My system has encrypted home by using ecryptfs-utils. I try to use pam_mount to mount a second encrypted folder, which has the same password, at login.
After installing pam-mount package from MXlinux repo:
$ grep "pam_mount" /etc/pam.d/* /etc/pam.d/common-auth:auth optional pam_mount.so /etc/pam.d/common-session:session optional pam_mount.so
New pam_mount.conf.xml volume entry: (have tried many variations)
<volume noroot="1" fstype="ecryptfs" path="/media/MAIN/.secret" mountpoint="/media/MAIN/secret" options="ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_fnek_sig=a8d8ac8a4af02374,ecryptfs_sig=a8d8ac8a4af02374,ecryptfs_unlink_sigs" />
auth.log reports "mount of /media/MAIN/.secret failed", nothing I recognize as a clue to why it failed. (debug enable="1"). In auth.log I have:
lightdm: command: 'mount' '-t' 'ecryptfs' '/media/MAIN/.secret' '/media/MAIN/secret' '-o' 'ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_fnek_sig=a8d8ac8a4af02374,ecryptfs_sig=a8d8ac8a4af02374,ecryptfs_unlink_sigs'
That appears to be the right command since if it is run from command line, it mounts the folder without requiring interaction apart from entering passphrase.
What am I doing wrong?
I guessed that maybe pam_mount is not receiving the login password, so I tried mounting an ecryptfs volume with a keyfile. options="ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_enable_filename_crypto=y,ecryptfs_passthrough=n,ecryptfs_fnek_sig=762365792a59155d,ecryptfs_sig=762365792a59155d,key=passphrase:passphrase_passwd_file=~/.keyfile.txt" />
"Mount failed" appears several times in the auth.log file, but the folder is eventually mounted 1-25 minutes (!) after desktop appears. Why this weird behavior? Although keyfile is in the encrypted home folder, that is decrypted early on and it should be accessible -?-
Thanks in advance for explanations and suggestions.
Distro: MXLinux 18.3_x64. "Systemd is included by default but not enabled." sysvinit is default init, systemd-shim so "MX Linux can use Debian packages that have systemd dependencies..."
