pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass"

Bug #332833 reported by Per Ångström on 2009-02-22
136
This bug affects 19 people
Affects Status Importance Assigned to Milestone
libpam-mount (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: libpam-mount

Linux 2.6.28-8-generic #24-Ubuntu SMP Wed Feb 18 20:36:18 UTC 2009 x86_64 GNU/Linux

Ever since I installed libpam-mount (v. 1.5-1) I get the following message whenever I log in or sudo:

pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass"

It's probably not serious but the message is annoying.

Jan Engelhardt (jengelh) wrote :

So remove the option from the pam_mount line in your pam configs.

Per Ångström (autark) wrote :

Yeah, that would be fine if I'm the only one seeing this message. However, I suspect it's a common annoyance which IMO should be addressed in the distribution.

BTW, the offending option is in /etc/pam.d/common-pammount .

darthanubis (darthanubis) wrote :

Having same issue since 3/31/09.

Linux core2duo 2.6.28-11-generic #38-Ubuntu SMP Fri Mar 27 10:01:17 UTC 2009 x86_64 GNU/Linux

Ulrich Lukas (ulrich-lukas) wrote :

Same for me since recent upgrade in Jaunty Beta.

Changed in libpam-mount (Ubuntu):
status: New → Confirmed

confirming that i have the same issue as well

I have the same issue, Jaunty Beta on AMD64

Jan Engelhardt (jengelh) wrote :

>which IMO should be addressed in the distribution

well seems like they take the "should" by its definition as it appears in RFCs -- and decide not to address it ;-)

samvais (samvais) wrote :

Confirming the same problem. (Jaunty beta on AMD64)

I personally consider this serious, since we have dozens of Ubuntu installations that will be effected by this.

antage (antage) wrote :

I upgraded Ubuntu to 9.04 (amd64) and I got same issue.

Hgrg (hgrg) wrote :

Confirming the issue: Jaunty ß / i386/

flocci (dohashi) wrote :

I upgraded to Ubuntu 9.04 and I am also seeing this message. x86_64

However I also use pam_mount to mount a luks encrypted home drive, and it looks like logging in no longer passes my login password to cryptsetup (that is, what use_first_pass is supposed to do). Both gdm and a terminal based login hang as if waiting for me to enter a second password. However there does not seem to be any way to do so.

Basically I can't access my home drive without manually calling cryptsetup, then mounting my home drive myself. This is a serious pain.

Ari (ari-reads) wrote :

flocci: I also use pam mount to automount luks. I see the annoying "use_first_pass" message but at least automount works fine in my case.

Still unsure if it is safe to remove the option from /etc/pam.d/common-pammount

Per Ångström (autark) wrote :

I think I have a setup similar to flocci's, and I'm not having any such trouble, with or without the option.

I spent some more time messing around with my system and I am now able to get
my home drive to mount when I log in. I had to modify my /etc/crypttab
settings.

However I am still getting the use_first_pass message.

Darin

On Sat, 25 Apr 2009 16:30:40 -0000
Per Ångström <email address hidden> wrote:

> I think I have a setup similar to flocci's, and I'm not having any
> such trouble, with or without the option.
>

--
Because all other Floccinaucinihilipilification Homepages are worthless.
http://www.floccinaucinihilipilification.net
The Floccinaucinihilipilification Homepage

tave (tave) wrote :

same problem

DiegoV (diegofcviegas) wrote :

I had the same problem, losting the login mount of my crypt partition.

Flocci, how did you fixed that, please?

Thanks, Diego

Anders Olsson (anders-anderso) wrote :

The same problem here, after upgrading from intrepid to jaunty, pam_mount no longer mounts my luks-encrypted home partition and I see the same message, there is no delay however.

My /etc/pam.d/common-pammount contains these lines:

auth optional pam_mount.so use_first_pass
session optional pam_mount.so

Per Ångström (autark) wrote :

I suspect we have two issues here:
1) A confusing and annoying but benign message (the original issue),
2) A serious problem with mounting luks-encrypted partitions.

I cannot say for certain that the two issues are not interrelated in any way, but I think a separate bug should be opened for the second issue, to give it more attention.

Anders Olsson (anders-anderso) wrote :

I think that's true, the message is harmless. The reason that my luks-encrypted partition did not mount was because I accidentally overwrote /etc/security/pam_mount.conf.xml during the upgrade. Now it works.

I also removed the use_first_pass option from /etc/pam.d/common-pammount so that it contains

auth optional pam_mount.so
session optional pam_mount.so

and I no longer get the message.

jmedina (jorgearma1982) wrote :

I just upgraded from intrepid to jaunty and got same problem about "unknown option "use_first_pass"", readming new pam_mount man page I see that "use_fist_pass" option is no longer needed, previous man page uses use_first_pass, you you only need to remove those options from module and that is all. However, I think that there should be a dialog warning about this change when upgrading libpam_mount, probably recommeding manual removal or something.

Gergely Csépány (cheoppy) wrote :

It's also present in a clean Jaunty install.
Can be solved by removing the "use_first_pass" option in the common_pammount and common_auth files. I haven't tried with an encrypted home partition yet, will setup one soon, if it breaks it, I'll update my report.

LeoRochael (leorochael) wrote :

The functionality of the "use_first_pass" option is now controlled by the "enable_pam_password" to the pam_mount module. This option is enabled by default, according to the page below, so shouldn't be necessary:

http://www.nomachine.com/ar/view.php?ar_id=AR06G00536

Attached is a package-patch to replace the debian package patch of the original package.

Forrest Hawes (watchful070) wrote :

Note for others: in order to eliminate this error message,

pam_mount(pam_mount.c:100): unknown pam_mount option "use_first_pass"

everytime when su-ing to root,

 I had to edit /etc/pam.d/common-pammount (as suggested),
and also /etc/pam.d/common-auth (which was only hinted at by the first reply to the bug post, and also implied in Leo's patch diff file, I believe).

I changed /etc/pam.d/common-pammount by removing the 'use_first_pass' option from the fourth options column;
I elected to replace its presence in the "Additional" block in the common-auth file by the string "enable_pam_password" so that the line that formerly reads:

auth optional pam_mount.so use_first_pass

is changed to:

auth optional pam_mount.so enable_pam_password

the options.txt file that is included in the libpam-mount documentation clearly identifies the "enable_pam_password" as the default; I was simply making sure.

After I changed these two files, the error message went away.

System notes: I am running Jaunty Server:
Linux erwin 2.6.28-13-server #45-Ubuntu SMP &&
my version of libpam-mount is '1.5-1ubuntu1'

Forrest Hawes (watchful070) wrote :

I hadn't seen cheoppy's report: so my report is a second towards his initial suggestion.

I also am about to setup encrypted home; and if I see problems like reported here, I will update my report.

As I am also about to work with Netatalk and libpam-mount, that may provide an additional view of any problems.

samvais (samvais) wrote :

We have both pammount and ldap authentication in use, so use_first_pass is still needed:
Problem fixed by removing use_first_pass from /etc/pam.d/common-* except from lines with ldap references: 'required pam_ldap.so' .

Riccardo Murri (rmurri) wrote :

Regarding the message one gets when using "sudo": this is caused by the line "auth optional pam_mount.so use_first_pass" being included in /etc/pam.d/common-auth. This is triggered by a call to "pam-auth-update" in the libpam-mount.postinst script, which should be removed.

As the documentation of pam_mount states, that line only belongs in /etc/pam.d/common-pammount; which should only be included ("@include common-pammount") in the services that need to use pam mount upon successful authentication.

johnny (johnnywingnut) wrote :

problem started after setting up for encryption:
apt-get install lvm2 cryptsetup libpam-mount
fixed by editing out "use_first_pass" from /etc/pam.d/common-auth and /etc/pam.d/common-pammount.

Steve Langasek (vorlon) wrote :

Fixed in libpam-mount 1.27-4.

libpam-mount (1.27-4) unstable; urgency=low

  * Remove old use_first_pass option from debian/pam-auth-update
    to avoid warnings.
  * Added pmt-ofl(1) manpage.

 -- Bastian Kleineidam <email address hidden> Wed, 19 Aug 2009 21:05:32 +0200

Changed in libpam-mount (Ubuntu):
status: Confirmed → Fix Released
krisgesling (krisgesling) wrote :

Yeah I had the problem but it was merely an annoying message issue. Just reinstalled the libpam-mount package through the synaptic package manager and all was good.

cheers
gez

iram chelli (xiaolux) wrote :

Steve,

I have version 1.5 libpam-mount and still the same issue...

regards,

Opti

Steve Langasek (vorlon) wrote :

On Thu, Oct 15, 2009 at 03:42:49PM -0000, iram chelli wrote:

> I have version 1.5 libpam-mount and still the same issue...

The fix for this bug was to not use the use_first_pass option in the default
configuration. If you have manually configured use_first_pass in your
setup, you will need to manually remove it.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>

iram chelli (xiaolux) wrote :

I have already fixed that manually, but i sincerely don't recall modifying the default configuration in any way. In that case i would have kept a .old copy.

I.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers