Package: libpam-mount Version: 0.18-3 Severity: normal I enabled pam_mount for 1 use (bas) like this:
volume bas crypt - /dev/mapper/emilia-bas_crypto /home/bas - - - So note that pam_mount should only ever do anything for the user bas, and that is uses bas's password as the key to mount the encrypted volume. After I set this up, cronjobs that use su (popularity-contest, polipo) started asking for passwords: | ophelia:/etc/cron.weekly# ./popularity-contest | reenter password: This turns out to be due to su (which I enabled pam_mount for) asking for the password: | ophelia:/etc/cron.weekly# su -c ls | reenter password: | 0anacron man-db popularity-contest sysklogd Note that I didn't enter a password here, I just pressed enter; so even without the password, su still works fine. Now, in auth.log the following shows up: | Dec 2 14:37:00 ophelia su[351]: Successful su for root by root | Dec 2 14:37:00 ophelia su[351]: + pts/1 root:root | Dec 2 14:37:00 ophelia su[351]: (pam_unix) session opened for user root by (uid=0) | Dec 2 14:37:00 ophelia su[351]: pam_mount(pam_mount.c:413) error trying to retrieve authtok from auth code So it seems that pam_mount still is asking pam/su for a password, even though it shouldn't do anything it all for the user root. This is pretty annoying, especially in cronjobs, which aren't suppoed to produce any output. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18.3 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages libpam-mount depends on: ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libglib2.0-0 2.12.4-2 The GLib library of C routines ii libssl0.9.8 0.9.8c-3 SSL shared libraries ii mount 2.12r-15 Tools for mounting and manipulatin ii zlib1g 1:1.2.3-13 compression library - runtime libpam-mount recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
