Ive exhausted all the advice in the posts I can find on this subject. And this is my first on fedoraforum.
Im playing around with via padlock h/w for encrypting disks and am currently trying to mount encrypted USB flash memory to /home/<user> at login through either GDM or KDM, using pam_mount.
GDM requests the password twice even when using use_first pass and more importantly does not unmount the device when logging out, leaving the device accessible to the next person who logs in.
KDM just doesnt recognise an encrypted usb flash drive either at login (or when already logged in). KDE does however unmount the device if you use GDM to login.
I have changed combinations of /etc/pam.d/gdm, login, kdm, kdm-np, kcheckpass to include the following:
auth optional pam_mount.so use_first_pass
session optional pam_mount.so
also taken "use_first_pass" out of the above and added the following as an alternative...
auth include system_auth use_first_pass
none of the above stops gdm asking for the password to be re-entered and for KDM none of the files above influence KDM mounting the device at all.
As for leaving the device mounted at logout the security log indicates device busy:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_unix(gdm:session): session closed for user guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:533) received order to close things
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:534) real and effective user ID are 0 and 0.
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [guest1] [-o] [-1]
Feb 9 23:27:45 localhost gdm-binary[2410]: pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[2410]: pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:360) pmvarrun says login count is 0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:556) going to unmount
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:368) information for mount:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:369) ----------------------
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:370) (defined by globalconf)
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:373) user: guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:374) server:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:375) volume: /dev/sdc1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:376) mountpoint: /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:377) options:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:378) fs_key_cipher:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:379) fs_key_path:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:380) use_fstab: 0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:381) ----------------------
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(misc.c:264) command: /usr/sbin/lsof [/home/guest1]
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:131) lsof output (should be empty)...
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) bluetooth 2200 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) python 2210 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) puplet 2211 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) nm-applet 2212 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) gam_serve 2252 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:133) waiting for lsof
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(misc.c:264) command: /sbin/umount.crypt [/home/guest1]
Feb 9 23:27:45 localhost gdm-binary[2413]: pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[2413]: pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:487) umount errors (should be empty):
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) gdm-binary[2413]: pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) gdm-binary[2413]: pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) umount: /home/guest1: device is busy
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) umount: /home/guest1: device is busy
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) umount.crypt: error unmounting /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:490) waiting for umount
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:558) unmount of /dev/sdc1 failed
Ive seen posts to the effect that this is likely to be Gconf, but have seen no fix / workaround for this.
Any help with fixing either of these or telling me how to get KDM / KDE working as an alternative would be really appreciated.
Thanks
Hybrid Mode
