LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-15-2010, 02:51 AM   #1
NickDeGraeve
LQ Newbie
 
Registered: Jan 2009
Posts: 7

Rep: Reputation: 0
Question Some issues with PAM mainly with encrypted partition


I'm trying to set-up PAM on my Mandriva 2010.1 so I can have an NFS share and an encrypted partition mounted at login. The NFS share seems to mount but the encrypted partition doesn't. Also when logging in from console I have to enter my password twice.

Any help is appreciated.

My configuration:

/etc/security/pam_mount.conf.xml:
Code:
<pam_mount>

    <debug enable="2" />

    <luserconf name=".pam_mount.conf.xml" />

    <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
    <mntoptions require="nosuid,nodev" />
    <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>

    <logout wait="0" hup="0" term="0" kill="0" />

    <mkmountpoint enable="1" remove="true" />

</pam_mount>
~/.pam_mount.conf.xml:
Code:
<pam_mount>
        <volume fstype="crypt" path="/dev/sdb5" mountpoint="~/mnt/crypt"/>
        <volume fstype="nfs" server="diskstation" path="/volume1/homes/nick" mountpoint="~/mnt/home" />
</pam_mount>
/etc/pam.d/system-auth:
Code:
#%PAM-1.0

auth        required      pam_env.so                                               
auth        optional      pam_mount.so use_first_pass
auth        sufficient    pam_tcb.so shadow nullok prefix=$2a$ count=8
auth        required      pam_deny.so

account     sufficient    pam_tcb.so shadow
account     required      pam_deny.so
                                                                                   
password    required      pam_cracklib.so try_first_pass retry=3 minlen=4  dcredit=0  ucredit=0                                                                       
password    sufficient    pam_tcb.so use_authtok shadow write_to=shadow nullok prefix=$2a$ count=8
password    required      pam_deny.so                                              

session     optional      pam_mount.so                                             
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_tcb.so
/var/log/messages:
Code:
Nov 13 14:44:19 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass" 
Nov 13 14:44:19 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:688): path to luserconf set to /home/ndg/.pam_mount.conf.xml 
Nov 13 14:44:19 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:364): pam_mount 2.1: entering auth stage 
Nov 13 14:44:19 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:132): clean system authtok=0x12a3630 (7) 
Nov 13 14:44:29 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass" 
Nov 13 14:44:29 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:688): path to luserconf set to /home/ndg/.pam_mount.conf.xml 
Nov 13 14:44:29 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:364): pam_mount 2.1: entering auth stage 
Nov 13 14:44:29 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:132): clean system authtok=0x12aee80 (7) 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass" 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:688): path to luserconf set to /home/nick/.pam_mount.conf.xml 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:364): pam_mount 2.1: entering auth stage 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:688): path to luserconf set to /home/nick/.pam_mount.conf.xml 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:552): pam_mount 2.1: entering session stage 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(misc.c:38): Session open: (uid=0, euid=0, gid=100, egid=100) 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:598): going to readconfig /home/nick/.pam_mount.conf.xml 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:1325): Volume /dev/sdb5: consider specifying the fskeyhash 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:1325): Volume /volume1/homes/nick: consider specifying the fskeyhash 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf2.c:126): checking sanity of luserconf volume record (/dev/sdb5) 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf2.c:132): user-defined volume (/dev/sdb5), volume not owned by user 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf2.c:126): checking sanity of luserconf volume record (/volume1/homes/nick) 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf2.c:69): option "nodev" required 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: Luser volume for /home/nick/mnt/home is missing options that are required by global <mntoptions> 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: command: 'pmvarrun' '-u' 'nick' '-o' '1' 
Nov 13 14:44:42 HAL9000 kdm: :0[26176]: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=100, egid=100) 
Nov 13 14:44:42 HAL9000 kdm: :0[26176]: pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=100, egid=100) 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:440): pmvarrun says login count is 1 
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:642): done opening session (ret=0)
I see some errors concerning the NFS mount but it seems to work.

The encrypted partition doesn't mount. I can mount it by hand, though:
Code:
[nick@HAL9000 ~]$ sudo mount.crypt -v /dev/sdb5 ~/mnt/crypt/
command: 'readlink' '-fn' '/dev/sdb5' 
command: 'readlink' '-fn' '/home/nick/mnt/crypt/' 
Password: 
mount.crypt(crypto-dmc.c:144): Using _dev_sdb5 as dmdevice name
command: 'mount' '-n' '/dev/mapper/_dev_sdb5' '/home/nick/mnt/crypt' 
[nick@HAL9000 ~]$ cat /etc/mtab | grep crypt                                       
/dev/sdb5 /home/nick/mnt/crypt crypt defaults 0 0
If I login from console I have to enter my password twice:
Code:
[nick@HAL9000 ~]$ su -
pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass"
pam_mount(rdconf1.c:688): path to luserconf set to /root/.pam_mount.conf.xml
pam_mount(pam_mount.c:364): pam_mount 2.1: entering auth stage
pam_mount password:
Password: 
pam_mount(rdconf1.c:688): path to luserconf set to /root/.pam_mount.conf.xml
...
 
  


Reply

Tags
encrypted, mandriva, pam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I may have lost my encrypted partition Syl Ubuntu 3 04-10-2010 03:26 PM
Encrypted partition EEEPC Psykoman Linux - Laptop and Netbook 2 01-28-2009 02:45 PM
Encrypted FS Partition Scheme? DJ Cacophony Linux - Newbie 1 10-01-2004 04:52 PM
fscking an encrypted partition bungalowbill Linux - General 3 04-30-2004 09:04 AM
Encrypted partition? hjles Slackware 1 01-25-2003 03:49 PM


All times are GMT -5. The time now is 07:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration