Encrypted Private Directory Not Mounted at Logon

Same to me - independent of architecture (i386 / amd64) the login to graphical desktop is stopping after selecting an user and typing (the corect) password.

Downgrading to packages ...76-0ubuntu1 solves the problem, as well as to change to tty (1 to 6), enter the username and the passwort and return to the graphical login.

I will be uploading a fix for this later today.

:-Dustin

The bug is in commit 407, this part of the patch and hunk.

I'm testing a fix that changes this patch...

=== modified file 'src/libecryptfs/key_management.c'
--- src/libecryptfs/key_management.c 2009-07-17 05:32:26 +0000
+++ src/libecryptfs/key_management.c 2009-07-17 07:32:40 +0000
@@ -583,23 +583,25 @@
        /* If the kernel supports filename encryption, add the associated
         * filename encryption key to the keyring as well
         */
- if (ecryptfs_get_version(&version) == 0 &&
+ if (ecryptfs_get_version(&version) != 0 ||
            ecryptfs_supports_filename_encryption(version)) {
                if ((rc = ecryptfs_add_passphrase_key_to_keyring(
                                        auth_tok_sig,
                                        decrypted_passphrase,
- ECRYPTFS_DEFAULT_SALT_FNEK_HEX))) {
+ ECRYPTFS_DEFAULT_SALT_FNEK_HEX)) < 0) {
                        syslog(LOG_ERR,
                           "Error attempting to add filename encryption key to "
                           "user session keyring; rc = [%d]\n", rc);
+ goto out;
                }
        }
        if ((rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig,
                                                         decrypted_passphrase,
- salt))) {
+ salt)) < 0) {
                syslog(LOG_ERR, "Error attempting to add passphrase key to "
                       "user session keyring; rc = [%d]\n", rc);
- }
+ } else
+ rc = 0;
 out:
        return rc;
 }

This bug was fixed in the package ecryptfs-utils - 77-0ubuntu1

---------------
ecryptfs-utils (77-0ubuntu1) karmic; urgency=low

  [ Dustin Kirkland ]
  * src/libecryptfs/key_management.c, src/pam_ecryptfs/pam_ecryptfs.c:
    revert the zombie code removal from pam_ecryptfs as it seems this
    bit is still needed; fix the source of the problem introduced in
    commit r407; check for non-zero return codes; this problem would
    manifest itself as a) unable to unlock screensaver, b) unable to
    switch users, c) unable to mount home folder on initial login;
    LP: #402222, #402029
  * src/utils/ecryptfs-umount-private: use for loop to loop over key
    ids on removal
  * src/utils/mount.ecryptfs_private.c: return non-zero on unmount failure
    due to open sessions; handle this in ecryptfs-umount-private too; make
    the flock() blocking; use /dev/shm for counter; add an iterator to the
    counter file to prevent users from DoS'ing one another from accessing
    their encrypted directories, LP: #402745
  * debian/ecryptfs-utils.postinst: move /tmp counters to /dev/shm
  * configure.ac: link against pam, silence shlib warning
  * src/include/ecryptfs.h, src/libecryptfs/main.c,
    src/pam_ecryptfs/pam_ecryptfs.c, src/utils/Makefile.am,
    src/utils/mount.ecryptfs_private.c: move two functions from
    mount.ecryptfs_private to libecryptfs, namely is_mounted() and
    fetch_private_mnt(); use these in both pam_ecryptfs and
    mount.ecryptfs_private; also move PRIVATE to ECRYPTFS_PRIVATE in
    the ecryptfs.h headers; this will allow us to short-circuit some of the
    costly key-loading code on pam_auth if the private dir is already
    mounted, speeding up some subsequent authentications significantly,
    LP: #402748
  * doc/ecryptfs-mount-private.txt: removed the "$" to make copy-n-paste
    more user friendly
  * src/utils/ecryptfs-setup-private: when encrypting home, put the
    .ecryptfs and .Private data in /home/.ecryptfs rather than /var/lib,
    as users are forgetting to backup /var/lib, and are often putting
    /home on a separate partition; furthermore, this gives users a place
    to access their encrypted data for backup, rather than hiding the
    data below $HOME, LP: #371719

  [ Tyler Hicks ]
  * src/libecryptfs/cipher_list.c, src/libecryptfs/module_mgr.c:
    add blowfish/56-bytes to the list of ciphers we officially support,
    LP: #402790

 -- Dustin Kirkland <email address hidden> Wed, 22 Jul 2009 00:01:56 -0500

I have just updated my packages, including ecryptfs 78-0. The problem persists as before: the home directory is not automatically mounted. Sure that the fix was committed to 78-0 as well?

neferty-

Are you still experiencing this issue?

I'm going to need a bit more debugging...

Can you show me a listing of your $HOME/.ecryptfs directory?

:-Dustin

Is anyone else besides neferty experiencing this?

Or has the ecryptfs-utils-78 solved other people's issues with respect to this bug?

:-dustin

For me the problem was solved - I can login as in the past (using new login of gnome-desktop as well as with kde-desktop)

Hello Dustin,

I Do not have .ecryptfs directory in my home folder. I have located one in
/var/lib/ecryptfs/neferty:

neferty@neferty:~$ cd .ecryptfs
bash: cd: .ecryptfs: No such file or directory
neferty@neferty:~$ cd /var/lib/ecryptfs/neferty; ls -al
total 20
drwx------ 2 neferty neferty 4096 2009-03-08 10:54 .
drwxr-xr-x 3 root root 4096 2009-03-08 10:54 ..
-rw-r--r-- 1 neferty neferty 0 2009-03-08 10:54 auto-mount
-rw-r--r-- 1 neferty neferty 0 2009-03-08 10:54 auto-umount
-rw------- 1 neferty neferty 14 2009-03-08 10:54 Private.mnt
-rw------- 1 neferty neferty 34 2009-03-08 10:54 Private.sig
-rw------- 1 neferty neferty 48 2009-03-08 10:54 wrapped-passphrase
neferty@neferty:/var/lib/ecryptfs/neferty$

On Tue, Jul 28, 2009 at 10:30 PM, Dustin Kirkland <<email address hidden>
> wrote:

> neferty-
>
> Are you still experiencing this issue?
>
> I'm going to need a bit more debugging...
>
> Can you show me a listing of your $HOME/.ecryptfs directory?
>
> :-Dustin
>
> --
> Encrypted Private Directory Not Mounted at Logon
> https://bugs.launchpad.net/bugs/402222
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “ecryptfs-utils” package in Ubuntu: New
> Status in ecryptfs-utils in Ubuntu Karmic: New
>
> Bug description:
> Binary package hint: ecryptfs-utils
>
> When logging in, a user's encrypted private directory is no longer
> automatically mounted.
>
> As a workaround, ecryptfs-mount-private works to mount the directory. If
> user's entire home directory is encrypted, this is a pretty big issue as
> user must drop to tty at GDM to mount the directory before returning to
> graphical logon and proceeding to log in to session.
>
> ProblemType: Bug
> Architecture: i386
> Date: Tue Jul 21 09:42:28 2009
> DistroRelease: Ubuntu 9.10
> NonfreeKernelModules: wl
> Package: ecryptfs-utils 76-0ubuntu2
> ProcEnviron:
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersionSignature: Ubuntu 2.6.31-3.19-generic
> SourcePackage: ecryptfs-utils
> Uname: Linux 2.6.31-3-generic i686
>

Dustin,

I tried to make a symbolic link $HOME/.ecryptfs -->
/var/lib/ecryptfs/neferty but it seems to not have solved the problem.
When I switch to tty1 before logging in and login with my user, I see the
following message:

keyctl_search: Required key not available
Perhaps try the interactive 'ecryptfs-mount-private'

And as of today, after mounting my home directory manually and logging in, I
get the following window:
========================
Information available
-------------------------------------------
Record your encryption passphrase

To encrypt your home directory or "Private" folder, a strong passphrase has
been autogenerated. Usually your directory is unlocked with your user
password, but if you ever need to manually recover this directory, you will
need this passphrase. Please print or write it down and store it in a safe
location.
You can run the "ecryptfs-unwrap-passphrase" command now to do this. Enter
your user password at the "Passphrase" prompt.
========================

Maybe it has something to do with the newly created symbolic link from my
home directory. I'll try removing it and see if this window appears again...

Dustin, maybe it has something to do with my password that I have changed
while this problem appeared? I still have to enter my OLD password my
running ecryptfs-mount-private (but am logging in with my NEW password).
What do you think?

On Wed, Jul 29, 2009 at 8:33 AM, Roman Semko <email address hidden> wrote:

> Hello Dustin,
>
> I Do not have .ecryptfs directory in my home folder. I have located one in
> /var/lib/ecryptfs/neferty:
>
> neferty@neferty:~$ cd .ecryptfs
> bash: cd: .ecryptfs: No such file or directory
> neferty@neferty:~$ cd /var/lib/ecryptfs/neferty; ls -al
> total 20
> drwx------ 2 neferty neferty 4096 2009-03-08 10:54 .
> drwxr-xr-x 3 root root 4096 2009-03-08 10:54 ..
> -rw-r--r-- 1 neferty neferty 0 2009-03-08 10:54 auto-mount
> -rw-r--r-- 1 neferty neferty 0 2009-03-08 10:54 auto-umount
> -rw------- 1 neferty neferty 14 2009-03-08 10:54 Private.mnt
> -rw------- 1 neferty neferty 34 2009-03-08 10:54 Private.sig
> -rw------- 1 neferty neferty 48 2009-03-08 10:54 wrapped-passphrase
> neferty@neferty:/var/lib/ecryptfs/neferty$
>
>
>
> On Tue, Jul 28, 2009 at 10:30 PM, Dustin Kirkland <
> <email address hidden>> wrote:
>
>> neferty-
>>
>> Are you still experiencing this issue?
>>
>> I'm going to need a bit more debugging...
>>
>> Can you show me a listing of your $HOME/.ecryptfs directory?
>>
>> :-Dustin
>>
>> --
>> Encrypted Private Directory Not Mounted at Logon
>> https://bugs.launchpad.net/bugs/402222
>> You received this bug notification because you are a direct subscriber
>> of the bug.
>>
>> Status in “ecryptfs-utils” package in Ubuntu: New
>> Status in ecryptfs-utils in Ubuntu Karmic: New
>>
>> Bug description:
>> Binary package hint: ecryptfs-utils
>>
>> When logging in, a user's encrypted private directory is no longer
>> automatically mounted.
>>
>> As a workaround, ecryptfs-mount-private works to mount the directory. If
>> user's entire home directory is encrypted, this is a pretty big issue as
>> user must drop to tty at GDM to mount the directory before re...

Dustin-

Just wanted to comment that this bug was fixed for me as of ecryptfs-utils (77-0ubuntu1).

Thanks so much for the update! I expected so, as I specifically fixed
that problem.

:-Dustin

Hmm, Dustin, do you have any ideas what could be the source of my problem?
There must be a reason why I am getting this message:

"keyctl_search: Required key not available"

But I don't know where to start solving it. Has anyone else reported this
problem??

On Tue, Aug 4, 2009 at 4:15 PM, Dustin Kirkland
<email address hidden>wrote:

> Thanks so much for the update! I expected so, as I specifically fixed
> that problem.
>
> :-Dustin
>
> --
> Encrypted Private Directory Not Mounted at Logon
> https://bugs.launchpad.net/bugs/402222
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “ecryptfs-utils” package in Ubuntu: New
> Status in ecryptfs-utils in Ubuntu Karmic: New
>
> Bug description:
> Binary package hint: ecryptfs-utils
>
> When logging in, a user's encrypted private directory is no longer
> automatically mounted.
>
> As a workaround, ecryptfs-mount-private works to mount the directory. If
> user's entire home directory is encrypted, this is a pretty big issue as
> user must drop to tty at GDM to mount the directory before returning to
> graphical logon and proceeding to log in to session.
>
> ProblemType: Bug
> Architecture: i386
> Date: Tue Jul 21 09:42:28 2009
> DistroRelease: Ubuntu 9.10
> NonfreeKernelModules: wl
> Package: ecryptfs-utils 76-0ubuntu2
> ProcEnviron:
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersionSignature: Ubuntu 2.6.31-3.19-generic
> SourcePackage: ecryptfs-utils
> Uname: Linux 2.6.31-3-generic i686
>

neferty-

Can you please open a new bug?

I'm very convinced that the original bug reported here is fixed, and
that you have a different issue. I'll help you work through that, but
it's not the same as this one.

Please provide as much information you can about your setup.

:-Dustin

I have a fresh Karmic Alpha 3 install on x64 which did not have this issue. My Private directory mounts without any problem, so I also think this bug is fixed.
~/.ecryptfs$ ls -la
totaal 20
drwx------ 2 peter peter 4096 2009-07-31 22:38 .
drwxr-xr-x 4 peter peter 4096 2009-07-31 22:35 ..
-rw-r--r-- 1 peter peter 0 2009-07-31 22:35 auto-mount
-rw-r--r-- 1 peter peter 0 2009-07-31 22:35 auto-umount
-rw------- 1 peter peter 12 2009-07-31 22:35 Private.mnt
-rw------- 1 peter peter 34 2009-07-31 22:35 Private.sig
-rw------- 1 peter root 48 2009-07-31 22:35 wrapped-passphrase
-rw-r--r-- 1 peter peter 0 2009-07-31 22:38 .wrapped-passphrase.recorded

when I try to run ecryptfs-mount-private I get the error ERROR Encrypted private directory is not setup properly
I dunno how to get past this.

I'm running into the same problem, but I'm using ubuntu lucid (10.04)

I believe that this bug is actually a duplicate of Bug #725862, which should be fix-released.