[Bug 626127] New: pam_mount suggests to specify "fskeyhash" when mounting a LUKS partition
http://bugzilla.novell.com/show_bug.cgi?id=626127 http://bugzilla.novell.com/show_bug.cgi?id=626127#c0 Summary: pam_mount suggests to specify "fskeyhash" when mounting a LUKS partition Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: x86-64 OS/Version: openSUSE 11.3 Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bugreports@tittel.net QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100626 SUSE/3.6.6-1.2 Firefox/3.6.6 When mounting a LUKS-encrypted partition with pam_mount on login, pam_mount gives the following warning: pam_mount(rdconf1.c:1325): Volume /dev/sda8: consider specifying the fskeyhash pam_mount(rdconf1.c:1325): Volume /dev/sda8: consider specifying the fskeyhash (yes, the warning appears twice) Specifiying an fskeyhash for a LUKS-partition doesn't make sense (it's all in the LUKS header) and if I set an fskeyhash for a LUKS partition in /etc/security/pam_mount.conf.xml it is actually ignored. In short: This warning shouldn't be there. If I look at bugs like http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580430 in den Debian bugtracker, it seems like pam_mount is probably warning about the missing fskeyhash in other situations (like mounting tmpfs) in which it doesn't make sense. I talked to the pam_mount upstream author (Jan Engelhardt) and this problem seems to be fixed in more current versions of pam_mount. Thanks in advance! Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626127 http://bugzilla.novell.com/show_bug.cgi?id=626127#c yang xiaoyu <xyyang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xyyang@novell.com AssignedTo|bnc-team-screening@forge.pr |mc@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626127 http://bugzilla.novell.com/show_bug.cgi?id=626127#c Michael Calmer <mc@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low Status|NEW |ASSIGNED -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c1 Lars Müller <lmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO CC| |lmuelle@novell.com Platform|x86-64 |All InfoProvider| |jengelh@medozas.de --- Comment #1 from Lars Müller <lmuelle@novell.com> 2010-08-20 20:30:19 CEST --- @Jan: Should we address this by a version upgrade to 1.36? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c2 Jan Engelhardt <jengelh@medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |jengelh@medozas.de InfoProvider|jengelh@medozas.de | --- Comment #2 from Jan Engelhardt <jengelh@medozas.de> 2010-08-20 18:37:38 UTC --- Fixed by v2.2: commit 40e1b19511a1b0c17f0fbf4f6e6e47f209aee1c4 (v2.2~5) Author: Jan Engelhardt <jengelh@medozas.de> Date: Fri May 14 17:18:13 2010 +0200 rdconf: do not warn about missing fskeyhash when no fskey specified References: http://bugs.debian.org/580430 The currently-recommended version in the 2.x series is 2.5 (not because its the latest, but because it's the stable pseudobranch). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c3 Lars Müller <lmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |jengelh@medozas.de --- Comment #3 from Lars Müller <lmuelle@novell.com> 2010-08-20 22:20:51 CEST --- After applying the change from 40e1b19511a1b0c17f0fbf4f6e6e47f209aee1c4 on top of the 1.34 version as part of openSUSE 11.3 I see: Aug 20 22:10:43 tinka login[5534]: pam_mount(mount.c:64): Errors from underlying mount program: Aug 20 22:10:43 tinka login[5534]: pam_mount(mount.c:68): mount.crypt(mtcrypt.c:161): loop mount option ignored Aug 20 22:10:46 tinka login[5534]: pam_mount(mount.c:68): No key available with this passphrase. Aug 20 22:10:46 tinka login[5534]: pam_mount(pam_mount.c:506): mount of /home/crypt/tinka-home-tina-homework_Daten.img failed Do we need to go to 2.5 to access encrypted containers created with openSUSE 11.2 or do I get your recommendation from comment comment #2 not correct? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c4 Jan Engelhardt <jengelh@medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|jengelh@medozas.de | --- Comment #4 from Jan Engelhardt <jengelh@medozas.de> 2010-08-20 20:41:35 UTC --- As my manpower is limited, I can only focus on 2.x. I encourage you to use the same and report possible issues like mount failures against that. (Also note all the cryptsetup obnoxiousnesses and broken HOWTOs with which users created their volumes... doc/bugs.txt... so your error there may be legit even in 1.34.). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c5 Lars Müller <lmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |maintenance@opensuse.org --- Comment #5 from Lars Müller <lmuelle@novell.com> 2010-08-21 18:47:06 CEST --- I've tested this today again with the same setup and a pam_mount package from the OBS repo home:lmuelle:branches:openSUSE:11.3:Update:Test which includes your revision 40e1b19511a1b0c17f0fbf4f6e6e47f209aee1c4 on top of 1.34 from update/11.3/ I'll test it several times and it works as expected now. Dang, I missed to reboot or better I'm not aware how to force a reload of a pam module or how to reinitialize the pam stack. created request id 45929 @Maintenance: we need a swamp ID for this issue. @Michael: Please take care to get the fix published. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c6 --- Comment #6 from Jan Engelhardt <jengelh@medozas.de> 2010-08-21 17:18:11 UTC --- Closing the pam session is usually sufficient to reload, that means, logging out. (This preferably done in such a way that after logout nothing is mounted of course, otherwise the things you were to test are just skipped.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c7 --- Comment #7 from Lars Müller <lmuelle@novell.com> 2010-08-21 19:24:50 CEST --- @Jan: Do you have some self test we should consider to run as part of the build process?
From doc/todo.txt it looks like you consider to add some. Looks like patches are welcome. :/
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c8 --- Comment #8 from Jan Engelhardt <jengelh@medozas.de> 2010-08-21 17:50:57 UTC --- Yes, in pam_mount 2.x there is a small "t-crypt" script that collects tests from bug reports. It requires privileges to losetup, cryptsetup and kernel module loading however, and is not exactly a build-time check but rather a pre-tarball-generation checker. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c9 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cdengler@novell.com --- Comment #9 from Christian Dengler <cdengler@novell.com> 2010-08-23 09:58:57 UTC --- What will you submit as an update? The version upgrade or the backport? Do we need a suggested reboot or relogin? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c10 --- Comment #10 from Lars Müller <lmuelle@novell.com> 2010-08-23 12:33:42 CEST --- It's a back port as I submit requested it with 45929. See comment 5. home:lmuelle:branches:openSUSE:11.3:Update:Test / pam_mount It was only the change log file which didn't applied in a clean way. Have to merge the package change log hunk to oS:Factory too. I'm old ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c11 --- Comment #11 from Lars Müller <lmuelle@novell.com> 2010-08-23 12:50:31 CEST --- OBS Linux-PAM has no 11.3 build target. :/ And pam_mount there is old. I've merged the patch and submit requested it with ID 45990 Regarding the question from comment #9: Let us keep it simple and suggest a reboot. That's what we're doing in other cases if we modified the pam configuration too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c12 --- Comment #12 from Jan Engelhardt <jengelh@medozas.de> 2010-08-23 11:20:40 UTC ---
And pam_mount there is old.
mc should let me be maintainer of that then :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c13 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:35565:moderat | |e --- Comment #13 from Swamp Workflow Management <swamp@suse.com> 2010-08-30 13:31:13 UTC --- The SWAMPID for this issue is 35565. This issue was rated as moderate. Please submit fixed packages until 2010-09-13. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/35565 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c14 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|maintenance@opensuse.org | --- Comment #14 from Christian Dengler <cdengler@novell.com> 2010-08-30 13:32:05 UTC --- update started. Be so kind and submit the sources and a patchinfo. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c15 Michael Calmer <mc@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED Target Milestone|--- |Final --- Comment #15 from Michael Calmer <mc@novell.com> 2010-08-30 14:31:44 UTC --- Source and patchinfo submitted. Close as fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c16 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:35565:moderat |maint:running:35565:moderat |e |e maint:released:11.3:35566 --- Comment #16 from Swamp Workflow Management <swamp@suse.com> 2010-09-13 15:32:34 UTC --- Update released for: pam_mount, pam_mount-debuginfo, pam_mount-debugsource Products: openSUSE 11.3 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=626127 https://bugzilla.novell.com/show_bug.cgi?id=626127#c Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:35565:moderat |. |e maint:released:11.3:35566 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626127 http://bugzilla.novell.com/show_bug.cgi?id=626127#c17 --- Comment #17 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (626127) was mentioned in https://build.opensuse.org/request/show/45929 11.3:Test / pam_mount -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com