[gentoo-user] Gnome, pam_mount, keyrings ...

[gentoo-user] Gnome, pam_mount, keyrings ...

[Stefan G. Weichinger]

Greetings,

could someone pls point me at how to solve this in the right way ->

I run gnome3, with gnome-keyring, seahorse, systemd-ui brings
systemd-gnome-ask-password-agent (do I need that?) .... and I use
pam_mount to unlock and mount my encrypted home-dir (thinkpad).

As it happens I use a rather weak password (you know, you set something
up for testing and then it gets productive ...) ... which I would like
to change.

So I have to add/edit the LUKS-keyphrase for the LUKS-device and
additionally edit my password via plain "passwd", right?

And there is the gnome keyring, which I can edit via seahorse, right?
What exactly to edit in there?

I tried that for several times and never managed to change it all in the
proper way so that logging in to gdm unlocks pam_mount as well ... I
always ended up with a mismatch ...

Could someone point out how to do this?

Thanks a lot, Stefan!

Re: [gentoo-user] Gnome, pam_mount, keyrings ...

[Stefan G. Weichinger]

Am 01.08.2014 um 11:38 schrieb Stefan G. Weichinger:
> 
> Greetings,
> 
> could someone pls point me at how to solve this in the right way ->
> 
> I run gnome3, with gnome-keyring, seahorse, systemd-ui brings
> systemd-gnome-ask-password-agent (do I need that?) .... and I use
> pam_mount to unlock and mount my encrypted home-dir (thinkpad).
> 
> As it happens I use a rather weak password (you know, you set something
> up for testing and then it gets productive ...) ... which I would like
> to change.
> 
> So I have to add/edit the LUKS-keyphrase for the LUKS-device and
> additionally edit my password via plain "passwd", right?
> 
> And there is the gnome keyring, which I can edit via seahorse, right?
> What exactly to edit in there?
> 
> I tried that for several times and never managed to change it all in the
> proper way so that logging in to gdm unlocks pam_mount as well ... I
> always ended up with a mismatch ...
> 
> Could someone point out how to do this?

*bump* ;-)

Re: [gentoo-user] Gnome, pam_mount, keyrings ...

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1689 bytes --]

On Wednesday 06 Aug 2014 11:32:56 Stefan G. Weichinger wrote:
> Am 01.08.2014 um 11:38 schrieb Stefan G. Weichinger:
> > Greetings,
> > 
> > could someone pls point me at how to solve this in the right way ->
> > 
> > I run gnome3, with gnome-keyring, seahorse, systemd-ui brings
> > systemd-gnome-ask-password-agent (do I need that?) .... and I use
> > pam_mount to unlock and mount my encrypted home-dir (thinkpad).
> > 
> > As it happens I use a rather weak password (you know, you set something
> > up for testing and then it gets productive ...) ... which I would like
> > to change.
> > 
> > So I have to add/edit the LUKS-keyphrase for the LUKS-device and
> > additionally edit my password via plain "passwd", right?

I don't think that the two have to be the same, unless you made them the same.

In any case 'cryptsetup -y luksAddKey /dev/sdaX' allows you to add a 
passphrase in another slot - can't recall how many passphrase slots are there 
without looking into it.

Reboot to make sure it works and then use luksDelKey 0, to remove the previous 
key from slot 0.

Also, check gnome-disk-utility which I think allows you to change the 
passphrase.

> > And there is the gnome keyring, which I can edit via seahorse, right?
> > What exactly to edit in there?
> > 
> > I tried that for several times and never managed to change it all in the
> > proper way so that logging in to gdm unlocks pam_mount as well ... I
> > always ended up with a mismatch ...
> > 
> > Could someone point out how to do this?

I don't use gnome or luks at the moment, so someone with recent experience 
should chime in and put me right.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] Gnome, pam_mount, keyrings ...

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 377 bytes --]

On Wed, 6 Aug 2014 13:30:44 +0100, Mick wrote:

> In any case 'cryptsetup -y luksAddKey /dev/sdaX' allows you to add a 
> passphrase in another slot - can't recall how many passphrase slots are
> there without looking into it.

8. You can see which are in use with cryptsetup luksDump.


-- 
Neil Bothwick

Adolescence, n.: The stage between puberty and adultery.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: [gentoo-user] Gnome, pam_mount, keyrings ...

[Stefan G. Weichinger]

Am 06.08.2014 um 15:18 schrieb Neil Bothwick:
> On Wed, 6 Aug 2014 13:30:44 +0100, Mick wrote:
> 
>> In any case 'cryptsetup -y luksAddKey /dev/sdaX' allows you to add a 
>> passphrase in another slot - can't recall how many passphrase slots are
>> there without looking into it.
> 
> 8. You can see which are in use with cryptsetup luksDump.

I was successful at adding and using a second or third passphrase.
But logging into gdm didn't use the new passphrase and I don't exactly
know where to put that information. Gnome keyring?

Stefan