From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-110673-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1O9Pd4-00089C-MK
	for garchives@archives.gentoo.org; Tue, 04 May 2010 21:26:11 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BE294E0897;
	Tue,  4 May 2010 21:25:02 +0000 (UTC)
Received: from mx01.admin-box.com (mx01.admin-box.com [78.47.249.108])
	by pigeon.gentoo.org (Postfix) with ESMTP id E3D54E0897
	for <gentoo-user@lists.gentoo.org>; Tue,  4 May 2010 21:25:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mx01.admin-box.com (Postfix) with ESMTP id 2989831F02A1
	for <gentoo-user@lists.gentoo.org>; Tue,  4 May 2010 23:25:00 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mx01.admin-box.com
Received: from mx01.admin-box.com ([127.0.0.1])
	by localhost (mx01.admin-box.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id zhmx0I2WTxzI for <gentoo-user@lists.gentoo.org>;
	Tue,  4 May 2010 23:24:53 +0200 (CEST)
Received: from maya.local (e178063182.adsl.alicedsl.de [85.178.63.182])
	(Authenticated sender: daniel@troeder.de)
	by mx01.admin-box.com (Postfix) with ESMTPSA id 3B10A31F02A0
	for <gentoo-user@lists.gentoo.org>; Tue,  4 May 2010 23:24:53 +0200 (CEST)
Message-ID: <4BE090A5.9080804@admin-box.com>
Date: Tue, 04 May 2010 23:24:53 +0200
From: Daniel Troeder <daniel@admin-box.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100411 Thunderbird/3.0.4
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure.
References: <i2h42784f261005030956u6b56e7e3qf3416964c2099232@mail.gmail.com> <4BDFF195.9070404@xunil.at> <hrpjfk$ckm$1@dough.gmane.org> <4BE05BA3.1000509@xunil.at> <4BE07570.7020305@xunil.at>
In-Reply-To: <4BE07570.7020305@xunil.at>
X-Enigmail-Version: 1.0.1
OpenPGP: id=BB9D4887;
	url=http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig5948BB3663136349E4D6EB3E"
X-Archives-Salt: e73aa2a8-c87f-432a-85e1-9fb3fd6ce570
X-Archives-Hash: c2e1e4564c1d41cfc2a7a8f627a475ca

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig5948BB3663136349E4D6EB3E
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 05/04/2010 09:28 PM, Stefan G. Weichinger wrote:
> Am 04.05.2010 19:38, schrieb Stefan G. Weichinger:
>=20
>> I don't yet have the whole picture ...
>=20
> I did some "emerge -avuDN world", quite some packages updated even
> though I am doing "emerge -avu world" nearly every day ...
>=20
> After a reboot and setting debug to 1 for pam_mount it says:
>=20
> May  4 21:25:38 enzo slim: pam_mount(pam_mount.c:364): pam_mount 2.0:
> entering auth stage
> May  4 21:25:38 enzo slim: gkr-pam: invalid option: use_first_pass
> May  4 21:25:38 enzo slim: pam_unix(slim:session): session opened for
> user sgw by (uid=3D0)
> May  4 21:25:38 enzo slim: pam_mount(pam_mount.c:552): pam_mount 2.0:
> entering session stage
> May  4 21:25:38 enzo slim: pam_mount(misc.c:38): Session open: (uid=3D0=
,
> euid=3D0, gid=3D0, egid=3D0)
> May  4 21:25:38 enzo slim: pam_mount(mount.c:196): Mount info:
> globalconf, user=3Dsgw <volume fstype=3D"crypt" server=3D"(null)"
> path=3D"/dev/mapper/VG01-crypthome" mountpoint=3D"/home/sgw"
> cipher=3D"aes-cbc-plain" fskeypath=3D"/etc/security/verysekrit.key"
> fskeycipher=3D"aes-256-cbc" fskeyhash=3D"md5"
> options=3D"data=3Djournal,commit=3D15" /> fstab=3D0
> May  4 21:25:38 enzo slim: command: 'mount.crypt'
> '-ocipher=3Daes-cbc-plain' '-ofsk_cipher=3Daes-256-cbc' '-ofsk_hash=3Dm=
d5'
> '-okeyfile=3D/etc/security/verysekrit.key' '-odata=3Djournal,commit=3D1=
5'
> '/dev/mapper/VG01-crypthome' '/home/sgw'
> May  4 21:25:38 enzo slim: pam_mount(misc.c:38): set_myuid<pre>: (uid=3D=
0,
> euid=3D0, gid=3D0, egid=3D0)
> May  4 21:25:38 enzo slim: pam_mount(misc.c:38): set_myuid<post>:
> (uid=3D0, euid=3D0, gid=3D0, egid=3D0)
> May  4 21:25:40 enzo slim: pam_mount(mount.c:64): Errors from underlyin=
g
> mount program:
> May  4 21:25:40 enzo slim: pam_mount(mount.c:68):
> crypt_activate_by_passphrase: Operation not permitted
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:520): mount of
> /dev/mapper/VG01-crypthome failed
> May  4 21:25:40 enzo slim: command: 'pmvarrun' '-u' 'sgw' '-o' '1'
> May  4 21:25:40 enzo slim: pam_mount(misc.c:38): set_myuid<pre>: (uid=3D=
0,
> euid=3D0, gid=3D0, egid=3D0)
> May  4 21:25:40 enzo slim: pam_mount(misc.c:38): set_myuid<post>:
> (uid=3D0, euid=3D0, gid=3D0, egid=3D0)
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:440): pmvarrun says
> login count is 1
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:642): done opening
> session (ret=3D0)
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:115): Clean global
> config (0)
> May  4 21:25:40 enzo slim: pam_mount(pam_mount.c:132): clean system
> authtok=3D0x80e6870 (0)
> May  4 21:25:40 enzo seahorse-daemon[1426]: DNS-SD initialization
> failed: Daemon not running
> May  4 21:25:40 enzo seahorse-daemon[1426]: unsupported key server uri
> scheme: ldap
> May  4 21:25:40 enzo seahorse-daemon[1426]: init gpgme version 1.3.0
> May  4 21:25:41 enzo pulseaudio[1475]: module-alsa-card.c: Failed to
> find a working profile.
> May  4 21:25:41 enzo pulseaudio[1475]: module.c: Failed to load  module=

> "module-alsa-card" (argument: "device_id=3D"5"
> name=3D"platform-thinkpad_acpi"
> card_name=3D"alsa_card.platform-thinkpad_acpi" tsched=3Dyes ignore_dB=3D=
no
> card_properties=3D"module-udev-detect.discovered=3D1""): initialization=
 failed.
> May  4 21:25:41 enzo polkitd(authority=3Dlocal): Registered Authenticat=
ion
> Agent for session /org/freedesktop/ConsoleKit/Session3 (system bus name=

> :1.49 [/usr/libexec/polkit-gnome-authentication-agent-1], object path
> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
>=20
>=20
> ----- (maybe I pasted too much, this was everything from typing my
> username to the Gnome-session opened, but with the "wrong" /home for
> user sgw)
>=20
> Some bits of additional info:
>=20
> # cat /etc/pam.d/system-auth
> auth		required	pam_env.so
> auth		required	pam_unix.so try_first_pass likeauth nullok
> auth optional pam_mount.so
> auth optional pam_gnome_keyring.so
>=20
> account		required	pam_unix.so
>=20
> password	required	pam_cracklib.so difok=3D2 minlen=3D8 dcredit=3D2 ocre=
dit=3D2
> retry=3D3
> password optional pam_gnome_keyring.so
> password	required	pam_unix.so try_first_pass use_authtok nullok sha512
> shadow
> session		required	pam_limits.so
> session optional pam_gnome_keyring.so auto_start
> session		required	pam_env.so
> session		required	pam_unix.so
> session		optional	pam_permit.so
> session optional pam_mount.so
>=20
>=20
>=20
> # cat /etc/security/pam_mount.conf.xml
> <?xml version=3D"1.0" encoding=3D"utf-8" ?>
> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
> <!--
> 	See pam_mount.conf(5) for a description.
> -->
>=20
> <pam_mount>
>=20
>                <!-- debug should come before everything else,
>                since this file is still processed in a single pass
>                from top-to-bottom -->
>=20
>  <debug enable=3D"0" />
>=20
>=20
> 		<!-- Volume definitions -->
>=20
> <!--
>=20
> <volume user=3D"username"
> path=3D"/dev/mmcblk0p1"
> mountpoint=3D"/mnt/mmc"
> fstype=3D"auto" />
>=20
> -->
>=20
> <volume user=3D"sgw"
> path=3D"/dev/mapper/VG01-crypthome"
> mountpoint=3D"/home/sgw"
> fstype=3D"crypt"
> options=3D"data=3Djournal,commit=3D15"
> cipher=3D"aes-cbc-plain"
> fskeypath=3D"/etc/security/verysekrit.key"
> fskeycipher=3D"aes-256-cbc"
> fskeyhash=3D"md5" />
>=20
> 		<!-- pam_mount parameters: General tunables -->
>=20
> <debug enable=3D"1" />
> <!--
> <luserconf name=3D".pam_mount.conf.xml" />
> -->
>=20
> <!-- Note that commenting out mntoptions will give you the defaults.
>      You will need to explicitly initialize it with the empty string
>      to reset the defaults to nothing. -->
> <mntoptions
> allow=3D"nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_ot=
her" />
> <!--
> <mntoptions deny=3D"suid,dev" />
> <mntoptions allow=3D"*" />
> <mntoptions deny=3D"*" />
> -->
> <mntoptions require=3D"nosuid,nodev" />
> <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</pat=
h>
>=20
> <logout wait=3D"0" hup=3D"0" term=3D"0" kill=3D"0" />
>=20
>=20
> 		<!-- pam_mount parameters: Volume-related -->
>=20
> <mkmountpoint enable=3D"1" remove=3D"true" />
>=20
>=20
> </pam_mount>
>=20
>=20
>=20
> --- I didn't change both files except for the debug-parameter ...
>=20
>=20
> [root@enzo]:~ # eix pam_mount
> [I] sys-auth/pam_mount
>      Available versions:  (~)1.20 (~)1.21 (~)1.22 (~)1.24 (~)1.25
> (~)1.25-r1 (~)1.26 (~)1.31 (~)1.32 (~)1.33 (~)2.0 {crypt}
>      Installed versions:  2.0(12:45:53 04.05.2010)(crypt)
>      Homepage:            http://pam-mount.sourceforge.net
>      Description:         A PAM module that can mount volumes for a use=
r
> session
>=20
> [root@enzo]:~ # eix cryptset
> [I] sys-fs/cryptsetup
>      Available versions:  0.1-r3 1.0.5-r1 1.0.6-r2 (~)1.0.7 (~)1.0.7-r1=

> (~)1.1.0 (~)1.1.1_rc1{tbz2} {dynamic nls selinux}
>      Installed versions:  1.1.1_rc1{tbz2}(13:04:41 04.05.2010)(nls
> -dynamic -selinux)
>      Homepage:            http://code.google.com/p/cryptsetup/
>      Description:         Tool to setup encrypted devices with dm-crypt=

>=20
>=20
> Thanks for any hints, Stefan
>=20
I'm using sys-fs/cryptsetup-1.1.1_rc1 since 02.05.2010 and didn't have
any issues.
Please decrypt your partition from the command line, so we can see if it
is a cryptsetup/luks/kernel problem or a pam_mount problem.

Cmdline should something like:
$ sudo cryptsetup -d /etc/security/verysekrit.key luksOpen
/dev/mapper/VG01-crypthome myhome
Which should create /dev/mapper/myhome.

Bye,
Daniel


--=20
PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=3D0xBB9D4887&op=3Dg=
et
# gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887


--------------enig5948BB3663136349E4D6EB3E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvgkKUACgkQg3+4tbudSIfXzwCfYnrHdl5pEl/OoZNaofprx8//
TB4AoIz1dItqkV9ENzJOKElZUtathtF1
=Fngl
-----END PGP SIGNATURE-----

--------------enig5948BB3663136349E4D6EB3E--