ecryptfs team mailing list archive

Thread
Date

[Bug 470129] Re: 9.10 karmic gdm login fails after changing password (users-admin) when home folder encrypted (ecryptfs)

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Chad Quickstad <cquickstad@xxxxxxxxx>
Date: Tue, 05 Jan 2010 16:15:56 -0000
Reply-to: Bug 470129 <470129@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I encountered this bug too. Here is how I was able to work around it.

After using the System->Administration->Users and Groups tool to change
my password, I encountered the conditions exactly as the original bug
filer did under "2 - What actually happened" in his bug report.

I pressed Ctrl-Alt-F1 on my keyboard to bring up one of the non-GUI
login prompts. From there, I logged in to my account using the old
password.

At the prompt I used the passwd command. It asked for the current
password, so I gave it the old password. Then I entered in the new
password and again to confirm.

After that I rebooted and was able to log in with my new password.

I hope that helps someone who is locked out of their system.

--
9.10 karmic gdm login fails after changing password (users-admin) when home folder encrypted (ecryptfs)
https://bugs.launchpad.net/bugs/470129
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” package in Ubuntu: Confirmed

Bug description:
1 - What I expected to happen:

In a fresh installation of Ubuntu 9.10 Karmic Koala with the encrypted home folder option, I tried changing my user password and expected being able to log in with my new password.

2 - What actually happened

Not only was it impossible to log in with the new password (authentication failure), but also the decryption of my home folder turned out to be impossible even with the previous password (successful gdm authentication but home folder not mounted with consequent warnings from ICEauthority, gconf-sanity-check-2, nautilus...), leading to just the wallpaper with the mouse pointer (no toolbars nor mouse contextual menu). Detailed warning messages:

· Could not update ICEauthority file /home/user/.ICEauthority

· There is a problem with the configuration server (/usr/lib/libgconf2-4/gconf-sanity-check-2 exited with status 256)

· Nautilus could not create the following required folders: /home/user/Desktop, /home/user/.nautilus. Before running Nautilus, please create these folders, or set permissions such that Nautilus can create them.

3 - Steps necessary to make it happen.

· Install Ubuntu 9.10 Karmic Koala, selecting option "require my password to log in and to decrypt my home folder".
· Restart.
· Login.
· Go to menu "System"->"Administration"->"Users and Groups" (users-admin).
· Double-click on user (or select user and click "Properties" button).
· Click "Change Password..." button.
· Enter current password.
· Enter new password (twice).
· Click "Change password".
· Click "Close".
· Click "OK".
· Enter new password (in the authentication prompt that appears after clicking "OK").
· Click "Close".
· Log out.
· Log in: with the new password, authentication fails; with the previous password, GDM login fails (home folder not mounted).

4 - The crux of the matter.

"Users and Groups" (users-admin) should not allow changing a user password in the user's properties window if not authenticated first in the main window (with the key-icon button saying "Click to make changes"). Actually, it doesn't get to change the user password (even if it is allowed and implied that the password was changed), but it does modify ecryptfs' wrapped-passphrase to suit the hypothetically new password, hence the problem. This incongruity breaks the harmony between the current user password and ecryptfs' wrapped-passphrase, thus preventing the home folder from being mounted.