Description of problem: This bug is related to bug #432961. Man pages for ecryptfs were updated and claim that 'passwd_file' key option is used to specify file that contains passphrase. When I want to use 'passwd_file' with 'key=passphrase' I get error when parsing options. When I use 'passfile' instead of 'passwd_file' it works fine. We need to have either one common option for the password file or man pages should note that different option is used for different key types. I'd prefer first approach. Version-Release number of selected component (if applicable): ecryptfs-utils-41 How reproducible: 100% Steps to Reproduce: as root: 1. Look at the documentation man ecryptfs # and look for passwd_file in 'KEY OPTIONS' 2. prepare password file cd ~ echo "secret_password" > .my_password mkdir .secret 3. mount directory mount -t ecryptfs .secret .secret -o key=passphrase:passwd_file=/root/.my_password,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,verbosity=0 Actual results: from mount: Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs from system log: ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README Error parsing options; rc = [-22] Expected results: Filesystem is mounted without errors. Additional info: The same should be done for passwd_fd key option.
There is also difference between content of password files. In case of passfile the content has to be: #cat .my_password secret_password # In case of passwd_file the content has to be: # cat .my_password passwd=secret_password #
Please ignore my comment #1. The password file in both cases has to be: # cat .my_password passwd=secret_password #
Looks like a simple fix. Proposing for RHEL-5.3 and granting Devel ACK. Read ya, Phil
Proposing bug for RHEL-5.3 FasTrack. Read ya, Phil
Upstream answer: passfile and passwd_file are two separate and distinct parameters that apply to two different key modules (passphrase and openssl, respectively). There is an obvious namespace problem with the key modules that I would like to fix for RHEL 5.3. My original approach was to qualify module parameters by evaluating them in module parameter list context. Given that parameters can be given in any order in a configuration file, that does not work out very well. It would probably make more sense to explicitly indicate which key modules which parameters apply to by prefixing the parameter with the key module alias (i.e., "openssl_passwd_file" and "passphrase_passwd_file"). Any objections to making this change for RHEL 5.3?
approved comp, clearing fast flag
Version 56 has upstream fixes for the namespace problems. The testcase in the description now needs to be written as: mount -t ecryptfs .secret .secret -o key=passphrase:passphrase_passwd_file=/root/.my_password,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,verbosity=0
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0203.html