Pam-fscrypt won't unlock my home dir

I setup my home dir to use fscrypt encryption with my PAM password, then added the fscrypt PAM module with pam-config and updated the PAM files (i’ve also copied them from /etc/pam.d to /lib/pam.d as an attempt after the failures). But fscypt won’t unlock my home dir upon login.

It seems logging in from TTY don’t call pam_fscrypt.so at all, while sddm does call but it gets a “AUTHTOK data missing: No module specific data is present” error.

¿What may i be missing? I also tried seting PAM manually by following the official documentation, and also deleting metadata and trying to setup encryption again.

journalctl log follows:

TTY:

May 23 19:01:39 localhost.localdomain login[18631]: pam_kwallet5(login:auth): pam_kwallet5: pam_sm_authenticate
May 23 19:01:39 localhost.localdomain login[18631]: pam_kwallet5(login:auth): pam_kwallet5: Couldn't get password (it is empty)
May 23 19:01:44 localhost.localdomain login[18631]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
May 23 19:01:44 localhost.localdomain kded6[11046]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Flags"
May 23 19:01:44 localhost.localdomain systemd-logind[1839]: New session 52 of user joseskvolpe.
May 23 19:01:44 localhost.localdomain systemd[1]: Created slice User Slice of UID 1000.
May 23 19:01:44 localhost.localdomain systemd[1]: Starting User Runtime Directory /run/user/1000...
May 23 19:01:44 localhost.localdomain systemd[1]: Finished User Runtime Directory /run/user/1000.
May 23 19:01:44 localhost.localdomain systemd[1]: Starting User Manager for UID 1000...
May 23 19:01:44 localhost.localdomain (systemd)[27807]: pam_unix(systemd-user:session): session opened for user joseskvolpe(uid=1000) by joseskvolpe(uid=0)
May 23 19:01:44 localhost.localdomain (systemd)[27807]: pam_kwallet5(systemd-user:session): pam_kwallet5: not a graphical session, skipping. Use force_run parameter to ignore this.
May 23 19:01:44 localhost.localdomain pam_fscrypt[27807]: OpenSession(map[]) failed: unlocking protector abad9e640c8c609d: AUTHTOK data missing: No module specific data is present
May 23 19:01:44 localhost.localdomain systemd[27807]: Queued start job for default target Main User Target.
May 23 19:01:44 localhost.localdomain systemd[27807]: Created slice User Application Slice.
May 23 19:01:44 localhost.localdomain systemd[27807]: Started Daily Cleanup of User's Temporary Directories.
May 23 19:01:44 localhost.localdomain systemd[27807]: Reached target Paths.
May 23 19:01:44 localhost.localdomain systemd[27807]: Reached target Timers.
May 23 19:01:44 localhost.localdomain systemd[27807]: Starting D-Bus User Message Bus Socket...
May 23 19:01:44 localhost.localdomain systemd[27807]: Listening on Socket to launch DrKonqi for a systemd-coredump crash.
May 23 19:01:44 localhost.localdomain systemd[27807]: Listening on PipeWire PulseAudio.
May 23 19:01:44 localhost.localdomain systemd[27807]: Listening on PipeWire Multimedia System Sockets.
May 23 19:01:44 localhost.localdomain systemd[27807]: Starting Create User's Volatile Files and Directories...
May 23 19:01:44 localhost.localdomain systemd[27807]: Finished Create User's Volatile Files and Directories.
May 23 19:01:44 localhost.localdomain systemd[27807]: Listening on D-Bus User Message Bus Socket.
May 23 19:01:44 localhost.localdomain systemd[27807]: Reached target Sockets.
May 23 19:01:44 localhost.localdomain systemd[27807]: Reached target Basic System.
May 23 19:01:44 localhost.localdomain systemd[1]: Started User Manager for UID 1000.
May 23 19:01:44 localhost.localdomain systemd[27807]: Starting Wipe guest home after guest logout...
May 23 19:01:44 localhost.localdomain systemd[1]: Started Session 52 of User joseskvolpe.
May 23 19:01:44 localhost.localdomain login[18631]: pam_unix(login:session): session opened for user joseskvolpe(uid=1000) by joseskvolpe(uid=0)
May 23 19:01:44 localhost.localdomain login[18631]: pam_kwallet5(login:session): pam_kwallet5: pam_sm_open_session
May 23 19:01:44 localhost.localdomain login[18631]: pam_kwallet5(login:session): pam_kwallet5: not a graphical session, skipping. Use force_run parameter to ignore this.
May 23 19:01:44 localhost.localdomain systemd[27807]: Finished Wipe guest home after guest logout.
May 23 19:01:44 localhost.localdomain systemd[27807]: Reached target Main User Target.
May 23 19:01:44 localhost.localdomain systemd[27807]: Startup finished in 178ms.
May 23 19:01:45 localhost.localdomain login[18631]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
May 23 19:01:45 localhost.localdomain login[18631]: LOGIN ON tty4 BY joseskvolpe

SDDM:

May 23 18:46:07 localhost.localdomain sddm-greeter-qt6[22997]: file:///usr/share/sddm/themes/breeze-openSUSE/Main.qml:241:17 Parameter "username" is not declared. Injection of parameters into signal handlers is deprecated. Use JavaScript functions with formal parameters instead.
May 23 18:46:07 localhost.localdomain sddm-greeter-qt6[22997]: Reading from "/usr/share/wayland-sessions/plasmawayland.desktop"
May 23 18:46:07 localhost.localdomain sddm[2434]: Message received from greeter: Login
May 23 18:46:07 localhost.localdomain sddm[2434]: Reading from "/usr/share/wayland-sessions/plasmawayland.desktop"
May 23 18:46:07 localhost.localdomain sddm[2434]: Session "/usr/share/wayland-sessions/plasmawayland.desktop" selected, command: "/usr/libexec/plasma-dbus-run-session-if-needed /usr/bin/startplasma-wayland" for VT 8
May 23 18:46:07 localhost.localdomain sddm-helper[23060]: [PAM] Starting...
May 23 18:46:07 localhost.localdomain sddm-helper[23060]: [PAM] Authenticating...
May 23 18:46:07 localhost.localdomain sddm-helper[23060]: pam_kwallet5(sddm:auth): pam_kwallet5: pam_sm_authenticate
May 23 18:46:07 localhost.localdomain sddm-helper[23060]: [PAM] Preparing to converse...
May 23 18:46:07 localhost.localdomain sddm-helper[23060]: pam_kwallet5(sddm:auth): pam_kwallet5: Couldn't get password (it is empty)
May 23 18:46:07 localhost.localdomain sddm-helper[23060]: [PAM] Conversation with 1 messages
May 23 18:46:08 localhost.localdomain sddm-helper[23060]: [PAM] returning.
May 23 18:46:08 localhost.localdomain sddm[2434]: Authentication for user  "joseskvolpe"  successful
May 23 18:46:08 localhost.localdomain sddm-greeter-qt6[22997]: Message received from daemon: LoginSucceeded
May 23 18:46:08 localhost.localdomain sddm-helper[23060]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
May 23 18:46:08 localhost.localdomain systemd[1]: Created slice User Slice of UID 1000.
May 23 18:46:08 localhost.localdomain kded6[11046]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "Flags"
May 23 18:46:08 localhost.localdomain sddm-helper[22928]: [PAM] Closing session
May 23 18:46:08 localhost.localdomain systemd[1]: Starting User Runtime Directory /run/user/1000...
May 23 18:46:08 localhost.localdomain systemd-logind[1839]: New session 50 of user joseskvolpe.
May 23 18:46:08 localhost.localdomain sddm-helper[22928]: pam_unix(sddm-greeter:session): session closed for user sddm
May 23 18:46:08 localhost.localdomain sddm-helper[22928]: pam_kwallet5(sddm-greeter:session): pam_kwallet5: pam_sm_close_session
May 23 18:46:08 localhost.localdomain sddm-helper[22928]: [PAM] Ended.
May 23 18:46:08 localhost.localdomain sddm[2434]: Auth: sddm-helper exited successfully
May 23 18:46:08 localhost.localdomain sddm[2434]: Greeter stopped. SDDM::Auth::HELPER_SUCCESS
May 23 18:46:08 localhost.localdomain systemd[1]: Finished User Runtime Directory /run/user/1000.
May 23 18:46:08 localhost.localdomain systemd[1]: session-48.scope: Deactivated successfully.
May 23 18:46:08 localhost.localdomain systemd-logind[1839]: Session 48 logged out. Waiting for processes to exit.
May 23 18:46:08 localhost.localdomain systemd[1]: Starting User Manager for UID 1000...
May 23 18:46:08 localhost.localdomain systemd-logind[1839]: Removed session 48.
May 23 18:46:08 localhost.localdomain (systemd)[23088]: pam_unix(systemd-user:session): session opened for user joseskvolpe(uid=1000) by joseskvolpe(uid=0)
May 23 18:46:08 localhost.localdomain (systemd)[23088]: pam_kwallet5(systemd-user:session): pam_kwallet5: not a graphical session, skipping. Use force_run parameter to ignore this.
May 23 18:46:08 localhost.localdomain pam_fscrypt[23088]: OpenSession(map[]) failed: unlocking protector abad9e640c8c609d: AUTHTOK data missing: No module specific data is present
May 23 18:46:08 localhost.localdomain systemd[23088]: Queued start job for default target Main User Target.
May 23 18:46:08 localhost.localdomain systemd[23088]: Created slice User Application Slice.
May 23 18:46:08 localhost.localdomain systemd[23088]: Started Daily Cleanup of User's Temporary Directories.
May 23 18:46:08 localhost.localdomain systemd[23088]: Reached target Paths.
May 23 18:46:08 localhost.localdomain systemd[23088]: Reached target Timers.
May 23 18:46:08 localhost.localdomain systemd[23088]: Starting D-Bus User Message Bus Socket...
May 23 18:46:08 localhost.localdomain systemd[23088]: Listening on Socket to launch DrKonqi for a systemd-coredump crash.
May 23 18:46:08 localhost.localdomain systemd[23088]: Listening on PipeWire PulseAudio.
May 23 18:46:08 localhost.localdomain systemd[23088]: Listening on PipeWire Multimedia System Sockets.
May 23 18:46:08 localhost.localdomain systemd[23088]: Starting Create User's Volatile Files and Directories...
May 23 18:46:08 localhost.localdomain systemd[23088]: Finished Create User's Volatile Files and Directories.
May 23 18:46:08 localhost.localdomain systemd[23088]: Listening on D-Bus User Message Bus Socket.
May 23 18:46:08 localhost.localdomain systemd[23088]: Reached target Sockets.
May 23 18:46:08 localhost.localdomain systemd[23088]: Reached target Basic System.
May 23 18:46:08 localhost.localdomain systemd[1]: Started User Manager for UID 1000.
May 23 18:46:08 localhost.localdomain systemd[23088]: Starting Wipe guest home after guest logout...
May 23 18:46:08 localhost.localdomain systemd[1]: Started Session 50 of User joseskvolpe.

[MANY USELESS INFO]

The souce-code indicates that pam_sm_authenticate was not run before session is opened. I can’t figure out what is needed to call this function but it seems pam_kwallet5 does that, and it’s called before pam_fscrypt in common-session and common-auth

Oops, TTY did ran pam_fscrypt last attempt, i didn’t noticed it.

My post just got hidden because someone flagged it as “spam”. But what i did is describe my problem and insert logs. So come on.

It wasn’t anyone who flagged it - the system automatically did it as you are a new user, and the links you posted tripped one of the anti-spam settings. I’ve restored your posts and had a word with the automated system. :wink:

2 Likes

Yeah i noticed it, just the automated notification was misleading saying that the community flagged it.

Thanks :3

1 Like

Shouldn’t be a problem now for the github domain. :slight_smile:

1 Like

Turns out the problem was with permissions. I’ve chmodded /home to 711 to prevent users from listing directories in /home, but fscypt don’t work with that configuration. Chmodding to 755 solved that.

Too much headache to something so dumb damn it lmao

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.