From: Martin Steigerwald <ms@teamix.de>
To: Jakob Unterwurzacher <jakobunt@gmail.com>
Cc: Martin Steigerwald <Martin@lichtvoll.de>, ecryptfs@vger.kernel.org
Subject: Re: ecryptfs doesn´t like noauto and noatime
Date: Mon, 30 Jan 2012 11:58:35 +0100 [thread overview]
Message-ID: <201201301158.36957.ms@teamix.de> (raw)
In-Reply-To: <4F154383.6040201@gmail.com>
Hi Jakob,
Am Dienstag, 17. Januar 2012 schrieb Jakob Unterwurzacher:
> On 17.01.2012 09:37, Martin Steigerwald wrote:
> > Am Dienstag, 17. Januar 2012 schrieb Jakob Unterwurzacher:
> >> On 16.01.2012 10:44, Martin Steigerwald wrote:
> >>> Hi!
> >>>
> >>> I have
> >>>
> >>> merkaba:~> grep ecrypt /etc/fstab
> >>> /home/.ms /home/ms ecryptfs
> >>> noatime,noauto 0 0
> >>>
> >>> And get:
> >>>
> >>> merkaba:~> mount /home/ms
> >
> >>> Passphrase:
> > […]
> >
> >>> Error mounting eCryptfs: [-5] Input/output error
> >
> > […]
> >
> >>> Still it works.
> >>>
> >>>
> >>> In dmesg I see:
> >>>
> >>> [ 2657.888355] ecryptfs_parse_options: eCryptfs: unrecognized option
> >>> [noauto]
> >>> [ 2657.888359] ecryptfs_parse_options: eCryptfs: unrecognized option
> >>> [noatime]
> >>> [ 2657.913215] alg: No test for __gcm-aes-aesni
> >>> (__driver-gcm-aes-aesni)
> >>>
> >>>
> >>> Thus I removed at least noatime, but then I still see:
> >>>
> >>> [ 2839.460200] ecryptfs_parse_options: eCryptfs: unrecognized option
> >>> [noauto]
> >
> > […]
> >
> >>> Without noatime it would ask me the passwort upon boot, but I do not
> >>> like that since I do not use that user everytime.
> >
> > noauto that is.
> >
> >>> I could use mounting via pam, but I like to have a different password
> >>> for the user stored in /etc/shadow than the password from the
> >>> filesystem itself.
> >>
> >> Note that this should work by creating ~/.ecryptfs/wrapping-independent
> >> . Pam will ask for the ecryptfs password explicitely then.
> >
> > Thanks.
> >
> > Would that also work within a display manager like kdm?
> >
> > Ciao,
>
> Yes! It will ask for two passwords on login.
Hmmm, I think this won't work for me.
This is used by ecryptfs-mount-private it seems, but I am not only encrypting
/home/$USER/Private, but /home/$USER itself. Thus I'd like to mount ~ as is
with a different passphrase than my PAM login password.
I tried putting an empty ~/.ecryptfs/wrapping-independent, which has the sig-
cache.txt for the /home/ms mount but this doesn't do the trick, I am not asked
for a password and home directory remains empty. I could put
Is it true that PAM ecryptfs stuff is only for a ~/Private directory?
Then that would be a reason for me to make a feature request ;).
Thanks,
--
Martin Steigerwald - teamix GmbH - http://www.teamix.de
gpg: 19E3 8D42 896F D004 08AC A0CA 1E10 C593 0399 AE90
next prev parent reply other threads:[~2012-01-30 11:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-16 9:44 ecryptfs doesn´t like noauto and noatime Martin Steigerwald
2012-01-17 1:07 ` Jakob Unterwurzacher
2012-01-17 8:37 ` Martin Steigerwald
2012-01-17 9:46 ` Jakob Unterwurzacher
2012-01-30 10:58 ` Martin Steigerwald [this message]
2012-01-30 18:49 ` Dustin Kirkland
2012-01-17 6:55 ` Tyler Hicks
2012-01-17 8:35 ` Martin Steigerwald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201201301158.36957.ms@teamix.de \
--to=ms@teamix.de \
--cc=Martin@lichtvoll.de \
--cc=ecryptfs@vger.kernel.org \
--cc=jakobunt@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox