Am 06.05.2010 18:24, schrieb Daniel Troeder: > On 05/05/2010 10:23 PM, Stefan G. Weichinger wrote: >> Am 05.05.2010 22:17, schrieb Stefan G. Weichinger: >> >>> Remember that I said: "I am not sure which HOWTO I followed" ? >>> >>> What if I didn't use aes-256-ecb? > You don't need to supplay that information to cryptsetup, it can > (should) autodetect it. To see that info for yourself run: > $ cryptsetup luksDump /dev/mapper/VG01-crypthome
But I always did when I followed your example. Anyway, this part is solved now. >> Yep. See pam_mount.conf.xml: >> It's "aes-256-cbc" in my case. >> >> I was now able to luksOpen and I have the decrypted device mounted. > Hooray :) Yes :-) Currently I run an unencrypted home on another LV. >> Nice. >> >> So: >> >> the user-pw didn't change and the keyfile is OK. >> >> So why is pam_mount unable to mount it? >> >> I will now pull another backup and check/add fallback keys ;-) > There are interesting options in the cryptsetup-man page: > luksHeaderBackup and luksHeaderRestore... I think I'll add that to my > backup scripts :) Good idea. The main question is still unanswered: Why does pam_mount not work anymore with the given device/key ? Should I file a bug? S
