pam_mount mounts home partition but fails to log in
Brought to you by:
jengelh
Menu
▾
▴
#56 pam_mount mounts home partition but fails to log in
On my system, pam_mount is successfully mounting my home partition (verified by logging in as root in a separate terminal), but after doing so (and with no error messages) it hangs, not allowing me to fully log in to my session. Here's what it logs to /var/log/messages, with debug=1 (Note that I did in fact upgrade to 1.18; I'm not entirely sure why it shows 1.17 in the below log):
Feb 14 22:12:02 verbum login[5843]: pam_mount(pam_mount.c:312): pam_mount 1.17: entering
auth stage
Feb 14 22:12:02 verbum login[5843]: pam_mount(pam_mount.c:202): enter read_password
Feb 14 22:12:06 verbum login[5843]: pam_unix(login:session): session opened for user rwal
d by LOGIN(uid=0)
Feb 14 22:12:06 verbum login[5843]: pam_mount(pam_mount.c:458): pam_mount 1.17: entering
session stage
Feb 14 22:12:06 verbum login[5843]: pam_mount(pam_mount.c:479): back from global readconf
ig
Feb 14 22:12:06 verbum login[5843]: pam_mount(pam_mount.c:481): per-user configurations not allowed by pam_mount.conf.xml
Feb 14 22:12:06 verbum login[5843]: pam_mount(misc.c:38): Session open: (uid=0, euid=0, gid=1003, egid=1003)
Feb 14 22:12:06 verbum login[5843]: pam_mount(rdconf2.c:182): checking sanity of volume record (/dev/sda6)
Feb 14 22:12:06 verbum login[5843]: pam_mount(pam_mount.c:536): about to perform mount operations
Feb 14 22:12:06 verbum login[5843]: pam_mount(mount.c:172): Mount info: globalconf, user=rwald <volume fstype="crypt" server="(null)" path="/dev/sda6" mountpoint="/home/rwald" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0
Feb 14 22:12:06 verbum login[5843]: pam_mount(mount.c:484): checking for encrypted filesystem key configuration
Feb 14 22:12:06 verbum login[5843]: pam_mount(mount.c:487): about to start building mount command
Feb 14 22:12:06 verbum login[5843]: command: [mount.crypt] [/dev/sda6] [/home/rwald]
Feb 14 22:12:06 verbum login[5851]: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=1003, egid=1003)
Feb 14 22:12:06 verbum login[5851]: pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=1003, egid=1003)
Feb 14 22:12:07 verbum login[5843]: pam_mount(mount.c:64): mount messages:
Feb 14 22:12:07 verbum login[5843]: pam_mount(mount.c:67): Command successful.
Feb 14 22:12:07 verbum [ 56.247593] kjournald starting. Commit interval 5 seconds
Feb 14 22:12:07 verbum [ 56.247599] EXT3-fs warning: maximal mount count reached, running e2fsck is recommended
Feb 14 22:12:07 verbum [ 56.247910] EXT3 FS on dm-1, internal journal
Feb 14 22:12:07 verbum [ 56.247914] EXT3-fs: mounted filesystem with ordered data mode.
Feb 14 22:12:07 verbum login[5843]: command: [pmvarrun] [-u] [rwald] [-o] [1]
Feb 14 22:12:07 verbum login[5892]: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=1003, egid=1003)
Feb 14 22:12:07 verbum login[5892]: pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=1003, egid=1003)
Feb 14 22:12:07 verbum login[5843]: pam_mount(pam_mount.c:418): pmvarrun says login count is 1
Feb 14 22:12:07 verbum login[5843]: pam_mount(pam_mount.c:550): done opening session (ret=0)
Here's a copy of my /etc/pam.d/system-auth (I'm on Gentoo, so that's what common-auth is called):
auth required pam_env.so
auth optional pam_mount.so
auth required pam_unix.so try_first_pass likeauth nullok
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
#password required pam_unix.so try_first_pass use_authtok nullok md5 shadow
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_mount.so
And here's the relevant section of /etc/security/pam_mount.conf.xml:
...
<volume user="rwald" fstype="crypt" path="/dev/sda6" mountpoint="/home/rwald/" />
...
Any ideas why it's not letting me log in?
Fixed in v1.18-8-gaf4a71f; release follows.
I just compiled and installed the 1.19 release (by renaming my pam_mount-1.18.ebuild file to pam_mount-1.19.ebuild), and it appears to have not worked; I'm getting the same behavior as before. In case there have been any changes, here's the current log:
Feb 27 03:29:30 verbum login[5849]: pam_mount(pam_mount.c:312): pam_mount 1.19: entering auth stage
Feb 27 03:29:34 verbum login[5849]: pam_unix(login:session): session opened for user rwald by LOGIN(uid=0)
Feb 27 03:29:34 verbum login[5849]: pam_mount(pam_mount.c:458): pam_mount 1.19: entering session stage
Feb 27 03:29:34 verbum login[5849]: pam_mount(misc.c:38): Session open: (uid=0, euid=0, gid=1003, egid=1003)
Feb 27 03:29:34 verbum login[5849]: pam_mount(mount.c:172): Mount info: globalconf, user=rwald <volume fstype="crypt" server="(null)" path="/dev/sda6" mountpoint="/home/rwald" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0
Feb 27 03:29:34 verbum login[5849]: command: [mount.crypt] [/dev/sda6] [/home/rwald]
Feb 27 03:29:34 verbum login[5858]: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=1003, egid=1003)
Feb 27 03:29:34 verbum login[5858]: pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=1003, egid=1003)
Feb 27 03:29:35 verbum login[5849]: pam_mount(mount.c:64): mount messages:
Feb 27 03:29:35 verbum login[5849]: pam_mount(mount.c:67): Command successful.
Feb 27 03:29:35 verbum [ 44.098887] kjournald starting. Commit interval 5 seconds
Feb 27 03:29:35 verbum [ 44.098893] EXT3-fs warning: maximal mount count reached, running e2fsck is recommended
Feb 27 03:29:35 verbum [ 44.099231] EXT3 FS on dm-1, internal journal
Feb 27 03:29:35 verbum [ 44.099235] EXT3-fs: mounted filesystem with ordered data mode.
Feb 27 03:29:35 verbum login[5849]: command: [pmvarrun] [-u] [rwald] [-o] [1]
Feb 27 03:29:35 verbum login[5899]: pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=1003, egid=1003)
Feb 27 03:29:35 verbum login[5899]: pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=1003, egid=1003)
Feb 27 03:29:35 verbum login[5849]: pam_mount(pam_mount.c:418): pmvarrun says login count is 1
Feb 27 03:29:35 verbum login[5849]: pam_mount(pam_mount.c:548): done opening session (ret=0)
As before, a separate root terminal saw the partition as mounted properly, but my main user never got past seeing "done opening session (ret=0)". I really would like to provide a more useful log file, but I'm not sure how I could go about doing so.
On tty2 for example, enter the username and hit return so that the *getty(8) program starts login(8). Then look up the PID of the newly spawned /bin/login with tty2, and attach `gdb /bin/login $thatpid`. Do "continue" in gdb, and enter the password on tty2. pam_monut should have been compiled with debug enabled (CFLAGS="-O0 -ggdb3") so that when gdb stops, you have something textual.
OK, I tried that, and aside from a bunch of "Loading symbols from /lib64/security/pam_foo.so (no debugging symbols found) ..." and "Finished loading symbols from /lib64/security/pam_foo.so" messages, nothing came up. (Those aren't precise; I needed to reboot my computer to get to an easily-used browser and I didn't copy them down.) Notably, when both pam_mount.so and libHX.so got loaded, they also said no debugging symbols found, despite my having recompiled both with the CFLAGS you specified.
It may be that ebuild interferes with your CFLAGS. For best results, pam_mount is compiled by itself (without ebuild) and said CFLAGS, then a symlink is laid (`ln -f /home/user/pam_mount/src/.libs/pam_mount.so /lib64/security/pam_mount.so`) and things should be going.
Or talk to me (j_eng) on irc.freenode.net if you would like to do a shared screen session which is usually the fastest way to squeeze bugs.
For the record, the "fish" shell that the submitter used seems to have some severe bugs (among it, an infinite no-op loop) that are outside the scope of pam_mount.