ecryptfs-migrate-home with ldap users: nopwcheck necessary

Bug #1630477 reported by Dominik Gierlach
This bug affects 5 people
Affects Status Importance Assigned to Milestone

Bug Description

The password check of ecryptfs-setup-private fails for ldap/sssd users.
ecryptfs-setup-private implements the "--nopwcheck" option for this reason.

This option is not available for ecryptfs-migrate-home, which makes it impossible to use ecryptfs to encrypt the home directories of domain users.

ecryptfs-migrate-home is a wrapper for ecryptfs-setup-private, but the "--nopwcheck" option cannot be used.
If the option is added to the call of ecryptfs-setup-private, ecryptfs-migrate-home can easily be used for ldap users.

Is there any reason why the option should not be implemented for ecryptfs-migrate-home?

Related branches

Revision history for this message
Dominik Gierlach (dominik-gierlach) wrote :
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Fix committed to lp:ecryptfs as r891.

Changed in ecryptfs:
status: New → Fix Committed
Revision history for this message
Murz (murznn) wrote :

Thanks for fixing, seems work, but not available in most of Linux repositories. Does this patch included in last release of ecryptfs-utils?

Revision history for this message
Murz (murznn) wrote :

Still did't work on Ubuntu 20.04:
$ sudo ecryptfs-migrate-home -u myuser --nopwcheck


/usr/bin/ecryptfs-migrate-home -u USER

 -u,--user Migrate USER's home directory to an encrypted home directory

WARNING: Make a complete backup copy of the non-encrypted data to
another system or external media. This script is dangerous and, in
case of an error, could result in data lost, or lock you out of your

This program must be executed by root.
Package ecryptfs-utils at version 111-0ubuntu7

Maybe I need to do some additional manual actions for make this work?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers