GDM auto login won't work with ecryptfs

Bug #353446 reported by David Erosa on 2009-04-01
76
This bug affects 16 people
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)
Undecided
Unassigned
Nominated for Karmic by Nicholas Christian Langkjær Ipsen
Nominated for Lucid by Nicholas Christian Langkjær Ipsen
gdm (Ubuntu)
Wishlist
Unassigned
Nominated for Karmic by Nicholas Christian Langkjær Ipsen
Nominated for Lucid by Nicholas Christian Langkjær Ipsen

Bug Description

Binary package hint: gdm

Using Ubuntu Jaunty Beta 1 up to date (20090401)

A co-worker had trouble with the auto login in GDM, the screen kept showing a blank screen and never started gnome. So after investigating I found that he had enabled the encryptfs of his home directory. Disabling the autologin solved the problem.

Steps to reproduce:
1. Install Ubuntu Jaunty choosing encripted home directory.
2. Login and select auto-login in gdmsetup.
3. Next time you try to login, the session won't start.

Would it be possible that GDM informed about this or ask for the password to "unlock" the home?
Maybe, with a encryptfs home one shouldn't be allowed to activate auto-login.

This is related to bug 284443.

David Erosa (erosa) on 2009-04-01
description: updated
Sebastien Bacher (seb128) wrote :

gdm starts the session is probably hangs after that due to some reason

affects: gdm (Ubuntu) → ecryptfs-utils (Ubuntu)
Dustin Kirkland  (kirkland) wrote :

I'm sorry, but an encrypted home directory and gdm-autologin are two features that are simply incompatible.

We handled this in the installer by allowing you to only one of 3 different options:
 1) auto login (no password)
 2) login with a password
 3) login with a password and decrypt your home directory contents

I believe this should be solved in the gdm Login Window Preferences -> Security tab. The 'enable automatic login' option should be greyed out if the user has an encrypted home directory,
 $ mount | grep "on $HOME type ecryptfs"

seb128, I'm going to wishlist this against gdm.

:-Dustin

Changed in gdm (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Changed in ecryptfs-utils (Ubuntu):
status: New → Invalid
Sebastien Bacher (seb128) wrote :

Dustin, that should not block login though should it?

Sebastien-

If you encrypt your home directory, you absolutely *must* enter a
password on login.

If you want to add some code to GDM, when doing an auto-login that
detects this, that's fine too. In fact, I think that might be a good
idea.

:-Dustin

Andy Loughran (andylockran) wrote :

If an account is set to auto-login - no matter if it's encrypted or not - the behaviour should be that it will autologin. The current behaviour (gdm failure) is not desirable. It would be better to explicitly disable autologin for encrypted homedirs (as suggested by Dustin) or at least for a security warning to show, preventing login (like if home perms aren't set correctly.

I notice this bug is quite old, so apologies if this isn't relevant to the current karmic development.

G.N.Ubarretxena (ganix) wrote :

I see this is still an issue in 9.10 Karmic, since automatic login can be activated even if the user has an encrypted home folder...

Vlad Socaciu (vladsocaciu) wrote :

In Karmic, the option of autologin is available in the Login Screen Settings, even when home is encrypted. This just leaves the unaware and unexperienced user at risk of making his computer unusable. Many people I know like having their computer autologin. If they are not aware of the problem, the potential of combining it with home encryption is quite big. It should definitely be fixed quickly.

Does wishlist importance mean it will only be done for the next release?

Will you please do something about this? It is actually quite dangerous if you don't know how to fix it.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdm - 2.30.0-0ubuntu3

---------------
gdm (2.30.0-0ubuntu3) lucid; urgency=low

  * debian/patches/09_gdmsetup.patch:
    - do not list users who have an encrypted home directory for autologin
      candidate (still some corner case, see code comment). (LP: #353446)
 -- Didier Roche <email address hidden> Wed, 31 Mar 2010 18:48:44 +0200

Changed in gdm (Ubuntu):
status: Confirmed → Fix Released
mistr (mstrecke) wrote :

A new variant of the bug is present in the CD install of 10.04 LTS:

On a freshly installed system, with the first user having an encrypted home directory, the drop down list in "Login Screen Settings" for the auto-login user is indeed blanked.

If a second user is added - also with an encrypted home directory - the second user IS selectable as an auto-login user with all the consequences described above. It seems that only the first user is "unlisted".

Installed gdm version: 2.30.0-0ubuntu5

Didier Roche (didrocks) wrote :

This is a known issue with current implementation and really not easily fixable (I had that in mind in making the patch and we discussed it). You should open a new bug report with that, please.

Kangarooo Jānis (kangarooo) wrote :

Ive also experienced that
Ive put autologin and also dont ask for password but in installation put encrpt home and ask for passw
since i was beeing thrown back at login each time pressed enter on user i tryd TTY6 login and then in TTY7 i was able to log in without passw and removed dont ask for passw. also in 10.10 login manager didnt allowed to choose witch user i want to login heres screenshot http://www.zimagez.com/zimage/ekrnkopija-20100720-175511.php

fraujansen (daniel-schiller) wrote :

I understand the fact that if my computer is encrypted, I have to enter the passphrase to log in. Makes sense.

My whish would be, that if a certain usb-stick (with an encyrpted passphrase) is inserted in the pc the gdm log in automatically.
If I take my laptop elsewhere and i power it on (without this certain usb-stick) i had to enter the passphrase.

Sorry for my bad english
I will post this idea into the ubuntu-wishlist. Maybe more people are interested in this new feature/enhancement.
dani

fraujansen (daniel-schiller) wrote :

Another person had the same idea like me...

http://brainstorm.ubuntu.com/idea/25629/

vote yes!! ;)

Thanks for the hint from Steinar @ 446743 . 2009-11-01, a way was found to settle this unholy situation

If one at this stage creates a newuser with 'adduser' in tty1,+ put him as standardlogin-user, the crab is in the box.

From within the newuser-identity, switch-user is easy, then he/she can deactivate the f***ing 'auto-login'

Anyone new to Ubunutu suffering from this should refer to local Ubuntu-Forum for assistance, if not experienced on command line.

Still an issue in Maverick

This is still an issue on Natty.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers