Encrypted home breaks on login

Posted by berkes on Ask Ubuntu See other posts from Ask Ubuntu or by berkes
Published on 2011-01-22T14:00:38Z Indexed on 2011/02/03 15:34 UTC
Read the original article Hit count: 399

Filed under:
|
|

My home is encrypted, which breaks the login. Gnome and other services try to find all sorts of .files, write to them, read from them and so on. E.g. .ICEauthority. They are not found (yet) because at that moment the home is still encrypted. I do not have automatic login set, since that has known issues with encrypted home in Ubuntu.

When I go trough the following steps, there is no problem:

  1. boot up the system.
  2. [ctr][alt][F1], login.
  3. run ecryptfs-mount-private
  4. [ctr][alt][F7], done. Can now login.

I may have some setting wrong, but have no idea where. I suspect ecryptfs-mount-private should be ran earlier in bootstrap, but do not know how to make it so.

Some issues that may cause trouble:

  • I have a fingerprint reader, it works for login and PAM.
  • I have three keyrings in seahorse, containing passwords from old machines (backups). Not just one.

Suggestion was that the PAM settings are wrong, so here are the relevant parts from /etc/pam.d/common-auth.

# here are the per-package modules (the "Primary" block)
auth    [success=3 default=ignore]  pam_fprintd.so 
auth    [success=2 default=ignore]  pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]  pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
# here's the fallback if no module succeeds
auth    requisite           pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required            pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth    optional    pam_ecryptfs.so unwrap
# end of pam-auth-update config

I am not sure about how this configuration works, but ut seems that maybe the*optional* in auth optional pam_ecryptfs.so unwrap is causing the ecryptfs to be ignored?

© Ask Ubuntu or respective owner

Related posts about encryption

Related posts about login