Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure.

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Stefan G. Weichinger" <lists@xunil.at>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure.
Date: Tue, 04 May 2010 21:28:48 +0200	[thread overview]
Message-ID: <4BE07570.7020305@xunil.at> (raw)
In-Reply-To: <4BE05BA3.1000509@xunil.at>

Am 04.05.2010 19:38, schrieb Stefan G. Weichinger:

> I don't yet have the whole picture ...

I did some "emerge -avuDN world", quite some packages updated even
though I am doing "emerge -avu world" nearly every day ...

After a reboot and setting debug to 1 for pam_mount it says:

May  4 21:25:38 enzo slim: pam_mount(pam_mount.c:364): pam_mount 2.0:
entering auth stage
May  4 21:25:38 enzo slim: gkr-pam: invalid option: use_first_pass
May  4 21:25:38 enzo slim: pam_unix(slim:session): session opened for
user sgw by (uid=0)
May  4 21:25:38 enzo slim: pam_mount(pam_mount.c:552): pam_mount 2.0:
entering session stage
May  4 21:25:38 enzo slim: pam_mount(misc.c:38): Session open: (uid=0,
euid=0, gid=0, egid=0)
May  4 21:25:38 enzo slim: pam_mount(mount.c:196): Mount info:
globalconf, user=sgw <volume fstype="crypt" server="(null)"
path="/dev/mapper/VG01-crypthome" mountpoint="/home/sgw"
cipher="aes-cbc-plain" fskeypath="/etc/security/verysekrit.key"
fskeycipher="aes-256-cbc" fskeyhash="md5"
options="data=journal,commit=15" /> fstab=0
May  4 21:25:38 enzo slim: command: 'mount.crypt'
'-ocipher=aes-cbc-plain' '-ofsk_cipher=aes-256-cbc' '-ofsk_hash=md5'
'-okeyfile=/etc/security/verysekrit.key' '-odata=journal,commit=15'
'/dev/mapper/VG01-crypthome' '/home/sgw'
May  4 21:25:38 enzo slim: pam_mount(misc.c:38): set_myuid<pre>: (uid=0,
euid=0, gid=0, egid=0)
May  4 21:25:38 enzo slim: pam_mount(misc.c:38): set_myuid<post>:
(uid=0, euid=0, gid=0, egid=0)
May  4 21:25:40 enzo slim: pam_mount(mount.c:64): Errors from underlying
mount program:
May  4 21:25:40 enzo slim: pam_mount(mount.c:68):
crypt_activate_by_passphrase: Operation not permitted
May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:520): mount of
/dev/mapper/VG01-crypthome failed
May  4 21:25:40 enzo slim: command: 'pmvarrun' '-u' 'sgw' '-o' '1'
May  4 21:25:40 enzo slim: pam_mount(misc.c:38): set_myuid<pre>: (uid=0,
euid=0, gid=0, egid=0)
May  4 21:25:40 enzo slim: pam_mount(misc.c:38): set_myuid<post>:
(uid=0, euid=0, gid=0, egid=0)
May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:440): pmvarrun says
login count is 1
May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:642): done opening
session (ret=0)
May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:115): Clean global
config (0)
May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:132): clean system
authtok=0x80e6870 (0)
May  4 21:25:40 enzo seahorse-daemon[1426]: DNS-SD initialization
failed: Daemon not running
May  4 21:25:40 enzo seahorse-daemon[1426]: unsupported key server uri
scheme: ldap
May  4 21:25:40 enzo seahorse-daemon[1426]: init gpgme version 1.3.0
May  4 21:25:41 enzo pulseaudio[1475]: module-alsa-card.c: Failed to
find a working profile.
May  4 21:25:41 enzo pulseaudio[1475]: module.c: Failed to load  module
"module-alsa-card" (argument: "device_id="5"
name="platform-thinkpad_acpi"
card_name="alsa_card.platform-thinkpad_acpi" tsched=yes ignore_dB=no
card_properties="module-udev-detect.discovered=1""): initialization failed.
May  4 21:25:41 enzo polkitd(authority=local): Registered Authentication
Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name
:1.49 [/usr/libexec/polkit-gnome-authentication-agent-1], object path
/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)

----- (maybe I pasted too much, this was everything from typing my
username to the Gnome-session opened, but with the "wrong" /home for
user sgw)

Some bits of additional info:

# cat /etc/pam.d/system-auth
auth		required	pam_env.so
auth		required	pam_unix.so try_first_pass likeauth nullok
auth optional pam_mount.so
auth optional pam_gnome_keyring.so

account		required	pam_unix.so

password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2
retry=3
password optional pam_gnome_keyring.so
password	required	pam_unix.so try_first_pass use_authtok nullok sha512
shadow
session		required	pam_limits.so
session optional pam_gnome_keyring.so auto_start
session		required	pam_env.so
session		required	pam_unix.so
session		optional	pam_permit.so
session optional pam_mount.so

# cat /etc/security/pam_mount.conf.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
	See pam_mount.conf(5) for a description.
-->

<pam_mount>

               <!-- debug should come before everything else,
               since this file is still processed in a single pass
               from top-to-bottom -->

 <debug enable="0" />

		<!-- Volume definitions -->

<!--

<volume user="username"
path="/dev/mmcblk0p1"
mountpoint="/mnt/mmc"
fstype="auto" />

-->

<volume user="sgw"
path="/dev/mapper/VG01-crypthome"
mountpoint="/home/sgw"
fstype="crypt"
options="data=journal,commit=15"
cipher="aes-cbc-plain"
fskeypath="/etc/security/verysekrit.key"
fskeycipher="aes-256-cbc"
fskeyhash="md5" />

		<!-- pam_mount parameters: General tunables -->

<debug enable="1" />
<!--
<luserconf name=".pam_mount.conf.xml" />
-->

<!-- Note that commenting out mntoptions will give you the defaults.
     You will need to explicitly initialize it with the empty string
     to reset the defaults to nothing. -->
<mntoptions
allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>

<logout wait="0" hup="0" term="0" kill="0" />

		<!-- pam_mount parameters: Volume-related -->

<mkmountpoint enable="1" remove="true" />

</pam_mount>

--- I didn't change both files except for the debug-parameter ...

[root@enzo]:~ # eix pam_mount
[I] sys-auth/pam_mount
     Available versions:  (~)1.20 (~)1.21 (~)1.22 (~)1.24 (~)1.25
(~)1.25-r1 (~)1.26 (~)1.31 (~)1.32 (~)1.33 (~)2.0 {crypt}
     Installed versions:  2.0(12:45:53 04.05.2010)(crypt)
     Homepage:            http://pam-mount.sourceforge.net
     Description:         A PAM module that can mount volumes for a user
session

[root@enzo]:~ # eix cryptset
[I] sys-fs/cryptsetup
     Available versions:  0.1-r3 1.0.5-r1 1.0.6-r2 (~)1.0.7 (~)1.0.7-r1
(~)1.1.0 (~)1.1.1_rc1{tbz2} {dynamic nls selinux}
     Installed versions:  1.1.1_rc1{tbz2}(13:04:41 04.05.2010)(nls
-dynamic -selinux)
     Homepage:            http://code.google.com/p/cryptsetup/
     Description:         Tool to setup encrypted devices with dm-crypt

Thanks for any hints, Stefan

next prev parent reply	other threads:[~2010-05-04 19:30 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-03 16:56 [gentoo-user] Kernel upgrade and now LUKS failure Jason Dusek
2010-05-03 17:31 ` Florian Philipp
2010-05-04 10:06 ` Stefan G. Weichinger
2010-05-04 16:54   ` [gentoo-user] " walt
2010-05-04 17:38     ` Stefan G. Weichinger
2010-05-04 19:28       ` Stefan G. Weichinger [this message]
2010-05-04 21:24         ` Daniel Troeder
2010-05-05  4:42           ` Stefan G. Weichinger
2010-05-05  8:00             ` Daniel Troeder
2010-05-05  8:42               ` Stefan G. Weichinger
2010-05-05 19:39                 ` Daniel Troeder
2010-05-05 20:17                   ` Stefan G. Weichinger
2010-05-05 20:23                     ` Stefan G. Weichinger
2010-05-06 16:24                       ` Daniel Troeder
2010-05-06 18:38                         ` Stefan G. Weichinger
2010-05-07  8:53                           ` Stefan G. Weichinger
2010-05-07 14:24                             ` Stefan G. Weichinger
2010-05-07 21:14                               ` Stefan G. Weichinger
2010-05-10 16:48                                 ` Daniel Troeder
2010-05-04 23:51       ` walt
  -- strict thread matches above, loose matches on Subject: below --
2010-05-16 12:36 Jan Engelhardt
2010-05-17  9:14 ` Stefan G. Weichinger
2010-05-17 21:01   ` Daniel Troeder
2010-05-18 13:05   ` Jan Engelhardt
2010-05-18 13:44     ` Stefan G. Weichinger
2010-05-18 16:04       ` Jan Engelhardt
2010-05-18 16:56         ` Stefan G. Weichinger
2010-05-18 17:57           ` Jan Engelhardt
2010-05-18 18:57             ` Stefan G. Weichinger
2010-05-18 19:33               ` Stefan G. Weichinger
2010-05-18 20:06                 ` Jan Engelhardt
2010-05-18 20:17                   ` Stefan G. Weichinger
2010-05-18 21:16                     ` Jan Engelhardt
2010-05-18 21:49                       ` Stefan G. Weichinger
2010-05-18 22:23                         ` Jan Engelhardt
2010-05-20 10:25                           ` Stefan G. Weichinger
2010-05-20 13:40                             ` Stefan G. Weichinger
2010-05-18 19:38               ` Eray Aslan
2010-05-21 20:24             ` Daniel Troeder

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4BE07570.7020305@xunil.at \
    --to=lists@xunil.at \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox