[Bug 954419] New: Encrypted home inaccessible
http://bugzilla.opensuse.org/show_bug.cgi?id=954419 Bug ID: 954419 Summary: Encrypted home inaccessible Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: dutchkind@txoriaskea.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I did a fresh install of Leap 42.1, and after I logged in with only user, I changed the regular home of the user to an encrypted home using YAST. After logging out and then trying to log in, nothing happens, system seems to freeze and I have to escape using Ctl-Alt-Backspace twice. Since I had only one user and root login is not possible anymore to fix things, I did a new install and created more users so I could play with it. Again, changing a user to an encrypted home makes it impossible for this user to log in. Journalctl shows the pam login was OK, and after that there is nothing in the log. Before I did the fresh install, I upgraded my 13.2 to Leap, with encrypted homes, and I was able to log in. But because of crashes and a mixed kde4/kde5 mess I decided to do the fresh install to see if this fixes it. So it seems it has to do with the newly created encrypted file, maybe the user's home was not copied? I would appreciate any help. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c12
Pavel Nemec
I fixed the problem by changing /etc/pa.d/sddm to
auth optional pam_mount.so auth include common-auth account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_cryptpass.so session optional pam_mount.so
The first line and last two lines were added, and since then I was able to log in.
What still is an issue is that the encrypted home is not properly dismounted after log out, which could result in corrupted files, as I discovered in earlier opensuse versions.
I can confirm that adding those fix loging using sddm. Also I can confirm that it keep secure home mounted after logout. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c13
--- Comment #13 from David Kerkhof
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c21
Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c22
Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c23
Thomas Rother
session optional pam_cryptpass.so <<< session optional pam_mount.so
This can be closed at least for leap 42.2, but the config change should be included for 42.3 and following. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c24
Tomáš Chvátal
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c25
P. Otato
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c26
Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c27
--- Comment #27 from Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c28
--- Comment #28 from P. Otato
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c29
--- Comment #29 from Tomas Kuchta
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c30
--- Comment #30 from Tomas Kuchta
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c31
--- Comment #31 from Josef Möllers
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c32
--- Comment #32 from Fabian Vogt
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c33
--- Comment #33 from Tomas Kuchta
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c34
--- Comment #34 from Tomas Kuchta
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c35
--- Comment #35 from Tomas Kuchta
http://bugzilla.opensuse.org/show_bug.cgi?id=954419
http://bugzilla.opensuse.org/show_bug.cgi?id=954419#c37
--- Comment #37 from Josef Möllers
The fix in /etc/pam.d/sddm solves logging into KDE.
This has no effect on loging in by SSH. When I login remotely the encrypted home is still not mounted.
The problem seems to be that with ssh(d), session setup is done as root but session cleanup is done as the (unprivileged) user. Root mounts the file system but the user cannot umount. So, I second that a bug against openssh should be opened. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com