Encrypted home breaks on login
Posted
by
berkes
on Ask Ubuntu
See other posts from Ask Ubuntu
or by berkes
Published on 2011-01-22T14:00:38Z
Indexed on
2011/02/03
15:34 UTC
Read the original article
Hit count: 399
My home is encrypted, which breaks the login. Gnome and other services try to find all sorts of .files, write to them, read from them and so on. E.g. .ICEauthority. They are not found (yet) because at that moment the home is still encrypted. I do not have automatic login set, since that has known issues with encrypted home in Ubuntu.
When I go trough the following steps, there is no problem:
- boot up the system.
- [ctr][alt][F1], login.
- run
ecryptfs-mount-private
- [ctr][alt][F7], done. Can now login.
I may have some setting wrong, but have no idea where. I suspect ecryptfs-mount-private should be ran earlier in bootstrap, but do not know how to make it so.
Some issues that may cause trouble:
- I have a fingerprint reader, it works for login and PAM.
- I have three keyrings in seahorse, containing passwords from old machines (backups). Not just one.
Suggestion was that the PAM settings are wrong, so here are the relevant parts from /etc/pam.d/common-auth.
# here are the per-package modules (the "Primary" block)
auth [success=3 default=ignore] pam_fprintd.so
auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth optional pam_ecryptfs.so unwrap
# end of pam-auth-update config
I am not sure about how this configuration works, but ut seems that maybe the*optional* in auth optional pam_ecryptfs.so unwrap
is causing the ecryptfs to be ignored?
© Ask Ubuntu or respective owner