[pkg-cryptsetup-devel] Bug#850756: cryptsetup: Please save password to kernel keyring

Laurent Bigonville bigon at debian.org
Mon Jan 9 22:58:11 UTC 2017


Package: cryptsetup
Version: 2:1.7.3-3
Severity: wishlist

Hi,

Since gdm 3.22, there is a new pam module that unlock the gnome-keyring
using the keyring using the password of the luks partition.

The idea is that on a single user laptop, the user uses the same
password for his encrypted root and user in addition to autologin.

Tje pam module read the kernel keyring to find that password with the
followin code:

        serial = find_key_by_type_and_desc ("user", "cryptsetup", 0);
        if (serial == 0)
                return PAM_AUTHINFO_UNAVAIL;

        r = keyctl_read_alloc (serial, &cached_password);

So it would be nice if cryptsetup could store that password in the
keyring after opening successfully the main luks partition.

Regards,

Laurent Bigonville

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:1.7.3-3
ii  debconf [debconf-2.0]  1.5.59
ii  dmsetup                2:1.02.137-1
ii  libc6                  2.24-8

Versions of packages cryptsetup recommends:
ii  busybox                                 1:1.22.0-19+b1
ii  console-setup                           1.156
ii  initramfs-tools [linux-initramfs-tool]  0.126
ii  kbd                                     2.0.3-2

Versions of packages cryptsetup suggests:
ii  dosfstools              4.0-2
ii  keyutils                1.5.9-9
ii  liblocale-gettext-perl  1.07-3+b1

-- debconf information excluded



More information about the pkg-cryptsetup-devel mailing list