http://bugzilla.suse.com/show_bug.cgi?id=1038454 http://bugzilla.suse.com/show_bug.cgi?id=1038454#c5 --- Comment #5 from P. Otato <cfd_s12@web.de> --- (In reply to Matthias Gerstner from comment #4)
(In reply to cfd_s12@web.de from comment #3)
I'm pretty sure YaST does not use Ecryptfs.
You're right. YaST uses cryptconfig, LUKS based encrypted files, which are loop-mounted via pam_mount into the home directory.
So if your home is not unmounted during logout then the problem probably is in the area of pam_mount. You are using Leap 42.2, right? I tried to reproduce this on a test installation but was not successful. So there must be some additional influence in your setup.
pam_mount keeps a session counter in /var/run/pam_mount/<user>. Only when this counter reaches zero, the unmount will be performed.
You can check out this value before login, while logged in an after being logged out. You can also check the output of `journalctl -f` as root, while doing login/logout. Maybe some warning or error message related to pam_mount can be seen.
Also check whether your /etc/pam.d/xdm file contains this line:
session optional pam_mount.so
Maybe you can attach this file to the bug, just in case some other session modules influence your installation.
You can also check whether the unmounting works if done on a login text console instead of the graphical login, because in this case a different PAM configuration applies.
Thank you. Thanks for your quick reply, I will test, log and respond again.
So far a got a quick update. I'm using openSUSE Leap 42.2 with Plasma 5. I tried to reproduce the bug with an unpatched openSUSE Leap 42.2 GNOME as well as with the current SLED 12 SP3 beta2. In both cases the behavior could NOT be reproduced, so maybe it's a Plasma 5 or sddm related thing? When I saw your line about editing /etc/pam.d/xdm, I remembered that there was a Plasma related bug that prevented accessing encrypted home directories. A workaround was to login in tty first and after that login using the display manager (not sure if kdm or sddm) or to add some lines in /etc/pam.d/??? very similar to yours. Sounds like this could be related. I will do some research and respond back. Thank you very much so far! -- You are receiving this mail because: You are on the CC list for the bug.