Bug#401310: su asking for password because of pam_mount
Bas Zoetekouw
Version: 0.18-3
Severity: normal
I enabled pam_mount for 1 use (bas) like this:
volume bas crypt - /dev/mapper/emilia-bas_crypto /home/bas - - -
So note that pam_mount should only ever do anything for the user bas,
and that is uses bas's password as the key to mount the encrypted
volume.
After I set this up, cronjobs that use su (popularity-contest, polipo)
started asking for passwords:
| ophelia:/etc/cron.weekly# ./popularity-contest
| reenter password:
This turns out to be due to su (which I enabled pam_mount for) asking
for the password:
| ophelia:/etc/cron.weekly# su -c ls
| reenter password:
| 0anacron man-db popularity-contest sysklogd
Note that I didn't enter a password here, I just pressed enter;
so even without the password, su still works fine.
Now, in auth.log the following shows up:
| Dec 2 14:37:00 ophelia su[351]: Successful su for root by root
| Dec 2 14:37:00 ophelia su[351]: + pts/1 root:root
| Dec 2 14:37:00 ophelia su[351]: (pam_unix) session opened for user root by (uid=0)
| Dec 2 14:37:00 ophelia su[351]: pam_mount(pam_mount.c:413) error trying to retrieve authtok from auth code
So it seems that pam_mount still is asking pam/su for a password, even
though it shouldn't do anything it all for the user root.
This is pretty annoying, especially in cronjobs, which aren't suppoed
to produce any output.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18.3
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages libpam-mount depends on:
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libglib2.0-0 2.12.4-2 The GLib library of C routines
ii libssl0.9.8 0.9.8c-3 SSL shared libraries
ii mount 2.12r-15 Tools for mounting and manipulatin
ii zlib1g 1:1.2.3-13 compression library - runtime
libpam-mount recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Bastian Kleineidam
Hash: SHA1
Hello Bas,
Bas Zoetekouw schrieb:
> After I set this up, cronjobs that use su (popularity-contest, polipo)
> started asking for passwords:
This happens only if you enabled pam_mount in /etc/pam.d/su, which you
don't normally need. Just enable it in /etc/pam.d/login or whatever
login manager you are using. This should be sufficient for mounting a
home dir on login.
> Now, in auth.log the following shows up:
>
> | Dec 2 14:37:00 ophelia su[351]: Successful su for root by root
> | Dec 2 14:37:00 ophelia su[351]: + pts/1 root:root
> | Dec 2 14:37:00 ophelia su[351]: (pam_unix) session opened for user root by (uid=0)
> | Dec 2 14:37:00 ophelia su[351]: pam_mount(pam_mount.c:413) error trying to retrieve authtok from auth code
If you turn on debugging (set debug=1 in pam_mount.conf), you'll see
what config line the pam_mount module matched. This will help you debug
the problem.
Hope this helps,
Bastian
- --
,''`. Bastian Kleineidam
: :' : GnuPG Schlüssel
`. `' gpg --keyserver wwwkeys.pgp.net --recv-keys 32EC6F3E
`-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFcxmoeBwlBDLsbz4RApUMAJ9REbS1vRbjPvYFB0yCmKCNdteCTwCaAk+I
ZzGuoIzPF/Gh0py7Tn0vcLo=
=MHaW
-----END PGP SIGNATURE-----