fixed in
pam_mount 0.48.
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap="">I'll fill bugzilla. Anyways the "official pam_mount" for fc9 is 0.47 as
shown:
</pre>
</blockquote>
<pre wrap=""><!---->
With the next push, pam_mount should be updated to 0.48 in Fedora 8 and 9:
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/updates/pam_mount-0.48-2.fc9,libHX-1.25-1.fc9">https://admin.fedoraproject.org/updates/pam_mount-0.48-2.fc9,libHX-1.25-1.fc9</a>
Regards,
Till
</pre>
</blockquote>
Ok,<br>
<br>
I'm transcripting the debugging information. First of all I have an
encripted "partition" for /home/casimiro that is mount via loop0. It
was working well until last update. It is still mounting when I use
input lile:<br>
<br>
<small><small><font face="Courier New, Courier, monospace"># openssl
aes-256-cbc -d -in /etc/pki/cryptofs/mykey.key | mount -p0 -o
loop,encryption=aes-cbc-256,rw /xxx/yyy.img /home/casimiro</font></small></small><br>
<br>
But, when it goes to PAM... that's what happen:<br>
<small><small><font face="Courier New, Courier, monospace"><br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:259)
pam_mount 0.47: entering auth stage<br>
<font color="#ff6666">Sep 13 12:14:28 terra kdm: :0[3068]:
pam_mount(pam_mount.c:269) could not get password from PAM system</font><br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:191) enter
read_password<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:294) saving
authtok for session code (authtok=0x8e0d630)<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:437)
pam_mount 0.47: entering session stage<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:458) back
from global readconfig<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:460)
per-user configurations not allowed by pam_mount.conf.xml<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(misc.c:45) Session open:
(uid=0, euid=0, gid=501, egid=501)<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(rdconf2.c:190) checking
sanity of volume record (/home/.casimiro.img)<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:512) about
to perform mount operations<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:364) information
for mount:<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:365)
----------------------<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:366) (defined by
globalconf)<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:367)
user: casimiro<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:368)
server: (null)<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:369)
volume: /xxx/yyy.img<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:370)
mountpoint: /home/casimiro<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:371)
options: loop,encryption=aes-cbc-256,rw<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:372)
fs_key_cipher: aes-256-cbc<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:373)
fs_key_path: /etc/pki/cryptofs/mykey.key<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:374)
use_fstab: 0<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:375)
----------------------<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:151) realpath of
volume "/home/casimiro" is "/home/casimiro"<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:155) checking to
see if /xxx/yyy.img is already mounted at /home/casimiro<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:824) checking
for encrypted filesystem key configuration<br>
Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:831) decrypting
FS key using system auth. token and aes-256-cbc<br>
Sep 13 12:14:28 terra kdm[3019]: Unknown session exit code 0 (sig 6)
from manager process<br>
Sep 13 12:14:28 terra kdm_greet[3072]: Cannot read from core<br>
Sep 13 12:14:39 terra login: pam_mount(pam_mount.c:259) pam_mount 0.47:
entering auth stage<br>
<font color="#ff6666">Sep 13 12:14:39 terra login:
pam_mount(pam_mount.c:269) could not get password from PAM system</font><br>
Sep 13 12:14:39 terra login: pam_mount(pam_mount.c:191) enter
read_password<br>
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:294) saving authtok
for session code (authtok=0x94f04d8)<br>
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:437) pam_mount 0.47:
entering session stage<br>
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:458) back from
global readconfig<br>
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:460) per-user
configurations not allowed by pam_mount.conf.xml<br>
Sep 13 12:14:42 terra login: pam_mount(misc.c:45) Session open: (uid=0,
euid=0, gid=0, egid=0)<br>
Sep 13 12:14:42 terra login: pam_mount(rdconf2.c:190) checking sanity
of volume record (/xxx/yyy.img)<br>
Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:512) about to
perform mount operations<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:364) information for
mount:<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:365)
----------------------<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:366) (defined by
globalconf)<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:367) user:
casimiro<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:368) server:
(null)<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:369) volume:
/xxx/yyy.img<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:370) mountpoint:
/home/casimiro<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:371) options:
loop,encryption=aes-cbc-256,rw<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:372) fs_key_cipher:
aes-256-cbc<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:373) fs_key_path:
/etc/pki/cryptofs/mykey.key<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:374) use_fstab: 0<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:375)
----------------------<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:151) realpath of volume
"/home/casimiro" is "/home/casimiro"<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:155) checking to see if
/xxx/yyy.img is already mounted at /home/casimiro<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:824) checking for
encrypted filesystem key configuration<br>
Sep 13 12:14:42 terra login: pam_mount(mount.c:831) decrypting FS key
using system auth. token and aes-256-cbc<br>
Sep 13 12:14:42 terra init: tty1 main process (3034) killed by ABRT
signal<br>
Sep 13 12:14:42 terra init: tty1 main process ended, respawning</font></small></small><br>
<br>
And them, back to /etc/security/pam_mount.conf.xml:<br>
<br>
<small><small><font face="Courier New, Courier, monospace"><?xml
version="1.0" encoding="UTF-8"?><br>
<pam_mount><br>
<br>
<debug enable="1" /><br>
<br>
<mkmountpoint enable="1" /><br>
<br>
<fsckloop device="/dev/loop7" /><br>
<br>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck" /><br>
<br>
<mntoptions require="nosuid,nodev" /><br>
<br>
<lsof>/usr/sbin/lsof %(MNTPT)</lsof><br>
<br>
<fsck>/sbin/fsck -p %(FSCKTARGET)</fsck><br>
<br>
<losetup>/sbin/losetup -p0 "%(before=\"-e\" CIPHER)"
"%(before=\"-k\" KEYBITS)" %(FSCKLOOP) %(VOLUME)</losetup><br>
<br>
<unlosetup>/sbin/losetup -d %(FSCKLOOP)</unlosetup><br>
<br>
<cifsmount>/bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o
"user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\"
OPTIONS)"</cifsmount><br>
<br>
<smbmount>/usr/bin/smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o
"username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\"
OPTIONS)"</smbmount><br>
<br>
<ncpmount>/usr/bin/ncpmount %(SERVER)/%(USER) %(MNTPT) -o
"pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"</ncpmount><br>
<br>
<smbumount>/usr/bin/smbumount %(MNTPT)</smbumount><br>
<br>
<ncpumount>/usr/bin/ncpumount %(MNTPT)</ncpumount><br>
<br>
<fusemount>/sbin/mount.fuse %(VOLUME) %(MNTPT) "%(before=\"-o\"
OPTIONS)"</fusemount><br>
<br>
<fuseumount>/usr/bin/fusermount -u %(MNTPT)</fuseumount><br>
<br>
<umount>/bin/umount %(MNTPT)</umount><br>
<br>
<lclmount>/bin/mount -p0 -t %(FSTYPE) %(VOLUME) %(MNTPT)
"%(before=\"-o\" OPTIONS)"</lclmount><br>
<br>
<cryptmount>/bin/mount -t crypt "%(before=\"-o\" OPTIONS)"
%(VOLUME) %(MNTPT)</cryptmount><br>
<br>
<nfsmount>/bin/mount %(SERVER):%(VOLUME) %(MNTPT)
"%(before=\"-o\" OPTIONS)"</nfsmount><br>
<br>
<br>
<br>
<mntcheck>/bin/mount</mntcheck><br>
<br>
<pmvarrun>/usr/sbin/pmvarrun -u %(USER) -o
%(OPERATION)</pmvarrun><br>
<br>
<volume fskeycipher="aes-256-cbc"
options="loop,encryption=aes-cbc-256,rw"
fskeypath="/etc/pki/cryptofs/mykey.key" user="casimiro"
mountpoint="/home/casimiro" path="/xxx/yyy.img" fstype="ext3" /><br>
<br>
<volume fskeycipher="aes-256-cbc"
options="loop,encryption=aes-cbc-256,rw"
fskeypath="/media/disk/.developer.key" user="developer"
mountpoint="/home/developer" path="/media/disk/.developer.img"
fstype="ext3" /><br>
<br>
</pam_mount></font></small></small><br>
<br>
<br>
note that developer is in a flash memory...<br>
<br>
</body>
</html>