ecryptfs team mailing list archive

[Launchpad Bug Tracker <293433@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package ecryptfs-utils - 66-2ubuntu1

---------------
ecryptfs-utils (66-2ubuntu1) jaunty; urgency=low

  * Merge from debian unstable,
    (LP: #259631, #293433, #286265, #247421, #294888, #298421)
  * Remaining changes:
    - debian/ecryptfs-utils.postinst: handle pam-auth-update (Bug: #506172)
    - debian/rules:
      + keep the dpatch infrastructure around, as we'll likely
        need it again at some point soon
      + install the desktop, readme, and pam-auth-update files ()
    - debian/ecryptfs-utils.install: install the desktop, readme shared files
      (Bug: #506172)
    - debian/control:
      + keep the dpatch build dep
      + depend on libpam-runtime (Bug: #506172)
    - debian/ecryptfs-utils.prerm: remove pam-auth-update configuration
      (Bug: #506172)
    - debian/ecryptfs-mount-private.txt: readme to install in unmounted
      private dir (Bug: #506172)
    - debian/ecryptfs-mount-private.desktop: desktop link to install in
      unmounted private dir (Bug: #506172)
    - debian/ecryptfs-utils.dirs: usr share install dirs (Bug: #506172)
    - debian/ecryptfs-utils.pam-auth-update: pam stack configuration
      (Bug: #506172)

ecryptfs-utils (66-2) unstable; urgency=low

  * Removing auth-client-config support, no longer used.
  * Adding ecryptfs-utils recommends to keyutils.
  * Building without ssl, ecryptfs_key_mod_openssl.c has incompatible
    license (GPL-2+).
  * Building without pkcs11 helper, ecryptfs_key_mod_pkcs11_helper.c
    links against openssl and has incompatible license (GPL-2+).
  * Building without pkcs11 helper, ecryptfs_key_mod_tspi.c links
    against openssl and has incompatible license (GPL-2+).

ecryptfs-utils (66-1) unstable; urgency=low

  * Manually adding second line of the commit message when merging
    upstream version 65 to changelog.
  * Merging upstream version 66.
  * Adding ecryptfs-utils.postinst to create /var/lib/ecryptfs on
    package installation time.

ecryptfs-utils (65-1) unstable; urgency=low

  * Merging upstream version 65:
    - Adds --wrapping option to ecryptfs-setup-private command to use an
      independent wrapping passphrase, different from the login passphrase
      (Closes: #505008).
  * Removing pam-doc.dpatch, went upstream.
  * Adding build-depends to swig.
  * Adding build-depends to python-dev.
  * Including python bindings in libecryptfs0.

ecryptfs-utils (64-3) unstable; urgency=low

  * Replacing obsolete dh_clean -k with dh_prep.
  * Adding patch from Osamu Aoki <osamu@xxxxxxxxxx> to update
    ecryptfs-pam-doc.txt contents with s/Confidential/Private/
    (Closes: #504934).
  * Updating homepage and download location in control and copyright
    (Closes: #504930).
  * Updating author information in copyright.
  * Installing desktop shortcut and readme to /usr/share/ecryptfs-utils.
    Together with the fixes of upstream version 64, this interactively prompts
    for passwords now (Closes: #504370).

ecryptfs-utils (64-2) unstable; urgency=low

  * Adding build-depends to python (Closes: #504719).

ecryptfs-utils (64-1) unstable; urgency=low

  * Removing sbin-path.dpatch, not needed anymore.
  * Building with --enable-static, was default previously.

ecryptfs-utils (63-1) unstable; urgency=low

  * Merging upstream version 63.

ecryptfs-utils (61-1) unstable; urgency=low

  * Using patch-stamp rather than patch in rules file.
  * Merging upstream version 61.
  * Rediffing sbin-path.dpatch.

ecryptfs-utils (58-2) unstable; urgency=low

  * Adding patch from situert <situert@xxxxxxxxx> to call ecryptfs
    helper scripts in /sbin with full path to avoid problem if /sbin is
    not in PATH (Closes: #498543).

ecryptfs-utils (58-1) unstable; urgency=low

  * Merging upstream version 58.

ecryptfs-utils (57-1) unstable; urgency=low

  * Updating vcs fields in control file.
  * Merging upstream version 57.

ecryptfs-utils (56-1) unstable; urgency=low

  * Setting permissions for ecryptfs.acc when installing it in rules.
  * Merging upstream version 56.

ecryptfs-utils (55-1) unstable; urgency=low

  * Merging upstream version 55.

ecryptfs-utils (53-2) unstable; urgency=low

  * Adding auth-client-config support, thanks to Dustin Kirkland
    <kirkland@xxxxxxxxxx>.

ecryptfs-utils (53-1ubuntu13) intrepid-proposed; urgency=low

  Fixes for LP: #259631, add interactive mounting capability
  * debian/rules, debian/ecryptfs-utils.dirs,
    debian/ecryptfs-utils.install, debian/ecryptfs-mount-private.desktop,
    debian/ecryptfs-mount-private.txt: install the new desktop shortcut
    file and readme.txt to /usr/share/ecryptfs-utils
  * debian/patches/60_interactive_mount.dpatch: modify ecryptfs-mount-private
    utility to interactively prompt for password
  * debian/patches/00list: updated accordingly

 -- Dustin Kirkland <kirkland@xxxxxxxxxx>   Tue, 18 Nov 2008 19:06:54
-0600

** Changed in: ecryptfs-utils (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
ecryptfs-utils does not work with LDAP/Kerberos users
https://bugs.launchpad.net/bugs/293433
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: Fix Released
Status in “ecryptfs-utils” source package in Ubuntu: Fix Released

Bug description:
Ubuntu version: Intrepid 8.10
eCrypt-utils version: 53-1ubuntu12
slapd version: 2.4.11-0ubuntu6
krb5-* version: 1.6.dfsg.4~beta1-3

All my users use OpenLDAP and MIT Kerberos5 to login, pam.d common-* and ldap.conf files are correctly configured, e.g. ldapwhoami reports:

testuser@dj-dvant-server:~$ ldapwhoami 
SASL/GSSAPI authentication started
SASL username: testuser@xxxxxxxxx
SASL SSF: 56
SASL data security layer installed.
dn:uid=testuser,ou=people,dc=xxxxx,dc=com

klist reports:
Default principal: testuser@xxxxxxxxx

Valid starting     Expires            Service principal
11/04/08 14:21:28  11/05/08 14:21:28  krbtgt/XXXXX.COM@xxxxxxxxx
11/04/08 14:27:42  11/05/08 14:21:28  ldap/dj-dvant-server.xxxxx.com@xxxxxxxxx

When using the tools from the ecryptfs-utils package such as:
ecryptfs-setup-private  I get the following error:
ERROR: User [xxx] does not exist

e.g:

testuser@dj-dvant-server:~$ ecryptfs-setup-private
ERROR: User [testuser] does not exist

This user only appears in LDAP and SASLAUTHD with Kerberos providing password auth.

This becomes an issue when using dovecot-auth, e.g:

Nov  4 14:30:10 dj-dvant-server dovecot-auth: pam_ldap: error trying to bind as user "uid=testuser,ou=people,dc=xxxxx,dc=com" (Invalid credentials)
Nov  4 14:30:10 dj-dvant-server dovecot-auth: pam_sm_authenticate: Called 
Nov  4 14:30:10 dj-dvant-server dovecot-auth: pam_sm_authenticate: username = [testuser] 
Nov  4 14:30:10 dj-dvant-server dovecot-auth: Error attempting to parse .ecryptfsrc file; rc = [-5]
Nov  4 14:30:10 dj-dvant-server dovecot-auth: Unable to read salt value from user's .ecryptfsrc file; using default 
Nov  4 14:30:10 dj-dvant-server dovecot-auth: Error attempting to open [/home/testuser/.ecryptfs/wrapped-passphrase] for reading 
Nov  4 14:30:10 dj-dvant-server dovecot-auth: Error attempting to unwrap passphrase from file [/home/testuser/.ecryptfs/wrapped-passphrase]; rc = [-5] 
Nov  4 14:30:10 dj-dvant-server dovecot-auth: Error adding passphrase key token to user session keyring; rc = [-5]