ecryptfs-utils does not work with LDAP/Kerberos users
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Fix Released
|
Medium
|
Dustin Kirkland | ||
ecryptfs-utils (Ubuntu) |
Fix Released
|
Medium
|
Dustin Kirkland |
Bug Description
Ubuntu version: Intrepid 8.10
eCrypt-utils version: 53-1ubuntu12
slapd version: 2.4.11-0ubuntu6
krb5-* version: 1.6.dfsg.4~beta1-3
All my users use OpenLDAP and MIT Kerberos5 to login, pam.d common-* and ldap.conf files are correctly configured, e.g. ldapwhoami reports:
testuser@
SASL/GSSAPI authentication started
SASL username: <email address hidden>
SASL SSF: 56
SASL data security layer installed.
dn:uid=
klist reports:
Default principal: <email address hidden>
Valid starting Expires Service principal
11/04/08 14:21:28 11/05/08 14:21:28 <email address hidden>
11/04/08 14:27:42 11/05/08 14:21:28 <email address hidden>
When using the tools from the ecryptfs-utils package such as:
ecryptfs-
ERROR: User [xxx] does not exist
e.g:
testuser@
ERROR: User [testuser] does not exist
This user only appears in LDAP and SASLAUTHD with Kerberos providing password auth.
This becomes an issue when using dovecot-auth, e.g:
Nov 4 14:30:10 dj-dvant-server dovecot-auth: pam_ldap: error trying to bind as user "uid=testuser,
Nov 4 14:30:10 dj-dvant-server dovecot-auth: pam_sm_
Nov 4 14:30:10 dj-dvant-server dovecot-auth: pam_sm_
Nov 4 14:30:10 dj-dvant-server dovecot-auth: Error attempting to parse .ecryptfsrc file; rc = [-5]
Nov 4 14:30:10 dj-dvant-server dovecot-auth: Unable to read salt value from user's .ecryptfsrc file; using default
Nov 4 14:30:10 dj-dvant-server dovecot-auth: Error attempting to open [/home/
Nov 4 14:30:10 dj-dvant-server dovecot-auth: Error attempting to unwrap passphrase from file [/home/
Nov 4 14:30:10 dj-dvant-server dovecot-auth: Error adding passphrase key token to user session keyring; rc = [-5]
Related branches
Changed in ecryptfs: | |
assignee: | nobody → kirkland |
status: | New → Triaged |
Changed in ecryptfs-utils: | |
assignee: | nobody → kirkland |
status: | New → Triaged |
Changed in ecryptfs: | |
importance: | Undecided → Medium |
Changed in ecryptfs-utils: | |
importance: | Undecided → Medium |
Changed in ecryptfs: | |
status: | Fix Committed → Fix Released |
Changed in ecryptfs-utils: | |
status: | Triaged → Fix Committed |
Fix committed, will be released in version -65