Craig McLean wrote: > ... > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174190 > > FYI, pam_mount-0.9.25 should build ok. It's what I'm using here. > today pam_mount-0.13.0 was released, and it comes with a pam_mount-0.13.0.i586.rpm on sourceforge. However this was linked against openssl-0.9.7, which is not installed in FC5. So I grabbed openssl097a, which contains these versions, but not the symlinks; after creating them in /lib libcrypto.so.0.9.7 -> libcrypto.so.0.9.7a* libssl.so.0.9.7 -> libssl.so.0.9.7a* I was able to use pam_mount. It's not easy. The pam_mount.conf file has this config for the crypt filesystem: cryptmount /bin/mount -t crypt "%(before=\"-o\" OPTIONS)" %(VOLUME) %(MNTPT) but the FC5 mount program does not understand the "crypt" fs type (is there a mount that does? I thought this was an open issue with dm-crypt). So I installed the mount.crypt script that comes with pam_mount and changed the config to cryptmount /bin/mount.crypt %(VOLUME) %(MNTPT) -o %(OPTIONS) and after hacking the login,rlogin,remote pam.d configs I am now able to have the homedir mounted in a test setting. I created a test user "bozo" and prepared an encrypted plain-file container and use it with this line in pam_mount.conf: volume bozo crypt - /var/cryptohome /bozo loop,fstype=ext3 - - There is one remaining problem. The mount.crypt script tries to come up with a suitable mapper device name from the target of the loopback device it creates (in this case it should be _var_cryptohome), and the code looks like this: DMDEVICE=` "$LOSETUP" "$DEVICE" 2>/dev/null | sed -n '/(.+)/ { s/.*(//; s/).*//; p;}'`; the FC5 losetup generates output such as /dev/loop0: [0303]:97744 (/var/cryptohome) and I can't figure out why the address pattern /(.+)/ doesn't match (the sed generates no output), so ended up deleting it and use DMDEVICE=` "$LOSETUP" "$DEVICE" 2>/dev/null | sed -n '{ s/.*(//; s/).*//; p;}'`; the name is important because pam_mount uses it to check whether the filesystem has already been mounted. Roman
