On Mon, 12 Dec 2011 at 10:27, Robert Freeman-Day wrote: > The reason your local logins mound the ecryptfs system is because you > are using the pam stack. ecryptfs-utils offers a pam module that auto > mounts it, see first entry here: Yes, I know - that's the module I'm using, see http://nerdbynature.de/bits/ecryptfs/pam.d.txt > The ssh packages offer no method to tie in with ecryptfs unless you tell > sshd to use the pam stack. Then you will likely need to use libpam-ssh > (http://packages.debian.org/squeeze/libpam-ssh). SSH can be configured to use PAM ("UsePAM yes") and I've configured it that way. And it's working...but only a few times when SSH keys are being used. > You will really want to take a look at this security-wise. It is likely > that your key passphrase as well as your login/ecryptfs unwrap > passphrase will need to be the same Um, yes - that's what ecryptfs-migrate-home took care of: the password to login to the system is being used to unlock the ecryptfs container. I'm not sure what this has to do with my problem though. > http://pam-ssh.sourceforge.net/ > http://www.clasohm.com/blog/one-entry?entry_id=12085 This is about some SSO magic, not sure how it relates to my "ecrypt stops unlocking my $HOME when SSH public key authentication is used" problem. Thanks, Christian. -- BOFH excuse #348: We're on Token Ring, and it looks like the token got loose. -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
