Results 1 to 6 of 6

Thread: Truecrypt pam_mount

  1. #1

    Question Truecrypt pam_mount

    Hello,

    could you help me how to automatically mount "truecrypted" container via pam_mount? I've tried this: https://wiki.archlinux.org/index.php..._home_on_login and it didn't work.

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,298
    Blog Entries
    3

    Default Re: Truecrypt pam_mount

    Quote Originally Posted by Skeletonix View Post
    Hello,

    could you help me how to automatically mount "truecrypted" container via pam_mount? I've tried this: https://wiki.archlinux.org/index.php..._home_on_login and it didn't work.
    I have not used truecrypt, so I don't know whether this will help.

    People using LUKS mounted containers for the home directory were having a similar problem. It turns out that you have to force the "loop" module to be loaded. To test, just use:
    Code:
    # modprobe loop
    and see if you can then get pam_mount to work. If that does the trick, then you will need to force that module to be loaded during boot. For that, see the man page for "modules-load.d(5)".
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  3. #3

    Default Re: Truecrypt pam_mount

    Quote Originally Posted by nrickert View Post
    I have not used truecrypt, so I don't know whether this will help.

    People using LUKS mounted containers for the home directory were having a similar problem. It turns out that you have to force the "loop" module to be loaded. To test, just use:

    Code:
    # modprobe loop
    and see if you can then get pam_mount to work. If that does the trick, then you will need to force that module to be loaded during boot. For that, see the man page for "modules-load.d(5)".

    My home is encrypted with LUKS and it works properly. But when I add the new truecrypt volume into /etc/security/pam_mount.conf.xml it stop working (also the home directory).

    When I tried to log as root and I tried to mount the truecrypt volume manually, it didn't work. I run modrobe loop and I was able to mount the truecrypt volume.

    So I create a new file in /etc/modules-load.d/loop.service and reboot PC. The file has been moved to /etc/modprobe.d and when I run
    Code:
    modprobe loop
    I get error:

    WARNING: /etc/modprobe.d/loop.conf line 2: ignoring bad line starting with 'loop'

    So it seem to me like it is not good. Could you be so kind and help me a bit how to mount two encrypted containers via pam_mount?

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,298
    Blog Entries
    3

    Default Re: Truecrypt pam_mount

    Quote Originally Posted by Skeletonix View Post
    I run modrobe loop and I was able to mount the truecrypt volume.
    That, at least, looks good.

    Quote Originally Posted by Skeletonix View Post
    So I create a new file in /etc/modules-load.d/loop.service and reboot PC. The file has been moved to /etc/modprobe.d and when I run
    Code:
    modprobe loop
    I get error:

    WARNING: /etc/modprobe.d/loop.conf line 2: ignoring bad line starting with 'loop'

    So it seem to me like it is not good. Could you be so kind and help me a bit how to mount two encrypted containers via pam_mount?
    That's strange. "/etc/modules-load.d" is supposed to give modules to be loaded. And "/etc/modprobe.d" is supposed to give any additional parameters needed. Moving the file does not see right.

    I'm not much up on the details of managing module loading. I hope someone else can provide some help.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  5. #5
    Join Date
    Sep 2012
    Posts
    5,859

    Default Re: Truecrypt pam_mount

    Quote Originally Posted by Skeletonix View Post
    So I create a new file in /etc/modules-load.d/loop.service and reboot PC.
    Man page says
    Each
    configuration file is named in the style of
    /etc/modules-load.d/program.conf.
    Where have you got ".service" from?
    The file has been moved to /etc/modprobe.d
    Moved by whom?

    Code:
    WARNING: /etc/modprobe.d/loop.conf line 2: ignoring bad line starting with 'loop'
    You need file /etc/modules-load.d/loop.conf with single line "loop".

  6. #6

    Default Re: Truecrypt pam_mount

    I've fixed the problem with loop.conf, but I can't mount home via LUKS and backup image via TrueCrypt. Here is the pam_mount.conf.xml:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
    <!--
            See pam_mount.conf(5) for a description.
    -->
    <pam_mount>
    
                    <!-- debug should come before everything else,
                    since this file is still processed in a single pass
                    from top-to-bottom -->
    
    <debug enable="0"/>
    
                    <!-- Volume definitions -->
    
    
                    <!-- pam_mount parameters: General tunables -->
    
    <!--
    <luserconf name=".pam_mount.conf.xml" />
    -->
    
    <!-- Note that commenting out mntoptions will give you the defaults.
         You will need to explicitly initialize it with the empty string
         to reset the defaults to nothing. -->
    <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other"/>
    <!--
    <mntoptions deny="suid,dev" />
    <mntoptions allow="*" />
    <mntoptions deny="*" />
    -->
    <mntoptions require="nosuid,nodev"/>
    
    <!-- requires ofl from hxtools to be present -->
    <logout wait="2000" hup="0" term="1" kill="1"/>
    
    
                    <!-- pam_mount parameters: Volume-related -->
    
    <mkmountpoint enable="1" remove="true"/>
    
    
    <volume fstype="crypt" user="john" path="/home/john.img" fskeypath="/home/john.key" fskeycipher="aes-256-cbc" fskeyhash="md5" cipher="aes-cbc-essiv:sha256" options="loop" mountpoint="/home/john"/>
    
    <cryptmount>bash -c "grep -q %(MNTPT) /etc/mtab || truecrypt --text --protect-hidden=no --keyfiles='' -m=nokernelcrypto %(VOLUME) %(MNTPT)"</cryptmount>
    <cryptumount>truecrypt -d</cryptumount>
    <volume fstype="crypt" path="/media/voyager/.Volume/backup.tc" mountpoint="/media/backup"/>
    </pam_mount>
    Could it be problem, that once fstype=crypt is LUKS and later it corresponds to TrueCrypt ?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •