ecryptfs team mailing list archive

Thread
Date

[Bug 283477] Re: ecryptfs-utils does not handle changing password

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: kelvie <kelvie@xxxxxxxx>
Date: Wed, 15 Oct 2008 03:02:42 -0000
Reply-to: Bug 283477 <283477@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm having the same issue, following your instructions:

 $ ecryptfs_insert_wrapped_passphrase_into_keyring ~/.ecryptfs/wrapped-passphrase LOGIN_PASSWORD
 $ mount.ecryptfs_private

I am able to mount it manually, but none of this happens at start-up.

I have a fingerprint reader set up (pam_fprint.so), so my common-auth looks like this:
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-5, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

auth sufficient pam_fprint.so

# here are the per-package modules (the "Primary" block)
auth    [success=1 default=ignore]      pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth    optional        pam_ecryptfs.so unwrap
# end of pam-auth-update config

Would this break it?   Note that I don't type in my password to log-in,
I just use the fingerprint reader.

-- 
ecryptfs-utils does not handle changing password
https://bugs.launchpad.net/bugs/283477
You received this bug notification because you are a member of eCryptfs,
which is a direct subscriber.

Status in eCryptfs - Enterprise Cryptographic Filesystem: Incomplete
Status in “ecryptfs-utils” source package in Ubuntu: Incomplete

Bug description:
Binary package hint: ecryptfs-utils

I recently changed my login password via:
passwd defcon
changed password
rebooted
Logged in and I get no private directory
I then tried ecryptfs-rewrap-passphrase ~/.ecryptfs/wrapped-passphrase oldpass newpass and rebooted and still no go, what can I do to recover my data??
Thanks

I also get this error:
defcon@ion:~/.ecryptfs$ mount.ecryptfs_private 
keyctl_search: Required key not available

References

[Bug 283477] [NEW] ecryptfs-utils does not handle changing password
From: Kyle M Weller, 2008-10-14