# Unable to mount ecryptfs on login in KDE login screen

## petan

I tried following this manual, which is almost perfect http://gentoo-en.vfose.ru/wiki/Encrypt_home_directory_with_ecryptfs except it doesn't work

Now I have a problem that my home doesn't get mounted on login, in logs I have

```
Jan 19 21:08:21 localhost kdm[4180]: :0[4180]: pam_ecryptfs: NULL passphrase; aborting

Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: pam_unix(kde:session): session opened for user petanb by (uid=0)

Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: PAM prompt outside authentication phase

Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: (pam_mount.c:173): conv->conv(...): Conversation error

Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: (pam_mount.c:477): warning: could not obtain password interactively either

Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: (rdconf2.c:70): option "nodev" required

Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: Luser volume for /home/petanb is missing options that are required by global <mntoptions>

Jan 19 21:08:21 localhost kdm[4137]: :0[4137]: pam_ck_connector(kde:session): nox11 mode, ignoring PAM_TTY :0
```

it seems that PAM for some reason doesn't forward the password to ecryptfs modules

----------

## petan

I got more information after debugging, there were issues with configuration of /etc/security/pam_mount* there was missing line:

```
<mntoptions require="" />
```

However, now that I try to switch to my user I get another error:

mount: only root can use --types option

Or eventually after some hacking:

mount: only root can mount /home/.ecryptfs/petr.bena/.Private on /home/petr.bena

Is there any way to allow PAM module to execute mount? I don't really care if giving PAM or regular users powers to do mount is security issue, having non-encrypted home folder is 200 times bigger issue to me.

----------

## petan

When I added "users" options in fstab for my mount, I get

```
localhost .ecryptfs # su - petr.bena

(rdconf1.c:744): path to luserconf set to /home/petr.bena/.pam_mount.conf.xml

(pam_mount.c:568): pam_mount 2.15: entering session stage

(pam_mount.c:616): going to readconfig /home/petr.bena/.pam_mount.conf.xml

reenter password for pam_mount:

(rdconf2.c:127): checking sanity of luserconf volume record (/home/.ecryptfs/petr.bena/.Private)

(mount.c:263): Mount info: luserconf, user=petr.bena <volume fstype="ecryptfs" server="(null)" path="/home/.ecryptfs/petr.bena/.Private" mountpoint="/home/petr.bena" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="noauto,users,rw,nodev,nosuid,relatime,ecryptfs_fnek_sig=3eaebb9ccb5a25be,ecryptfs_sig=3eaebb9ccb5a25be,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs" /> fstab=1 ssh=0

(mount.c:660): Password will be sent to helper as-is.

command: '/bin/mount' '-i' '/home/.ecryptfs/petr.bena/.Private' 

(spawn.c:136): setting uid to user petr.bena

(mount.c:68): Messages from underlying mount program:

(mount.c:72): mount: mount(2) failed: No such file or directory

```

----------

