ecryptfs team mailing list archive

Thread
Date

[Bug 470129] Re: 9.10 karmic gdm login fails after changing password (users-admin) when home folder encrypted (ecryptfs)

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: karlrt <karlrt@xxxxxxx>
Date: Sat, 23 Jan 2010 14:49:31 -0000
Reply-to: Bug 470129 <470129@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Package changed: seahorse (Ubuntu) => ecryptfs-utils (Ubuntu)

** Also affects: ecryptfs
Importance: Undecided
Status: New

--
9.10 karmic gdm login fails after changing password (users-admin) when home folder encrypted (ecryptfs)
https://bugs.launchpad.net/bugs/470129
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: New
Status in “ecryptfs-utils” package in Ubuntu: Confirmed

Bug description:
1 - What I expected to happen:

In a fresh installation of Ubuntu 9.10 Karmic Koala with the encrypted home folder option, I tried changing my user password and expected being able to log in with my new password.

2 - What actually happened

Not only was it impossible to log in with the new password (authentication failure), but also the decryption of my home folder turned out to be impossible even with the previous password (successful gdm authentication but home folder not mounted with consequent warnings from ICEauthority, gconf-sanity-check-2, nautilus...), leading to just the wallpaper with the mouse pointer (no toolbars nor mouse contextual menu). Detailed warning messages:

· Could not update ICEauthority file /home/user/.ICEauthority

· There is a problem with the configuration server (/usr/lib/libgconf2-4/gconf-sanity-check-2 exited with status 256)

· Nautilus could not create the following required folders: /home/user/Desktop, /home/user/.nautilus. Before running Nautilus, please create these folders, or set permissions such that Nautilus can create them.

3 - Steps necessary to make it happen.

· Install Ubuntu 9.10 Karmic Koala, selecting option "require my password to log in and to decrypt my home folder".
· Restart.
· Login.
· Go to menu "System"->"Administration"->"Users and Groups" (users-admin).
· Double-click on user (or select user and click "Properties" button).
· Click "Change Password..." button.
· Enter current password.
· Enter new password (twice).
· Click "Change password".
· Click "Close".
· Click "OK".
· Enter new password (in the authentication prompt that appears after clicking "OK").
· Click "Close".
· Log out.
· Log in: with the new password, authentication fails; with the previous password, GDM login fails (home folder not mounted).

4 - The crux of the matter.

"Users and Groups" (users-admin) should not allow changing a user password in the user's properties window if not authenticated first in the main window (with the key-icon button saying "Click to make changes"). Actually, it doesn't get to change the user password (even if it is allowed and implied that the password was changed), but it does modify ecryptfs' wrapped-passphrase to suit the hypothetically new password, hence the problem. This incongruity breaks the harmony between the current user password and ecryptfs' wrapped-passphrase, thus preventing the home folder from being mounted.