← Back to team overview

ecryptfs team mailing list archive

  1. ecryptfs team
  2. Mailing list archive
  3. Message #01060

[Bug 295429] Re: pam_encryptfs.so causes authentication to be slow

  Thread PreviousDate PreviousThread Next 
Dustin: Have you considered moving unwrap to PAM session phase, instead
of auth? It makes no sense to me to block the whole authentication to
mount your encrypted folder. The auth phase should be reserved to
authentication checking - session is here for you, where you can do this
while starting other apps.

I'm using this right now, that solves the issue. Gaining about 2 seconds
in not negligible in a system where we're struggling to save
milliseconds in the boot process. ;-)

** Changed in: ecryptfs-utils (Ubuntu)
       Status: Won't Fix => Incomplete

-- 
pam_encryptfs.so causes authentication to be slow
https://bugs.launchpad.net/bugs/295429
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Incomplete

Bug description:
Binary package hint: ecryptfs-utils

I have the encrypted ~/Private enabled. In /etc/pam.d/common-auth is the line:
auth    optional    pam_encryptfs.so unwrap

If that line is commented out, then doing something like 'sudo ls' is instantanious after I enter my password. 

If that line is not commented out (like normal), 'sudo ls', or anything else involving my password such as logging in, and unlocking the screensaver take about 4 or 5 seconds longer than they need to.

The following is also syslogged. I'm not sure if it's relevant or not, but that 5 second delay seems to be the pause that occurs.

Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: Called 
Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: username = [robin] 
Nov 8 17:33:00 gulik sudo: Error attempting to parse .ecryptfsrc file; rc = [-5]
Nov 8 17:33:00 gulik sudo: Unable to read salt value from user's .ecryptfsrc file; using default 
Nov 8 17:33:05 gulik sudo: Passphrase key already in keyring 
Nov 8 17:33:05 gulik sudo: Error attempting to add passphrase key to user session keyring; rc = [1] 
Nov 8 17:33:05 gulik sudo: There is already a key in the user session keyring for the given passphrase. 

This doesn't seem to impair the functionality, but it is a little bit annoying.

References

  Thread PreviousDate PreviousThread Next