Quick Links
openSUSE Forums
»
pam_mount(crypto.c:154) error getting cipher "aes-cbc-essiv:
|
||||||
| Forums FAQ | Members List | Search | Today's Posts | Mark Forums Read |
| Install/Boot/Login Questions about installation, login, boot issues, partitioning, file systems, software that runs at boot (GRUB, LILO, boot scripts) |
 |
|
|
LinkBack | Thread Tools | Display Modes |
05-Nov-2009, 19:05
|
|||
|
|||
pam_mount(crypto.c:154) error getting cipher "aes-cbc-essiv:
I'm getting this error when trying to mount a partition at /home/<useraccount>. I can't quite see where the problem is, and the message is not specific enough to use it for diagnosis.
I'm running OpenSuSE 11.0 on a Dell Dimension 4600. Here's what I've done: 1) cryptsetup -v -c aes-cbc-essiv:sha256 luksFormat /dev/sdc1 /local/sdc1 (/local/sdc1 contains the fskey.) 2) cryptsetup -v luksOpen /dev/sdc1 dev_sdc1 3) mkfs.xfs /dev/mapper/dev_sdc1 My /etc/security/pam_mount.conf.xml looks like this: <?xml version="1.0" encoding="utf-8" ?> <!-- See pam_mount.conf.xml.doc for usage information. --> <pam_mount> <debug enable="1" /> <mkmountpoint enable="1" remove="true" /> <fsckloop device="/dev/loop7" /> <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty, allow_root,allow_other" /> <mntoptions deny="suid,dev" /> <mntoptions require="nosuid,nodev" /> <path> /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin </path> <lsof> lsof %(MNTPT) </lsof> <fsck> fsck -p %(FSCKTARGET) </fsck> <msg-authpw> pam_mount password: </msg-authpw> <msg-sessionpw> Reenter password for pam_mount: </msg-sessionpw> <volume fstype="crypt" user="<useraccount>" mountpoint="/home/<useraccount>" path="/dev/sdc1" fskeypath="/local/sdc1" options="cipher=aes" fskeycipher="aes-cbc-essiv:sha256" /> </pam_mount> My /etc/pam.d/common-auth-pc contains auth required pam_env.so auth optional pam_mount.so auth required pam_unix2.so use_first_pass and my /etc/pam.d/common-session-pc.contains session required pam_limits.so session required pam_unix2.so session optional pam_umask.so session optional pam_mount.so When I start a tty session and login <useraccount> these messages appear in /var/log/warn: Nov 5 18:53:48 pinto login[19767]: pam_mount(rdconf1.c:810) ignoring volume record... (not for me) Nov 5 18:53:48 pinto login[19767]: pam_mount(pam_mount.c:208) enter read_password Nov 5 18:53:52 pinto login[19767]: pam_mount(pam_mount.c:317) saving authtok for session code Nov 5 18:53:52 pinto login[19767]: pam_mount(rdconf1.c:810) ignoring volume record... (not for me) Nov 5 18:53:52 pinto login[19767]: pam_mount(pam_mount.c:466) Entered pam_mount session stage Nov 5 18:53:52 pinto login[19767]: pam_mount(pam_mount.c:487) back from global readconfig Nov 5 18:53:52 pinto login[19767]: pam_mount(pam_mount.c:489) per-user configurations not allowed by pam_mount.conf.xml Nov 5 18:53:52 pinto login[19767]: pam_mount(misc.c:56) Session open: (uid=0, euid=0, gid=0, egid=0) Nov 5 18:53:52 pinto login[19767]: pam_mount(rdconf2.c:226) checking sanity of volume record (/dev/sdc1) Nov 5 18:53:52 pinto login[19767]: pam_mount(pam_mount.c:541) about to perform mount operations Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:416) information for mount: Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:417) ---------------------- Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:418) (defined by globalconf) Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:419) user: <useraccount> Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:420) server: Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:421) volume: /dev/sdc1 Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:422) mountpoint: /home/<useraccount> Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:423) options: cipher=aes Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:424) fs_key_cipher: aes-cbc-essiv:sha256 Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:425) fs_key_path: /local/sdc1 Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:426) use_fstab: 0 Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:427) ---------------------- Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:182) realpath of volume "/home/<useraccount>" is "/home/<useraccount>" Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:186) checking to see if /dev/mapper/_dev_sdc1 is already mounted at /home/<useraccount> Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:880) checking for encrypted filesystem key configuration Nov 5 18:53:52 pinto login[19767]: pam_mount(mount.c:889) decrypting FS key using system auth. token and aes-cbc-essiv:sha256 Nov 5 18:53:52 pinto login[19767]: pam_mount(crypto.c:154) error getting cipher "aes-cbc-essiv:sha256" Nov 5 18:53:52 pinto login[19767]: pam_mount(pam_mount.c:544) mount of /dev/sdc1 failed Nov 5 18:53:52 pinto login[19767]: pam_mount(pam_mount.c:140) clean system authtok (0) Nov 5 18:53:52 pinto login[19767]: pam_mount(misc.c:285) command: pmvarrun [-u] [<useraccount>] [-o] [1] Nov 5 18:53:52 pinto login[19986]: pam_mount(misc.c:56) set_myuid<pre>: (uid=0, euid=0, gid=0, egid=0) Nov 5 18:53:52 pinto login[19986]: pam_mount(misc.c:56) set_myuid<post>: (uid=0, euid=0, gid=0, egid=0) Nov 5 18:53:53 pinto login[19767]: pam_mount(pam_mount.c:431) pmvarrun says login count is 1 Nov 5 18:53:53 pinto login[19767]: pam_mount(pam_mount.c:554) done opening session (ret=3) Here's what modprobe -l |grep 'dm-\|aes' shows me: modprobe -l |grep 'dm-\|aes' /lib/modules/2.6.25.20-0.5-pae/kernel/sound/pci/snd-maestro3.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/media/radio/radio-maestro.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-zero.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-snapshot.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-round-robin.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-region_hash.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-rdac.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-raid4-5.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-multipath.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-mod.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-mirror.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-message.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-mem-cache.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-log.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-hp-sw.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-emc.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-delay.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/md/dm-crypt.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/crypto/padlock-aes.ko /lib/modules/2.6.25.20-0.5-pae/kernel/drivers/crypto/geode-aes.ko /lib/modules/2.6.25.20-0.5-pae/kernel/crypto/aes_generic.ko /lib/modules/2.6.25.20-0.5-pae/kernel/arch/x86/crypto/aes-i586.ko Something seems to be missing, but what? Leslie 
|
|
07-Nov-2009, 17:39
|
|||
|
|||
Re: pam_mount(crypto.c:154) error getting cipher "aes-cbc-es
The fskeypath attribute is for specifying a keyfile that will be decrypted with OpenSSL.
|
|
12-Nov-2009, 21:10
|
|||
|
|||
|
Re: pam_mount(crypto.c:154) error getting cipher "aes-cbc-es
So I should not have used it in the pam_mount <volume...> specification?
Where is fskeypath documented? There do not seem to be any useful descriptions of the attributes that pam_mount.conf.xml accepts; not in the comments in the file itself, nor in man pam_mount, and nothing in man cryptsetup either.
|
|
23-Nov-2009, 10:49
|
|||
|
|||
|
Re: pam_mount(crypto.c:154) error getting cipher "aes-cbc-es
Documentation goes into manpages, and preferably not clutter up the config file (because that makes it even harder to automatically upgrade it than it already is). See the pam_mount.conf.xml(5) manpage.
|
|
| Bookmarks |
| Tags |
| aes, encrypted home, luks, pam_mount |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
© 2007 Novell, Inc. All Rights Reserved.
This site uses the YAML CSS framework.
All times are GMT -6. The time now is 05:02.
About openSUSE | Disclaimers | Feedback
About openSUSE | Disclaimers | Feedback
