I'm trying to set-up PAM on my Mandriva 2010.1 so I can have an NFS share and an encrypted partition mounted at login. The NFS share seems to mount but the encrypted partition doesn't. Also when logging in from console I have to enter my password twice.
Any help is appreciated.
My configuration:
/etc/security/pam_mount.conf.xml:
Code:
<pam_mount>
<debug enable="2" />
<luserconf name=".pam_mount.conf.xml" />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
~/.pam_mount.conf.xml:
Code:
<pam_mount>
<volume fstype="crypt" path="/dev/sdb5" mountpoint="~/mnt/crypt"/>
<volume fstype="nfs" server="diskstation" path="/volume1/homes/nick" mountpoint="~/mnt/home" />
</pam_mount>
/etc/pam.d/system-auth:
Code:
#%PAM-1.0
auth required pam_env.so
auth optional pam_mount.so use_first_pass
auth sufficient pam_tcb.so shadow nullok prefix=$2a$ count=8
auth required pam_deny.so
account sufficient pam_tcb.so shadow
account required pam_deny.so
password required pam_cracklib.so try_first_pass retry=3 minlen=4 dcredit=0 ucredit=0
password sufficient pam_tcb.so use_authtok shadow write_to=shadow nullok prefix=$2a$ count=8
password required pam_deny.so
session optional pam_mount.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_tcb.so
/var/log/messages:
Code:
Nov 13 14:44:19 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass"
Nov 13 14:44:19 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:688): path to luserconf set to /home/ndg/.pam_mount.conf.xml
Nov 13 14:44:19 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:364): pam_mount 2.1: entering auth stage
Nov 13 14:44:19 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:132): clean system authtok=0x12a3630 (7)
Nov 13 14:44:29 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass"
Nov 13 14:44:29 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:688): path to luserconf set to /home/ndg/.pam_mount.conf.xml
Nov 13 14:44:29 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:364): pam_mount 2.1: entering auth stage
Nov 13 14:44:29 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:132): clean system authtok=0x12aee80 (7)
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass"
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:688): path to luserconf set to /home/nick/.pam_mount.conf.xml
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:364): pam_mount 2.1: entering auth stage
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:688): path to luserconf set to /home/nick/.pam_mount.conf.xml
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:552): pam_mount 2.1: entering session stage
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(misc.c:38): Session open: (uid=0, euid=0, gid=100, egid=100)
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:598): going to readconfig /home/nick/.pam_mount.conf.xml
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:1325): Volume /dev/sdb5: consider specifying the fskeyhash
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf1.c:1325): Volume /volume1/homes/nick: consider specifying the fskeyhash
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf2.c:126): checking sanity of luserconf volume record (/dev/sdb5)
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf2.c:132): user-defined volume (/dev/sdb5), volume not owned by user
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf2.c:126): checking sanity of luserconf volume record (/volume1/homes/nick)
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(rdconf2.c:69): option "nodev" required
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: Luser volume for /home/nick/mnt/home is missing options that are required by global <mntoptions>
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: command: 'pmvarrun' '-u' 'nick' '-o' '1'
Nov 13 14:44:42 HAL9000 kdm: :0[26176]: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=100, egid=100)
Nov 13 14:44:42 HAL9000 kdm: :0[26176]: pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=100, egid=100)
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:440): pmvarrun says login count is 1
Nov 13 14:44:42 HAL9000 kdm: :0[26788]: pam_mount(pam_mount.c:642): done opening session (ret=0)
I see some errors concerning the NFS mount but it seems to work.
The encrypted partition doesn't mount. I can mount it by hand, though:
Code:
[nick@HAL9000 ~]$ sudo mount.crypt -v /dev/sdb5 ~/mnt/crypt/
command: 'readlink' '-fn' '/dev/sdb5'
command: 'readlink' '-fn' '/home/nick/mnt/crypt/'
Password:
mount.crypt(crypto-dmc.c:144): Using _dev_sdb5 as dmdevice name
command: 'mount' '-n' '/dev/mapper/_dev_sdb5' '/home/nick/mnt/crypt'
[nick@HAL9000 ~]$ cat /etc/mtab | grep crypt
/dev/sdb5 /home/nick/mnt/crypt crypt defaults 0 0
If I login from console I have to enter my password twice:
Code:
[nick@HAL9000 ~]$ su -
pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass"
pam_mount(rdconf1.c:688): path to luserconf set to /root/.pam_mount.conf.xml
pam_mount(pam_mount.c:364): pam_mount 2.1: entering auth stage
pam_mount password:
Password:
pam_mount(rdconf1.c:688): path to luserconf set to /root/.pam_mount.conf.xml
...