ecryptfs team mailing list archive
-
ecryptfs team
-
Mailing list archive
-
Message #01304
[Bug 295429] Re: pam_ecryptfs.so causes authentication to be slow
The initial bug filed, as described is fixed. Once your key is loaded
into the keyring, pam_ecryptfs won't try to unnecessarily unwrap your
key again.
Please file a new bug on a different issue.
Dustin
** Summary changed:
- pam_ecryptfs.so causes authentication to be slow
+ pam_ecryptfs.so causes authentication to be slow by unnecessary subsequent unwraps of wrapped-passphrase
** Changed in: ecryptfs-utils (Ubuntu)
Assignee: Dustin Kirkland (kirkland) => (unassigned)
--
pam_ecryptfs.so causes authentication to be slow by unnecessary subsequent unwraps of wrapped-passphrase
https://bugs.launchpad.net/bugs/295429
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.
Status in “ecryptfs-utils” package in Ubuntu: Fix Released
Bug description:
Binary package hint: ecryptfs-utils
I have the encrypted ~/Private enabled. In /etc/pam.d/common-auth is the line:
auth optional pam_encryptfs.so unwrap
If that line is commented out, then doing something like 'sudo ls' is instantanious after I enter my password.
If that line is not commented out (like normal), 'sudo ls', or anything else involving my password such as logging in, and unlocking the screensaver take about 4 or 5 seconds longer than they need to.
The following is also syslogged. I'm not sure if it's relevant or not, but that 5 second delay seems to be the pause that occurs.
Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: Called
Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: username = [robin]
Nov 8 17:33:00 gulik sudo: Error attempting to parse .ecryptfsrc file; rc = [-5]
Nov 8 17:33:00 gulik sudo: Unable to read salt value from user's .ecryptfsrc file; using default
Nov 8 17:33:05 gulik sudo: Passphrase key already in keyring
Nov 8 17:33:05 gulik sudo: Error attempting to add passphrase key to user session keyring; rc = [1]
Nov 8 17:33:05 gulik sudo: There is already a key in the user session keyring for the given passphrase.
This doesn't seem to impair the functionality, but it is a little bit annoying.
References