On Mon, Jan 30, 2012 at 4:58 AM, Martin Steigerwald <ms@xxxxxxxxx> wrote: > > Hi Jakob, > > Am Dienstag, 17. Januar 2012 schrieb Jakob Unterwurzacher: > > On 17.01.2012 09:37, Martin Steigerwald wrote: > > > Am Dienstag, 17. Januar 2012 schrieb Jakob Unterwurzacher: > > >> On 16.01.2012 10:44, Martin Steigerwald wrote: > > >>> Hi! > > >>> > > >>> I have > > >>> > > >>> merkaba:~> grep ecrypt /etc/fstab > > >>> /home/.ms /home/ms ecryptfs > > >>> noatime,noauto 0 0 > > >>> > > >>> And get: > > >>> > > >>> merkaba:~> mount /home/ms > > > > > >>> Passphrase: > > > […] > > > > > >>> Error mounting eCryptfs: [-5] Input/output error > > > > > > […] > > > > > >>> Still it works. > > >>> > > >>> > > >>> In dmesg I see: > > >>> > > >>> [ 2657.888355] ecryptfs_parse_options: eCryptfs: unrecognized option > > >>> [noauto] > > >>> [ 2657.888359] ecryptfs_parse_options: eCryptfs: unrecognized option > > >>> [noatime] > > >>> [ 2657.913215] alg: No test for __gcm-aes-aesni > > >>> (__driver-gcm-aes-aesni) > > >>> > > >>> > > >>> Thus I removed at least noatime, but then I still see: > > >>> > > >>> [ 2839.460200] ecryptfs_parse_options: eCryptfs: unrecognized option > > >>> [noauto] > > > > > > […] > > > > > >>> Without noatime it would ask me the passwort upon boot, but I do not > > >>> like that since I do not use that user everytime. > > > > > > noauto that is. > > > > > >>> I could use mounting via pam, but I like to have a different password > > >>> for the user stored in /etc/shadow than the password from the > > >>> filesystem itself. > > >> > > >> Note that this should work by creating ~/.ecryptfs/wrapping-independent > > >> . Pam will ask for the ecryptfs password explicitely then. > > > > > > Thanks. > > > > > > Would that also work within a display manager like kdm? > > > > > > Ciao, > > > > Yes! It will ask for two passwords on login. > > Hmmm, I think this won't work for me. > > This is used by ecryptfs-mount-private it seems, but I am not only encrypting > /home/$USER/Private, but /home/$USER itself. Thus I'd like to mount ~ as is > with a different passphrase than my PAM login password. > > I tried putting an empty ~/.ecryptfs/wrapping-independent, which has the sig- > cache.txt for the /home/ms mount but this doesn't do the trick, I am not asked > for a password and home directory remains empty. I could put > > Is it true that PAM ecryptfs stuff is only for a ~/Private directory? Definitely not. pam_ecryptfs.so is the method by which keys are loaded into your keyring at login time, by unwrapping ~/.ecryptfs/wrapped-passphrase using your login passphrase. It should work with either a randomly generated one, or one of your choosing. It doesn't really care what's inside of ~/.ecryptfs/wrapped-passphrase -- just that your login passphrase can symmetrically decrypt it. Now, getting a passphrase of your choosing into that file requires running ecryptfs-setup-private by hand, rather than using wrappers, like the Ubuntu installer or the adduser utility. > Then that would be a reason for me to make a feature request ;). -- :-Dustin Dustin Kirkland Chief Architect Gazzang, Inc. www.gazzang.com -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
