encrypted home dir tale of woe :-)

Marius Gedminas marius at pov.lt
Sun Jan 2 09:35:07 UTC 2011 

On Sat, Jan 01, 2011 at 12:54:58PM +1100, Karl Auer wrote:
> Here's a cautionary tale about encrypted home dirs with maverick.

(Summary: Change password via an unspecified method, everything works.
Forget new password, reset it with sudo passwd $user -> boom, home dir
not mountable.)

I may be wrong, but IIRC the encryption passphrase is stored in the
GNOME keyring, which is protected by a keyring password.  By default the
password is the same as your login password.

When you change your login password (via any method), a PAM module
(pam_gnome_keyring.so) tries to change your keyring password too, to
match your new login password.  It can only do that if it knows your old
password, so when you do

  $ passwd
  Password: (old)
  New password: (new)
  Repeat password: (new)

everything works fine, but when you force the password setting as root

  # passwd $username
  New password: (new)
  Repeat password: (new)

there's nothing pam_gnome_keyring can do.  This is a design thing: the
keyring is encrypted with the keyring password, so that nobody can
access any data inside it if they get the encrypted file.  If you forget
the password, you lose your keyring, and the filesystem encryption
passphrase with it.

> And I have an open question: If I'd changed my password from inside
> Nautilus rather than just using "passwd" on the command line, would it
> have done something behind the scenes to allow my home dir to decrypt
> using the new password? Or would I have ended up with the same problem? 

When you say Nautilus, I assume you mean the GNOME "About Me" dialog?
There's an open bug against it:

  https://bugzilla.gnome.org/show_bug.cgi?id=616703
  https://bugs.launchpad.net/gnome-keyring/+bug/416825
  https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/268731

so, no, it appears that changing the password that way is a sure way to
lose access to your encrypted home directory.  Unless you change the
password back.

To summarize:

  $ passwd as user --> safe
  # passwd as root --> breaks access to encrypted homes
  $ gnome-about-me --> breaks access to encrypted homes


Disclaimer: I don't use encrypted home directories myself, and I haven't
performed any experiments to verify these conclusions.  If someone knows
better, please say so!

Marius Gedminas
-- 
Cheap, Fast, Good -- pick two.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110102/65a79ba5/attachment.sig>

More information about the ubuntu-users mailing list