[opensuse] 11.3 x64 issue with pam and crypto_luks
Greetings, I am experiencing an annoying problem with pam. I have an encrypted file system that is mounted at system boot time. I am using the standard mapper crypto_luks encryption. At boot time, the system asks for a password to unlock and mount this filesystem. When I provide the password I get an error message (something about modprobe not finding or loading a module). However, when the system is fully booted, the encrypted filesystem is actually mounted and works fine. The error at boot time seems bogus. The other thing is I see password - KDE daemon window asking me for a password to unlock the encrypted file system that is already mounted! I have only one encrypted filesystem so this dialog is bogus too. Now, if I do not provide a password to unlock the crypto_luks file system at boot time, the system eventually completes booting up and I can log in and of course the encrypted file system is not mounted. If I go to Dolphin and click on the encrypted file system and provide the password it fails and I cannot mount this file system! Seems like something is broken. I have all packages updated to the most current versions so it must be something else that is broken. Anyone experience this or have an idea where to look to fix this? Thanks, Vahe Avedissian -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 12 Nov 2010, Vahe Avedissian wrote:
At boot time, the system asks for a password to unlock and mount this filesystem. When I provide the password I get an error message (something about modprobe not finding or loading a module).
Hello, See also: https://bugzilla.novell.com/show_bug.cgi?id=467014 Cheers, Peter -- Contact information: http://pmrb.free.fr/contact/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2010-11-12 at 19:09 -0800, Vahe Avedissian wrote: ...
At boot time, the system asks for a password to unlock and mount this filesystem. When I provide the password I get an
error message (something about modprobe not finding or loading a module).
A bug. Mostly cosmetic.
The other thing is I see password - KDE daemon window asking me for a password to unlock the encrypted file system that is already mounted!
Another bug.
Now, if I do not provide a password to unlock the crypto_luks file system at boot time, the system eventually completes booting up and I can log in and of course the encrypted file system is not mounted.
Correct.
If I go to Dolphin and click on the encrypted file system and provide the password it fails and I cannot mount this file system!
Another bug :-)
Anyone experience this or have an idea where to look to fix this?
Fix? No, but you can report all three bugs if they are not already reported. By the way, #1 exists in 11.2, too. But you can mount the missing encripted filesystem by using the system script - as root - : "rccrypto start". This is what I always do. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkzfJSUACgkQtTMYHG2NR9UN8ACfZ6XSWj0Nhf3tiEWeHm5NUz6I E9cAn327VylSKHvRZ124SDMNKL08gU0I =YI5C -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
At boot time, the system asks for a password to unlock and mount this filesystem. When I provide the password I get an
error message (something about modprobe not finding or loading a module).
what kind of encryption are you using ? and is the module available at boot time?i personally use serpent/xts so i compile both xts and serpent not as modules but as part of the kernel. another important thing is did you remake initrd after setting up your encrypted file system? something like: mkinitrd -d /dev/mapper/root -f "dm luks"
The other thing is I see password - KDE daemon window asking me for a password to unlock the encrypted file system that is already mounted! i don't know exactly what you mean but if it is asking you for a password then maybe it's not mounted?
Now, if I do not provide a password to unlock the crypto_luks file system at boot time, the system eventually completes booting up and I can log in and of course the encrypted file my question here will again be on your setup. do you have another partition with linux installed on it? i mean the partition you booted into when you were setting you your encrypted partition? if so when decrypting your new partition fails linux usually "resumes" from your other partition. you should pass 'noresume' flag to the kernel before booting it during the grub menu and see if it changes anything.
If I go to Dolphin and click on the encrypted file system and provide the password it fails and I cannot mount this file system!
Anyone experience this or have an idea where to look to fix this? i'm using 11.3 x86_64 (with 2.6.36 custom compiled) and it is working fine for me. again though it would be handy to know what kernel you are booting from the actual errors etc...
what exactly is the error? thre is a really good guide at : http://en.opensuse.orgSBD:Encrypted_root_file_system i'd like to bring this part to your attention though: "Note: I had to use: "yast2 --> system --> editor for /etc/sysconfig --> system --> kernel --> initrd_modules --> add dm-mod dm-crypt aes_i586 blkcipher" to enable the right modules while booting. Maybe you also need the "lrw" module, if you wanna use a cipher like aes-lrw-benbi. " have you taken this step? i don't know much about pam of if you need to do this but have you added pam or pam_mount in the etc/sysconfig editor and remade initrd? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2010-11-14 at 08:03 -0800, michael getachew wrote:
what kind of encryption are you using ?
He is using the standard suse setup, and all the problems he describes are more or less known, for a more or less long time :-)
i personally use serpent/xts so i compile both xts and serpent
which is why his problems are not familiar to you :-) - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkzhUdIACgkQtTMYHG2NR9VqrwCfSEij5ldbpl1ZBKU+1Z9sFfny fuUAn2/RB4SGkqDR4Nbh/kgsrHQlMGhn =oOvR -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
what kind of encryption are you using ?
He is using the standard suse setup, and all the problems he describes are more or less known, for a more or less long time :-)
That is correct. I am using the standard suse encryption. However, this worked flawlessly with 11.2 as far as I can remember! I am seeing these issues with 11.3 only! Furthermore, this is NOT a system partiton (root, swap, etc...). It is a partition containing customer data that I need to protect. Vahe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2010-11-18 at 23:12 -0800, Vahe Avedissian wrote:
He is using the standard suse setup, and all the problems he describes are more or less known, for a more or less long time :-)
That is correct. I am using the standard suse encryption. However, this worked flawlessly with 11.2 as far as I can remember! I am seeing these issues with 11.3 only!
I have seen them much earlier, with some differences.
Furthermore, this is NOT a system partiton (root, swap, etc...). It is a partition containing customer data that I need to protect.
Of course, that is clear. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkzmzq8ACgkQtTMYHG2NR9WCzQCfbZd0uCEIPecxPWcPwDezw8kF B34AoJCeNbl5DVSBewQ4n1qXw4UE0b8F =LCYv -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Carlos E. R. -
michael getachew -
Peter Münster -
Vahe Avedissian