** Description changed: + [Impact] + + * Cryptsetup 2.0 with LUKS2 support was already released back in 2017, + but plugins exploiting it came sluggish. + A popular way to automatically make use of LUKS2 (of course while still + retaining support for LUKS1) is via the pluggable authentication module + system (PAM) - especially pam_mount supports the automated mount of + (encrypted) volumes at user login, but the current version supports + open plain mode encrypted volumes and LUKS1 encrypted volumes only, + hence it currently lacks support for LUKS2. + + The updated version that is discussed here adds support for mounting + LUKS2 volumes with pam_mount on top and therefore allows to exploit + LUKS2 funtionality also via pam_mount. + + This version already landed in disco, but should also end up in the + current long term supported Ubuntu (18.04, via cosmic). + + * The means to get that is by backporting not the patch that was added on + top of Debian which is very similar (supports more types) to what was + accepted upstream. + + [1]: https://git.launchpad.net/ubuntu/+source/libpam-mount/plain/debian/patches/0015-Use-crypt_get_type-to-get-type-and-support-CRYPT_LUK.patch + [2]: https://sourceforge.net/u/ifranzki/pam-mount/ci/d4434c05e7c0cf05d87089404cfa2deedc60811a/ + + [Test Case] + + * TBD derived from + https://www.ibm.com/support/knowledgecenter/en/linuxonibm/com.ibm.linux.z.lxdc/lxdc_unlock_partition_userlogin.html + + [Regression Potential] + + * The former initialization was locked onto LUKS1, in theory I see one + potential regression - that would be if crypt_get_type(cd) fails to + detect a special LUKS1 as LUKS1 and therefore fails to initialize + correctly after the update. + We will test for LUKS1 as well in the verification to be more sure on + that. + + [Other Info] + + * n/a + + + ---- + + LUKS2 support for pam_mount. pam_mount support to automatically mount volumes at user login. This includes mounting of encrypted volumes. pam_mount supports to open plain mode encrypted volumes as well as LUKS encrypted volumes. As of today, pam_mount 2.16 only supports LUKS1 volumes. LUKS2 was introduced with cryptsetup 2.0. This feature adds support for LUKS2 to pam_mount. Following merge request was provided https://sourceforge.net/p/pam-mount/pam-mount/merge-requests/2/ Now upstream available https://sourceforge.net/projects/pam-mount/
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1804408 Title: [19.04 FEAT] LUKS2 support for pam_mount To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1804408/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs