Во время установки Fedora 23 я выбрал вариант шифрования раздела /home. Как и ожидалось, теперь меня просят ввести пароль до того, как появится логин. Теперь я должен добиться того, чтобы зашифрованный домашний раздел разблокировался и монтировался автоматически после успешного входа в систему. Поэтому я начал настраивать pam_mount, следуя, например, этой инструкции (pam_mount /ArchLinux) и некоторым другим из разных блогов и форумов. До сих пор ничего не работает. Меня все еще просят ввести пароль до входа в систему.
Вот мои настройки:
/etc/security/pam_mount.conf.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="0" />
<!-- Volume definitions -->
<!-- pam_mount parameters: General tunables -->
<!--
<luserconf name=".pam_mount.conf.xml" />
-->
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="no" term="no" kill="no" />
<!-- pam_mount parameters: Volume-related -->
<volume user="XYZ" fstype="crypt" path="/dev/dm-0" mountpoint="/home" options="fsck" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
--------- /etc/pam.d/system-auth
---------
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth optional pam_mount.so
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
password optional pam_mount.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_mount.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
------------ /etc/pam.d/gdm-password
----------------
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth optional pam_mount.so
auth substack password-auth
auth optional pam_gnome_keyring.so
auth include postlogin
account required pam_nologin.so
account include password-auth
password substack password-auth
-password optional pam_gnome_keyring.so use_authtok
session required pam_selinux.so close
session optional pam_mount.so
session required pam_loginuid.so
session optional pam_console.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include password-auth
session optional pam_gnome_keyring.so auto_start
session include postlogin
------------ /etc/pam.d/login
----------------
#%PAM-1.0
auth optional pam_mount.so
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session optional pam_mount.so
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
-session optional pam_ck_connector.so
Вот также некоторая информация о наименовании и структуре моего раздела:
----------- ls -la
of /dev/mapper
---------------
insgesamt 0
drwxr-xr-x. 2 root root 100 4. Feb 2014 .
drwxr-xr-x. 20 root root 4300 22. Jan 12:27 ..
crw-------. 1 root root 10, 236 4. Feb 2014 control
lrwxrwxrwx. 1 root root 7 4. Feb 2014 homeVolumeGroup-00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 4. Feb 2014 luks-73c29d47-ce01-464b-9099-3075a215d430 -> ../dm-1
----------- Извлечение ls -la
из /dev
---------------
insgesamt 4
drwxr-xr-x. 20 root root 4300 22. Jan 12:27 .
dr-xr-xr-x. 18 root root 4096 22. Jan 10:34 ..
crw-------. 1 root root 10, 235 4. Feb 2014 autofs
drwxr-xr-x. 2 root root 360 22. Jan 12:27 block
drwxr-xr-x. 2 root root 180 22. Jan 12:27 bsg
crw-------. 1 root root 10, 234 4. Feb 2014 btrfs-control
drwxr-xr-x. 3 root root 60 4. Feb 2014 bus
drwxr-xr-x. 2 root root 4080 22. Jan 12:27 char
crw-------. 1 root root 5, 1 4. Feb 2014 console
lrwxrwxrwx. 1 root root 11 4. Feb 2014 core -> /proc/kcore
drwxr-xr-x. 6 root root 140 4. Feb 2014 cpu
crw-------. 1 root root 10, 62 4. Feb 2014 cpu_dma_latency
drwxr-xr-x. 6 root root 120 4. Feb 2014 disk
brw-rw----. 1 root disk 253, 0 4. Feb 2014 dm-0
brw-rw----. 1 root disk 253, 1 4. Feb 2014 dm-1
drwxr-xr-x. 2 root root 100 4. Feb 2014 dri
crw-rw----. 1 root video 29, 0 4. Feb 2014 fb0
lrwxrwxrwx. 1 root root 13 4. Feb 2014 fd -> /proc/self/fd
crw-rw-rw-. 1 root root 1, 7 4. Feb 2014 full
crw-rw-rw-. 1 root root 10, 229 22. Jan 11:52 fuse
crw-------. 1 root root 248, 0 4. Feb 2014 hidraw0
crw-------. 1 root root 248, 1 4. Feb 2014 hidraw1
drwxr-xr-x. 2 root root 60 4. Feb 2014 homeVolumeGroup
crw-------. 1 root root 10, 228 4. Feb 2014 hpet
drwxr-xr-x. 3 root root 0 4. Feb 2014 hugepages
crw-------. 1 root root 10, 183 4. Feb 2014 hwrng
lrwxrwxrwx. 1 root root 25 4. Feb 2014 initctl -> /run/systemd/initctl/fifo
drwxr-xr-x. 4 root root 200 4. Feb 2014 input
crw-r--r--. 1 root root 1, 11 4. Feb 2014 kmsg
crw-rw-rw-+ 1 root kvm 10, 232 4. Feb 2014 kvm
lrwxrwxrwx. 1 root root 28 4. Feb 2014 log -> /run/systemd/journal/dev-log
crw-rw----. 1 root disk 10, 237 4. Feb 2014 loop-control
crw-rw----. 1 root lp 6, 0 4. Feb 2014 lp0
crw-rw----. 1 root lp 6, 1 4. Feb 2014 lp1
crw-rw----. 1 root lp 6, 2 4. Feb 2014 lp2
crw-rw----. 1 root lp 6, 3 4. Feb 2014 lp3
drwxr-xr-x. 2 root root 100 4. Feb 2014 mapper
crw-------. 1 root root 10, 227 4. Feb 2014 mcelog
crw-------. 1 root root 244, 0 4. Feb 2014 mei0
crw-r-----. 1 root kmem 1, 1 4. Feb 2014 mem
crw-------. 1 root root 10, 59 4. Feb 2014 memory_bandwidth
drwxrwxrwt. 2 root root 40 4. Feb 2014 mqueue
crw-------. 1 root root 254, 0 4. Feb 2014 ndctl0
drwxr-xr-x. 2 root root 60 4. Feb 2014 net
crw-------. 1 root root 10, 61 4. Feb 2014 network_latency
crw-------. 1 root root 10, 60 4. Feb 2014 network_throughput
crw-rw-rw-. 1 root root 1, 3 4. Feb 2014 null
crw-------. 1 root root 10, 144 4. Feb 2014 nvram
crw-r-----. 1 root kmem 1, 4 4. Feb 2014 port
crw-------. 1 root root 108, 0 4. Feb 2014 ppp
crw-------. 1 root root 247, 0 4. Feb 2014 pps0
crw-rw-rw-. 1 root tty 5, 2 22. Jan 12:40 ptmx
crw-------. 1 root root 246, 0 4. Feb 2014 ptp0
crw-------. 1 root root 246, 1 4. Feb 2014 ptp1
drwxr-xr-x. 2 root root 0 4. Feb 2014 pts
crw-rw-rw-. 1 root root 1, 8 4. Feb 2014 random
drwxr-xr-x. 2 root root 60 4. Feb 2014 raw
crw-rw-r--+ 1 root root 10, 58 4. Feb 2014 rfkill
lrwxrwxrwx. 1 root root 4 4. Feb 2014 rtc -> rtc0
crw-------. 1 root root 252, 0 4. Feb 2014 rtc0
brw-rw----. 1 root disk 8, 0 4. Feb 2014 sda
brw-rw----. 1 root disk 8, 1 4. Feb 2014 sda1
brw-rw----. 1 root disk 8, 2 4. Feb 2014 sda2
brw-rw----. 1 root disk 8, 3 4. Feb 2014 sda3
brw-rw----. 1 root disk 8, 4 4. Feb 2014 sda4
brw-rw----. 1 root disk 8, 5 4. Feb 2014 sda5
brw-rw----. 1 root disk 8, 16 4. Feb 2014 sdb
brw-rw----. 1 root disk 8, 17 4. Feb 2014 sdb1
brw-rw----. 1 root disk 8, 32 4. Feb 2014 sdc
brw-rw----. 1 root disk 8, 48 4. Feb 2014 sdd
brw-rw----. 1 root disk 8, 64 4. Feb 2014 sde
brw-rw----. 1 root disk 8, 80 4. Feb 2014 sdf
brw-rw----. 1 root disk 8, 96 22. Jan 12:27 sdg
brw-rw----. 1 root disk 8, 97 22. Jan 12:27 sdg1
crw-rw----. 1 root disk 21, 0 4. Feb 2014 sg0
crw-rw----. 1 root disk 21, 1 4. Feb 2014 sg1
crw-rw----. 1 root disk 21, 2 4. Feb 2014 sg2
crw-rw----. 1 root disk 21, 3 4. Feb 2014 sg3
crw-rw----. 1 root disk 21, 4 4. Feb 2014 sg4
crw-rw----. 1 root disk 21, 5 4. Feb 2014 sg5
crw-rw----. 1 root disk 21, 6 22. Jan 12:27 sg6
Пока во время входа в систему меня просят ввести "пароль_паммы" вместо обычного пароля. Тем не менее, парольная фраза для шифрования должна быть введена до входа в систему, как я уже упоминал.