ecryptfs team mailing list archive

Thread
Date

[Bug 295429] Re: pam_encryptfs.so causes authentication to be slow

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Thu, 23 Jul 2009 18:47:44 -0000
Reply-to: Bug 295429 <295429@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Earlier this week, I uploaded ecryptfs-utils-78 to karmic, which
should address the issue you mention.

The fix first detects if your encrypted home or private directory is
already mounted, and if so, it bypasses the most performance intensive
work.

This means that all subsequent authentications that go through
pam_ecryptfs should be significantly faster.  This includes sudo, ssh,
gnome, kde, xfce, screensavers, etc.  The first login is not affected,
and it will have to do the initial key loading and decryption, etc,
but subsequent logins are much, much faster.

** Summary changed:

- pam_encryptfs.so causes authentication to be slow
+ pam_ecryptfs.so causes authentication to be slow

** Changed in: ecryptfs-utils (Ubuntu)
     Assignee: (unassigned) => Dustin Kirkland (kirkland)

-- 
pam_ecryptfs.so causes authentication to be slow
https://bugs.launchpad.net/bugs/295429
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” package in Ubuntu: Fix Released

Bug description:
Binary package hint: ecryptfs-utils

I have the encrypted ~/Private enabled. In /etc/pam.d/common-auth is the line:
auth    optional    pam_encryptfs.so unwrap

If that line is commented out, then doing something like 'sudo ls' is instantanious after I enter my password. 

If that line is not commented out (like normal), 'sudo ls', or anything else involving my password such as logging in, and unlocking the screensaver take about 4 or 5 seconds longer than they need to.

The following is also syslogged. I'm not sure if it's relevant or not, but that 5 second delay seems to be the pause that occurs.

Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: Called 
Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: username = [robin] 
Nov 8 17:33:00 gulik sudo: Error attempting to parse .ecryptfsrc file; rc = [-5]
Nov 8 17:33:00 gulik sudo: Unable to read salt value from user's .ecryptfsrc file; using default 
Nov 8 17:33:05 gulik sudo: Passphrase key already in keyring 
Nov 8 17:33:05 gulik sudo: Error attempting to add passphrase key to user session keyring; rc = [1] 
Nov 8 17:33:05 gulik sudo: There is already a key in the user session keyring for the given passphrase. 

This doesn't seem to impair the functionality, but it is a little bit annoying.

References

[Bug 295429] [NEW] pam_encryptfs.so causes authentication to be slow
From: Eythian, 2008-11-08