On Tuesday 2010-05-18 23:49, Stefan G. Weichinger wrote: >> # ./mount.crypt -vo >> keyfile=t-crypt.key,fsk_cipher=aes-256-cbc,fsk_hash=md5 /dev/loop94 >> /mnt command: 'readlink' '-fn' '/dev/loop94' command: 'readlink' >> '-fn' '/mnt' Password: mount.crypt(crypto-dmc.c:144): Using >> _dev_loop94 as dmdevice name command: 'mount' '-n' >> '/dev/mapper/_dev_loop94' '/mnt' # df /mnt Filesystem >> 1K-blocks Used Available Use% Mounted on /dev/loop94 >> 62465 5365 53875 10% /mnt >> >> Match? > >Frankly: dunno ;-) >Yes, I am able to follow and understand in general so far ... but ...
Right now it's more a case of "let's do it and compare results" than having to thoroughly understand when and where cryptsetup chops off a byte and pads another. That went fine, up to ># mount the new fs >mount /dev/mapper/newhome /mnt/gschwind >all this worked OK so far, but not with pam_mount. >OK? OK, but don't stop there. pam_mount really just ultimatively runs mount.crypt; and it tells you that it does by means of syslog (with enabled debug=1 of course). command: 'mount.crypt' '-ofsk.... And that is what you can run from shell, which eliminates pam_mount from the path and only leaves the usual suspects. Keep on it, marine! >Assuming that "I am too stupid": Where is the how-to-do-it? >So far the only thing I really understood "You are doing it wrong". >But where is the "Do it this way and you are safe" ? http://archives.gentoo.org/gentoo-user/msg_e80d6e5a662b7595a2a8a70a0fa166dd.xml was basically it: pmt-ehd and you're safe. Short of the current ...missing feature though, mentioned in that same mail.
