Problems using pam_mount together with pam_ssh and pam_keyring on FC6
Jens Lautenbacher
jtl at schlund.de
Wed Nov 1 22:01:46 UTC 2006
Hi,
I use Fedora Core 6 on a laptop and want to use single sign-on for
encrypted home partitions, ssh keys and the gnome keyring.
My home partition /home/jtl is luks encrypted, and I try to use
pam_mount to mount it when I enter my user id/password into gdm.
The password should also be used to read my ssh keys and open up the
default gnome keyring.
The pam.d/gdm file looks like this (every thing else being the default)
#%PAM-1.0
auth required pam_env.so
auth optional pam_mount.so try_first_pass
auth optional pam_keyring.so try_first_pass
auth optional pam_ssh.so try_first_pass
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
session optional pam_mount.so
session optional pam_keyring.so
session optional pam_ssh.so
The problem is: it seems that pam_mount doesn't manage to mount the
partition early enough for pam_ssh or pam_keyring to be able to access
the keys or keyring. At least that's my conclusion from the behavior I
have experienced:
* After a logout (where - fortunately in my case, but of course
still a problem - pam_mount can't unmount the partition because
of a running gconfd) logging in again makes everything work as
expected.
* Also copying the .ssh and the ./gnome2/keyrings directories into
the /home/jtl folder where the new partition is to be mounted
(so these files are accessible at any time) makes everything run
smoothly - but of course it is not the intended setup to have
these files outside of the encrypted homedir.
How can I change my setup so what I want works without the hacks
mentioned above?
Thanks in advance,
jtl
More information about the Pam-list
mailing list