# ecryptfs - Could not find key with description:

## R.A.P.S

Hello,

Last friday i have changed my password (unix+ ecryptfs passphrase).

Today after a reboot the automount via pam.d is broken.

I created a whole new user and try it but i was getting same errors

I used this guide: http://gentoo-en.vfose.ru/wiki/Encrypt_home_directory_with_ecryptfs

DMESG (main problem i think)

```

[   92.599071] Could not find key with description: [20a617c3482bc0bf]

[   92.599075] process_request_key_err: No key

[   92.599076] Could not find valid key in user session keyring for sig specified in mount option: [20a617c3482bc0bf]

[   92.599077] One or more global auth toks could not properly register; rc = [-2]

[   92.599078] Error parsing options; rc = [-2]

```

Login via KDM/SSH/SU/SHELL

```

(rdconf1.c:744): path to luserconf set to /home/gentoo/.pam_mount.conf.xml

(pam_mount.c:568): pam_mount 2.15: entering session stage

(pam_mount.c:616): going to readconfig /home/gentoo/.pam_mount.conf.xml

reenter password for pam_mount:

(rdconf2.c:127): checking sanity of luserconf volume record (/home/.ecryptfs/gentoo/.Private/)

(mount.c:263): Mount info: luserconf, user=gentoo <volume fstype="ecryptfs" server="(null)" path="/home/.ecryptfs/gentoo/.Private/" mountpoint="/home/gentoo" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0

(mount.c:660): Password will be sent to helper as-is.

command: '/bin/mount' '-i' '/home/.ecryptfs/gentoo/.Private/' 

(spawn.c:136): setting uid to user gentoo

(mount.c:68): Messages from underlying mount program:

(mount.c:72): mount: mount(2) ist fehlgeschlagen: Datei oder Verzeichnis nicht gefunden

(mount.c:554): 14 0 0:14 /root / rw,relatime - btrfs /dev/md1 rw,space_cache

(mount.c:554): 15 14 0:5 / /dev rw,nosuid,relatime - devtmpfs devtmpfs rw,size=10240k,nr_inodes=501565,mode=755

(mount.c:554): 16 14 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw

(mount.c:554): 17 14 0:17 / /run rw,nodev,relatime - tmpfs tmpfs rw,size=401476k,mode=755

(mount.c:554): 18 15 0:13 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw

(mount.c:554): 19 15 0:11 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620

(mount.c:554): 20 15 0:18 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw

(mount.c:554): 21 14 0:19 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw

(mount.c:554): 22 21 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime - debugfs debugfs rw

(mount.c:554): 23 21 0:20 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs cgroup_root rw,size=10240k,mode=755

(mount.c:554): 24 23 0:21 / /sys/fs/cgroup/openrc rw,nosuid,nodev,noexec,relatime - cgroup openrc rw,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc

(mount.c:554): 25 23 0:22 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cpuset rw,cpuset

(mount.c:554): 26 23 0:23 / /sys/fs/cgroup/cpu rw,nosuid,nodev,noexec,relatime - cgroup cpu rw,cpu

(mount.c:554): 27 23 0:24 / /sys/fs/cgroup/cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cpuacct rw,cpuacct

(mount.c:554): 28 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup freezer rw,freezer

(mount.c:554): 29 14 0:14 /marrap /home/.ecryptfs/marrap rw,relatime - btrfs /dev/md1 rw,space_cache

(mount.c:554): 30 16 0:28 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime - binfmt_misc binfmt_misc rw

(mount.c:554): 31 14 0:29 /m.raps /mnt/backup rw,relatime - cifs //10.20.1.134/home/m.raps/ rw,vers=1.0,cache=strict,username=m.raps,domain=intranet,uid=1000,forceuid,gid=1000,forcegid,addr=10.20.1.134,file_mode=0600,dir_mode=0700,nounix,serverino,rsize=61440,wsize=16580,actimeo=1

(mount.c:554): 32 14 0:30 /m.raps /mnt/terminal rw,relatime - cifs //10.20.1.121/users/m.raps/ rw,vers=1.0,cache=strict,username=m.raps,domain=intranet,uid=1000,forceuid,gid=1000,forcegid,addr=10.20.1.121,file_mode=0600,dir_mode=0700,nounix,serverino,rsize=61440,wsize=65536,actimeo=1

(pam_mount.c:522): mount of /home/.ecryptfs/gentoo/.Private/ failed

command: 'pmvarrun' '-u' 'gentoo' '-o' '1' 

(pmvarrun.c:254): parsed count value 0

(pam_mount.c:441): pmvarrun says login count is 1

(pam_mount.c:660): done opening session (ret=0)

```

/etc/pam.d/system-auth

```

auth            required        pam_env.so 

auth            required        pam_unix.so try_first_pass likeauth nullok 

auth            optional        pam_ecryptfs.so unwrap

auth            optional        pam_permit.so

auth            optional        pam_mount.so

account         required        pam_unix.so 

account         optional        pam_permit.so

 

password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 

password        required        pam_unix.so try_first_pass use_authtok nullok sha512 shadow 

password        optional        pam_ecryptfs.so

password        optional        pam_permit.so

 

session         required        pam_limits.so 

session         required        pam_env.so 

session         required        pam_unix.so 

session         optional        pam_permit.so

session         optional        pam_mount.so

```

/etc/security/pam_mount.conf.xml

```

<?xml version="1.0" encoding="utf-8" ?>

<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">

<pam_mount>

<debug enable="1" />

<luserconf name=".pam_mount.conf.xml" />

<mntoptions allow="verbosity,users,noauto,rw,exec,nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,ecryptfs_key_bytes,ecryptfs_cipher,ecryptfs_fnek_sig,ecryptfs_unlink_sigs,ecryptfs_sig" />

<mntoptions require="" />

<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>

<logout wait="0" hup="0" term="0" kill="0" />

<lclmount>/bin/mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount>

</pam_mount>

```

cat /home/gentoo/.pam_mount.conf.xml

```

<pam_mount>

<volume noroot="1" fstype="ecryptfs" path="/home/.ecryptfs/gentoo/.Private/" mountpoint="/home/gentoo"/>

</pam_mount>

```

ll /home/gentoo/.ecryptfs/

```

-rwx------ 1 gentoo gentoo  0 19. Mai 22:53 auto-mount

-rwx------ 1 gentoo gentoo 17 19. Mai 22:52 sig-cache.txt

-rwx------ 1 gentoo gentoo 32 19. Mai 22:53 wrapped-passphrase

```

/etc/fstab

```

/dev/md1         /                                    btrfs defaults,subvol=root      0 1

/dev/md1        /home/.ecryptfs/gentoo btrfs defaults,subvol=gentoo 0 2

/dev/mapper/crypt-swap-md0              none            swap            sw        0 0

/home/.ecryptfs/gentoo/.Private/ /home/gentoo ecryptfs noauto,user,exec,rw,ecryptfs_sig=20a617c3482bc0bf,ecryptfs_cipher=aes,ecryptfs_key_bytes=24,ecryptfs_fnek_sig=20a617c3482bc0bf,ecryptfs_unlink_sigs 0 0

```

keyctl show

```

Session Keyring

 586621881 --alswrv      0 65534  keyring: _uid_ses.0

 317398737 --alswrv      0 65534   \_ keyring: _uid.0

```

I tried to fix it the whole day but now i am out of ideas.

I think there is some problem with pam.d that dosent pass trough the password correctly.

Have someone here already dealt with this?

----------

