ecryptfs team mailing list archive

Thread
Date

[Bug 295429] Re: pam_encryptfs.so causes authentication to be slow

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: mello73 <mello73@xxxxxxxxx>
Date: Mon, 26 Jan 2009 19:07:18 -0000
Reply-to: Bug 295429 <295429@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi, same "problem" here, eee 701 with ecryptfs:
slow login (~5sec) and same delay on every other operation that involve authentication... as sudo.
As described by Dustin, i think problem is cpu related; to test try the following:

open 2 terminal (shell)
in the first type "top -d1" to show cpu usage
in the second type "sudo ls" (or any other command to "authenticate" with sudo), enter the password and then immediatly switch to the other shell (the one with top -d1 running)
you will see that the process sudo is at the top with nearly 100% of cpu usage.

So seems problem is not a bug, but is related to the working mode of
ecryptfs (decrypting wrapped-passphrase file, calculating the fekek and
calculating the signatures)

bye

-- 
pam_encryptfs.so causes authentication to be slow
https://bugs.launchpad.net/bugs/295429
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: New

Bug description:
Binary package hint: ecryptfs-utils

I have the encrypted ~/Private enabled. In /etc/pam.d/common-auth is the line:
auth    optional    pam_encryptfs.so unwrap

If that line is commented out, then doing something like 'sudo ls' is instantanious after I enter my password. 

If that line is not commented out (like normal), 'sudo ls', or anything else involving my password such as logging in, and unlocking the screensaver take about 4 or 5 seconds longer than they need to.

The following is also syslogged. I'm not sure if it's relevant or not, but that 5 second delay seems to be the pause that occurs.

Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: Called 
Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: username = [robin] 
Nov 8 17:33:00 gulik sudo: Error attempting to parse .ecryptfsrc file; rc = [-5]
Nov 8 17:33:00 gulik sudo: Unable to read salt value from user's .ecryptfsrc file; using default 
Nov 8 17:33:05 gulik sudo: Passphrase key already in keyring 
Nov 8 17:33:05 gulik sudo: Error attempting to add passphrase key to user session keyring; rc = [1] 
Nov 8 17:33:05 gulik sudo: There is already a key in the user session keyring for the given passphrase. 

This doesn't seem to impair the functionality, but it is a little bit annoying.

References

[Bug 295429] [NEW] pam_encryptfs.so causes authentication to be slow
From: Eythian, 2008-11-08