Hello,
could you help me how to automatically mount “truecrypted” container via pam_mount? I’ve tried this: https://wiki.archlinux.org/index.php/Talk:TrueCrypt#Automatic_mount_home_on_login and it didn’t work.
I have not used truecrypt, so I don’t know whether this will help.
People using LUKS mounted containers for the home directory were having a similar problem. It turns out that you have to force the “loop” module to be loaded. To test, just use:
# modprobe loop
and see if you can then get pam_mount to work. If that does the trick, then you will need to force that module to be loaded during boot. For that, see the man page for “modules-load.d(5)”.
My home is encrypted with LUKS and it works properly. But when I add the new truecrypt volume into /etc/security/pam_mount.conf.xml it stop working (also the home directory).
When I tried to log as root and I tried to mount the truecrypt volume manually, it didn’t work. I run modrobe loop and I was able to mount the truecrypt volume.
So I create a new file in /etc/modules-load.d/loop.service and reboot PC. The file has been moved to /etc/modprobe.d and when I run
modprobe loop
I get error:
WARNING: /etc/modprobe.d/loop.conf line 2: ignoring bad line starting with ‘loop’
So it seem to me like it is not good. Could you be so kind and help me a bit how to mount two encrypted containers via pam_mount?
That, at least, looks good.
That’s strange. “/etc/modules-load.d” is supposed to give modules to be loaded. And “/etc/modprobe.d” is supposed to give any additional parameters needed. Moving the file does not see right.
I’m not much up on the details of managing module loading. I hope someone else can provide some help.
Man page says
Each
configuration file is named in the style of
/etc/modules-load.d/program.conf.
Where have you got “.service” from?
The file has been moved to /etc/modprobe.d
Moved by whom?
WARNING: /etc/modprobe.d/loop.conf line 2: ignoring bad line starting with 'loop'
You need file /etc/modules-load.d/loop.conf with single line “loop”.
I’ve fixed the problem with loop.conf, but I can’t mount home via LUKS and backup image via TrueCrypt. Here is the pam_mount.conf.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="0"/>
<!-- Volume definitions -->
<!-- pam_mount parameters: General tunables -->
<!--
<luserconf name=".pam_mount.conf.xml" />
-->
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other"/>
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev"/>
<!-- requires ofl from hxtools to be present -->
<logout wait="2000" hup="0" term="1" kill="1"/>
<!-- pam_mount parameters: Volume-related -->
<mkmountpoint enable="1" remove="true"/>
<volume fstype="crypt" user="john" path="/home/john.img" fskeypath="/home/john.key" fskeycipher="aes-256-cbc" fskeyhash="md5" cipher="aes-cbc-essiv:sha256" options="loop" mountpoint="/home/john"/>
<cryptmount>bash -c "grep -q %(MNTPT) /etc/mtab || truecrypt --text --protect-hidden=no --keyfiles='' -m=nokernelcrypto %(VOLUME) %(MNTPT)"</cryptmount>
<cryptumount>truecrypt -d</cryptumount>
<volume fstype="crypt" path="/media/voyager/.Volume/backup.tc" mountpoint="/media/backup"/>
</pam_mount>
Could it be problem, that once fstype=crypt is LUKS and later it corresponds to TrueCrypt ?