mount.crypt broken: Luks volumes won't mount anymore
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpam-mount (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libpam-mount
Since my upgrade this afternoon of libpam-mount to 0.15-1ubuntu1, pam_mount stopped mounting my dm_crypt/Luks encrypted homedir automaticaly at login.
After some debugging, it turns out that in /sbin/mount.crypt, which sets up the decrypted device and mount it, the following code (taken from libpam-mount 0.13)
if "$CRYPTSETUP" isLuks "$DEVICE" 2>/dev/null; then
LUKS=true;
"$CRYPTSETUP" luksOpen "$DEVICE" "$DMDEVICE";
else
was replaced by
if "$CRYPTSETUP" isLuks "$DEVICE" 2>/dev/null; then
LUKS=true;
"$CRYPTSETUP" luksOpen --key-file=
else
causing mount.crypt to try to read the encryption key from a floppy disk, rather than using the use password, that was passed from pam to the mount command.
I'm not sure why this change was made, but it makes absolutely no sense to me, it breaks existing setups terribly, and it contradicts the text of Readme.Debian. Also, in Debian sid (libpam-mount version 0.18), the --key-file=
Changed in libpam-mount: | |
status: | Incomplete → Confirmed |
Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you?
Thanks in advance.