# Need help with pam_mount update [Solved]

## tabanus

pam_mount has finally gone stable, so I updated to version 2.1. Unfortunately pam_mount no longer automatically mounts my encrypted partition on login.

I found this forums post, this bug, and this sourceforge discussion, but I'm still confused as to what to do. Something about recreating the key. This encrypted partition contains absolutely mission critical data that I cannot afford to lose, and although I do have backups, it will be a major PITA to re-create it all.

So is anyone able to walk me though what I actually need to do to get automounting working again? (I can still de-crypt and mount the partiton using cryptsetup luksOpen).

Some details of my system:

```
$ cat /etc/security/pam_mount.conf.xml

<?xml version="1.0" encoding="utf-8" ?>

<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">

<!--

        See pam_mount.conf(5) for a description.

-->

<pam_mount>

                <!-- debug should come before everything else,

                since this file is still processed in a single pass

                from top-to-bottom -->

<debug enable="0" />

                <!-- Volume definitions -->

<!-- *****      VERY IMPORTANT - TAKE NOTE WHEN UPGRADING    ***** -->

<!-- ***    THESE ARE THE CURRENT ACTIVE ENCRYPTED PARTITIONS ***  -->

<volume user="Staff" fstype="crypt" path="/dev/sda7" mountpoint="/mnt/Shared" options="noatime" />

<volume user="admin" fstype="crypt" path="/dev/sda9" mountpoint="/mnt/admin" options="noatime" />

                <!-- pam_mount parameters: General tunables -->

<!--

<luserconf name=".pam_mount.conf.xml" />

-->

<!-- Note that commenting out mntoptions will give you the defaults.

     You will need to explicitly initialize it with the empty string

     to reset the defaults to nothing. -->

<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />

<!--

<mntoptions deny="suid,dev" />

<mntoptions allow="*" />

<mntoptions deny="*" />

-->

<mntoptions require="nosuid,nodev" />

<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>

<logout wait="0" hup="0" term="0" kill="0" />

                <!-- pam_mount parameters: Volume-related -->

<mkmountpoint enable="1" remove="true" />

</pam_mount>
```

```
# cryptsetup luksDump /dev/sda7

LUKS header information for /dev/sda7

Version:        1

Cipher name:    aes

Cipher mode:    cbc-essiv:sha256

Hash spec:      sha1

Payload offset: 1032

MK bits:        128

MK digest:      8e 7f 38 89 35 d1 05 81 41 19 74 cc 30 bb 90 b0 c9 07 4d 62 

MK salt:        85 31 98 20 00 d0 fd 0a 13 7d 5e 65 1d 79 28 65 

                76 08 e6 71 38 d4 8d 17 d2 9f c9 bb 65 18 76 37 

MK iterations:  10

UUID:           876e1453-fcd8-4d88-ac97-20daff6a862c

Key Slot 0: ENABLED

        Iterations:             154111

        Salt:                   f7 0a a0 b1 70 05 6f 13 62 42 58 25 16 f2 66 ff 

                                31 66 78 c4 bf fc 53 d2 33 92 82 9d df 3c d5 a1 

        Key material offset:    8

        AF stripes:             4000

Key Slot 1: ENABLED

        Iterations:             153901

        Salt:                   79 68 1c 42 27 ea 90 9d f7 6d 13 12 d1 0b 7a fe 

                                4e 77 6c 60 f5 2a db 92 fd 4a 5e 32 46 c9 e8 01 

        Key material offset:    136

        AF stripes:             4000

Key Slot 2: DISABLED

Key Slot 3: DISABLED

Key Slot 4: DISABLED

Key Slot 5: DISABLED

Key Slot 6: DISABLED

Key Slot 7: DISABLED
```

Thanks

----------

## nkk

I also had some problems — encrypted partition was opened by pam_mount but not mounted. This is because pam_mount in 2.1 can mount encrypted partition using only key (password) in slot 0. It means your unix account password has to be the same as password in slot 0 in your luks-partition.

Try update pam_mount to 2.4 — they fix this problem.

It fixes the problem only if you unlock partitions using user's password which is in slot 1, not in slot 0.

----------

## tabanus

Ok I'll try that. Can't for the life of me remember which slot my user password is in, and had forgot I even had a second password for that partition.

----------

## tabanus

 *nkk wrote:*   

> Try update pam_mount to 2.4 — they fix this problem.

 

That's sorted it. Thanks

----------

