# [SOLVED]pam_mount nie montuje

## mechu

Mam problem z pam_mount w wersji 0.48 i 0.49 ponieważ nie montuje.

Tak wygląda logowanie:

```

mlaptop login: mechu

pam_mount(pam_mount.c:258) pam_mount 0.48: entering auth stage

pam_mount(pam_mount.c:190) enter read_password

pam_mount password:

pam_mount(pam_mount.c:293) saving authtok for session code (authtok=0x621230)

Last login: Mon Nov 10 17:06:20 CET 2008 on tty1

mechu@mlaptop ~ $

```

system-auth:

```

auth      required   pam_env.so 

auth      optional   pam_mount.so debug

auth      required   pam_unix.so try_first_pass likeauth nullok 

 

account      required   pam_unix.so 

 

password   required   pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3 

password   required   pam_unix.so try_first_pass use_authtok nullok sha512 shadow 

 

session      required   pam_limits.so 

session      required   pam_env.so 

session      required   pam_unix.so 

```

pam_mount.conf.xml

```

<?xml version="1.0" encoding="utf-8" ?>

<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">

<!--

   See pam_mount.conf(5) for a description.

   pam_mount internally has a hardcoded set of options, so you

   can clear this file between <pam_mount> and </pam_mount>.

   The tags you find below equal to the hardcoded options,

   for your initial configuration convenience.

   If you change or remove them, please remove this paragraph

   to not mislead yourself ;-)

-->

<pam_mount>

      <!-- Volume definitions -->

<volume user="mechu" fstype="crypt" path="/dev/sda8" mountpoint="/home/mechu" />

      <!-- pam_mount parameters: General tunables -->

<debug enable="1" />

<!--

<luserconf name=".pam_mount.conf.xml" />

-->

<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />

<!--

<mntoptions deny="suid,dev" />

<mntoptions allow="*" />

<mntoptions deny="*" />

-->

<mntoptions require="nosuid,nodev" />

<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>

<logout wait="0" hup="0" term="0" kill="0" />

      <!-- pam_mount parameters: Volume-related -->

<fsckloop device="/dev/loop7" />

<mkmountpoint enable="1" remove="true" />

      <!-- pam_mount parameters: Auxiliary programs -->

<fd0ssh>pmt-fd0ssh</fd0ssh>

<fsck>fsck -p %(FSCKTARGET)</fsck>

<!-- mntcheck utility for BSDs which lack /etc/mtab -->

<mntcheck>mount</mntcheck>

<pmvarrun>pmvarrun -u %(USER) -o %(OPERATION)</pmvarrun>

      <!-- pam_mount parameters: Mount programs -->

<!-- On OpenBSD try "/usr/local/bin/mount_ehd" (included in pam_mount

package). -->

<lclmount>mount -p0 -t %(FSTYPE) %(VOLUME) %(MNTPT)

   "%(ifnempty=\"-o\" OPTIONS)" %(OPTIONS)</lclmount>

<umount>umount %(MNTPT)</umount>

<losetup>losetup -p0 "%(before=\"-e\" CIPHER)"

   "%(ifnempty=\"-k\" KEYBITS)" %(KEYBITS) %(FSCKLOOP) %(VOLUME)</losetup>

<unlosetup>losetup -d %(FSCKLOOP)</unlosetup>

<cifsmount>mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o

    "user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"</cifsmount>

<cryptmount>mount.crypt "%(ifnempty=\"-o\" OPTIONS)" %(OPTIONS)

   %(VOLUME) %(MNTPT)</cryptmount>

<cryptumount>umount.crypt %(MNTPT)</cryptumount>

<fusemount>mount.fuse %(VOLUME) %(MNTPT)

   "%(ifnempty=\"-o\" OPTIONS)" %(OPTIONS)</fusemount>

<fuseumount>fusermount -u %(MNTPT)</fuseumount>

<ncpmount>ncpmount %(SERVER)/%(USER) %(MNTPT) -o

    "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"</ncpmount>

<ncpumount>ncpumount %(MNTPT)</ncpumount>

<nfsmount>mount %(SERVER):%(VOLUME) %(MNTPT)

   "%(ifnempty=\"-o\" OPTIONS)" %(OPTIONS)</nfsmount>

<smbmount>smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o

    "username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"</smbmount>

<smbumount>smbumount %(MNTPT)</smbumount>

<!-- Only for truecrypt 4.x -->

<truecryptmount>truecrypt %(VOLUME) %(MNTPT)</truecryptmount>

<truecryptumount>truecrypt -d %(MNTPT)</truecryptumount>

<!--

See http://www.tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html to

learn how to create a encrypted loopback filesystem.

If the volume's password is different than the user's login password, the

following technique may be used (see also README):

{...} are placeholders, insert the proper value there!

1.  Create a file containing the volume's password (FS key). If you are

    using pam_mount to mount an loopback encrypted volume, this password

    should be generated with /dev/urandom.

    Simple example:

    echo {volume password} | openssl enc -aes-256-ecb >/home/user.key

    Encrypt this file using the user's login password as the key.

    Verbose loopback encrypted volume example:

    a.  dd if=/dev/urandom of=/home/user.img bs=1M count={image size in MB}

    b.  dd if=/dev/urandom bs=1c count={keysize/8} | \

        openssl enc -{fs key cipher} >/home/user.key

        Encrypt this file using the user's login password as the key.

    c.  modprobe -q cryptoloop

    d.  openssl enc -d -{fs key cipher} -in /home/user.key | \

        losetup -e aes -k {keysize} -p0 /dev/loop0 /home/user.img

    e.  mkfs -t ext2 /dev/loop0

    f.  losetup -d /dev/loop0

3.  In pam_mount.conf.xml:

        a.  Set the fs key cipher variable to the cipher used

            (ie: aes-256-ecb).

        b.  Set the fs key path variable to the key's path

            (ie: /home/user.key)

4.  If a user changes his login password, regenerate the efsk that was

    created in step 1b.  A script named passwdehd is provided to do this.

If FSKEYCIPHER is empty, then the user's login password is also the

volume's password.

-->

      <!-- pam_mount parameters: Messages -->

<msg-authpw>pam_mount password:</msg-authpw>

<msg-sessionpw>reenter password for pam_mount:</msg-sessionpw>

</pam_mount>

```

W tym pliku jest montowana partycja zaszyfrowana która ręcznie działa, ale nawet próbowałem czegoś takiego:

<volume user="root" path="/dev/sda2" mountpoint="/boot" />

i efekt ten sam, czyli nic, nawet błędów nie widać.

Czy ktoś wie co robię źle?

Update:

W pliku system-auth brakowało takiej linijki:

session optional pam_mount.so

----------

