Till Maas escreveu:
Ok,On Sat September 13 2008, Casimiro de Almeida Barreto wrote: I'm transcripting the debugging information. First of all I have an encripted "partition" for /home/casimiro that is mount via loop0. It was working well until last update. It is still mounting when I use input lile: # openssl aes-256-cbc -d -in /etc/pki/cryptofs/mykey.key | mount -p0 -o loop,encryption=aes-cbc-256,rw /xxx/yyy.img /home/casimiro But, when it goes to PAM... that's what happen: Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:259) pam_mount 0.47: entering auth stage Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:269) could not get password from PAM system Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:191) enter read_password Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:294) saving authtok for session code (authtok=0x8e0d630) Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:437) pam_mount 0.47: entering session stage Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:458) back from global readconfig Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:460) per-user configurations not allowed by pam_mount.conf.xml Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(misc.c:45) Session open: (uid=0, euid=0, gid=501, egid=501) Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(rdconf2.c:190) checking sanity of volume record (/home/.casimiro.img) Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(pam_mount.c:512) about to perform mount operations Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:364) information for mount: Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:365) ---------------------- Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:366) (defined by globalconf) Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:367) user: casimiro Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:368) server: (null) Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:369) volume: /xxx/yyy.img Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:370) mountpoint: /home/casimiro Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:371) options: loop,encryption=aes-cbc-256,rw Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:372) fs_key_cipher: aes-256-cbc Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:373) fs_key_path: /etc/pki/cryptofs/mykey.key Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:374) use_fstab: 0 Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:375) ---------------------- Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:151) realpath of volume "/home/casimiro" is "/home/casimiro" Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:155) checking to see if /xxx/yyy.img is already mounted at /home/casimiro Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:824) checking for encrypted filesystem key configuration Sep 13 12:14:28 terra kdm: :0[3068]: pam_mount(mount.c:831) decrypting FS key using system auth. token and aes-256-cbc Sep 13 12:14:28 terra kdm[3019]: Unknown session exit code 0 (sig 6) from manager process Sep 13 12:14:28 terra kdm_greet[3072]: Cannot read from core Sep 13 12:14:39 terra login: pam_mount(pam_mount.c:259) pam_mount 0.47: entering auth stage Sep 13 12:14:39 terra login: pam_mount(pam_mount.c:269) could not get password from PAM system Sep 13 12:14:39 terra login: pam_mount(pam_mount.c:191) enter read_password Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:294) saving authtok for session code (authtok=0x94f04d8) Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:437) pam_mount 0.47: entering session stage Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:458) back from global readconfig Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:460) per-user configurations not allowed by pam_mount.conf.xml Sep 13 12:14:42 terra login: pam_mount(misc.c:45) Session open: (uid=0, euid=0, gid=0, egid=0) Sep 13 12:14:42 terra login: pam_mount(rdconf2.c:190) checking sanity of volume record (/xxx/yyy.img) Sep 13 12:14:42 terra login: pam_mount(pam_mount.c:512) about to perform mount operations Sep 13 12:14:42 terra login: pam_mount(mount.c:364) information for mount: Sep 13 12:14:42 terra login: pam_mount(mount.c:365) ---------------------- Sep 13 12:14:42 terra login: pam_mount(mount.c:366) (defined by globalconf) Sep 13 12:14:42 terra login: pam_mount(mount.c:367) user: casimiro Sep 13 12:14:42 terra login: pam_mount(mount.c:368) server: (null) Sep 13 12:14:42 terra login: pam_mount(mount.c:369) volume: /xxx/yyy.img Sep 13 12:14:42 terra login: pam_mount(mount.c:370) mountpoint: /home/casimiro Sep 13 12:14:42 terra login: pam_mount(mount.c:371) options: loop,encryption=aes-cbc-256,rw Sep 13 12:14:42 terra login: pam_mount(mount.c:372) fs_key_cipher: aes-256-cbc Sep 13 12:14:42 terra login: pam_mount(mount.c:373) fs_key_path: /etc/pki/cryptofs/mykey.key Sep 13 12:14:42 terra login: pam_mount(mount.c:374) use_fstab: 0 Sep 13 12:14:42 terra login: pam_mount(mount.c:375) ---------------------- Sep 13 12:14:42 terra login: pam_mount(mount.c:151) realpath of volume "/home/casimiro" is "/home/casimiro" Sep 13 12:14:42 terra login: pam_mount(mount.c:155) checking to see if /xxx/yyy.img is already mounted at /home/casimiro Sep 13 12:14:42 terra login: pam_mount(mount.c:824) checking for encrypted filesystem key configuration Sep 13 12:14:42 terra login: pam_mount(mount.c:831) decrypting FS key using system auth. token and aes-256-cbc Sep 13 12:14:42 terra init: tty1 main process (3034) killed by ABRT signal Sep 13 12:14:42 terra init: tty1 main process ended, respawning And them, back to /etc/security/pam_mount.conf.xml: <?xml version="1.0" encoding="UTF-8"?> <pam_mount> <debug enable="1" /> <mkmountpoint enable="1" /> <fsckloop device="/dev/loop7" /> <mntoptions allow="nosuid,nodev,loop,encryption,fsck" /> <mntoptions require="nosuid,nodev" /> <lsof>/usr/sbin/lsof %(MNTPT)</lsof> <fsck>/sbin/fsck -p %(FSCKTARGET)</fsck> <losetup>/sbin/losetup -p0 "%(before=\"-e\" CIPHER)" "%(before=\"-k\" KEYBITS)" %(FSCKLOOP) %(VOLUME)</losetup> <unlosetup>/sbin/losetup -d %(FSCKLOOP)</unlosetup> <cifsmount>/bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"</cifsmount> <smbmount>/usr/bin/smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"</smbmount> <ncpmount>/usr/bin/ncpmount %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"</ncpmount> <smbumount>/usr/bin/smbumount %(MNTPT)</smbumount> <ncpumount>/usr/bin/ncpumount %(MNTPT)</ncpumount> <fusemount>/sbin/mount.fuse %(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"</fusemount> <fuseumount>/usr/bin/fusermount -u %(MNTPT)</fuseumount> <umount>/bin/umount %(MNTPT)</umount> <lclmount>/bin/mount -p0 -t %(FSTYPE) %(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"</lclmount> <cryptmount>/bin/mount -t crypt "%(before=\"-o\" OPTIONS)" %(VOLUME) %(MNTPT)</cryptmount> <nfsmount>/bin/mount %(SERVER):%(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"</nfsmount> <mntcheck>/bin/mount</mntcheck> <pmvarrun>/usr/sbin/pmvarrun -u %(USER) -o %(OPERATION)</pmvarrun> <volume fskeycipher="aes-256-cbc" options="loop,encryption=aes-cbc-256,rw" fskeypath="/etc/pki/cryptofs/mykey.key" user="casimiro" mountpoint="/home/casimiro" path="/xxx/yyy.img" fstype="ext3" /> <volume fskeycipher="aes-256-cbc" options="loop,encryption=aes-cbc-256,rw" fskeypath="/media/disk/.developer.key" user="developer" mountpoint="/home/developer" path="/media/disk/.developer.img" fstype="ext3" /> </pam_mount> note that developer is in a flash memory... |
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
