How much CPU/Memory do you have on the slow systems? In a rather minimal virtual machine (fraction of a processor, 256MB memory), the login process can take up to 2 seconds. I'd say maybe 2 seconds might be expected. 4 or 5 seconds seems rather long on normal hardware...
A few nitty gritty details on what's going on with eCryptfs... It has to perform several rather CPU/Memory intensive operations upon login, such as decrypting your wrapped-passphrase file, calculating the fekek (file encryption key encryption key) which involves hashing a value some 65,000 times, and calculating the signatures. These procedures are rather cpu-intensive, I'm afraid. On a very slow CPU, I suppose this might take a couple of seconds? :-Dustin -- pam_encryptfs.so causes authentication to be slow https://bugs.launchpad.net/bugs/295429 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: New Bug description: Binary package hint: ecryptfs-utils I have the encrypted ~/Private enabled. In /etc/pam.d/common-auth is the line: auth optional pam_encryptfs.so unwrap If that line is commented out, then doing something like 'sudo ls' is instantanious after I enter my password. If that line is not commented out (like normal), 'sudo ls', or anything else involving my password such as logging in, and unlocking the screensaver take about 4 or 5 seconds longer than they need to. The following is also syslogged. I'm not sure if it's relevant or not, but that 5 second delay seems to be the pause that occurs. Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: Called Nov 8 17:33:00 gulik sudo: pam_sm_authenticate: username = [robin] Nov 8 17:33:00 gulik sudo: Error attempting to parse .ecryptfsrc file; rc = [-5] Nov 8 17:33:00 gulik sudo: Unable to read salt value from user's .ecryptfsrc file; using default Nov 8 17:33:05 gulik sudo: Passphrase key already in keyring Nov 8 17:33:05 gulik sudo: Error attempting to add passphrase key to user session keyring; rc = [1] Nov 8 17:33:05 gulik sudo: There is already a key in the user session keyring for the given passphrase. This doesn't seem to impair the functionality, but it is a little bit annoying. _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
