Public bug reported:
Binary package hint: libpam-mount
Since my upgrade this afternoon of libpam-mount to 0.15-1ubuntu1,
pam_mount stopped mounting my dm_crypt/Luks encrypted homedir
automaticaly at login.
After some debugging, it turns out that in /sbin/mount.crypt, which sets
up the decrypted device and mount it, the following code (taken from
libpam-mount 0.13)
if "$CRYPTSETUP" isLuks "$DEVICE" 2>/dev/null; then
LUKS=true;
"$CRYPTSETUP" luksOpen "$DEVICE" "$DMDEVICE";
else
was replaced by
if "$CRYPTSETUP" isLuks "$DEVICE" 2>/dev/null; then
LUKS=true;
"$CRYPTSETUP" luksOpen --key-file=/dev/fd/0 "$DEVICE" "$DMDEVICE";
else
causing mount.crypt to try to read the encryption key from a floppy
disk, rather than using the use password, that was passed from pam to
the mount command.
I'm not sure why this change was made, but it makes absolutely no sense
to me, it breaks existing setups terribly, and it contradicts the text
of Readme.Debian. Also, in Debian sid (libpam-mount version 0.18), the
--key-file=/dev/fd/0 part is not present.
** Affects: libpam-mount (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
mount.crypt broken: Luks volumes won't mount anymore
https://launchpad.net/bugs/63066
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
