sentinel's questions -server

sentinel

Asked: 2011-01-18 23:10:32 +0800 CST

Using ecryptfs encrypted home directories with Dovecot

I have setup home directory encryption on Ubuntu 10.04 machine, but ecryptfs does not seem to be able to work with Dovecot (or CourierIMAP, etc).

After successful IMAP login, home directory is never mounted, and Dovecot obviously can not find mail directory.

I am not sure I understand how the mount is triggered, so I need some help.

Dovecot is using PAM, so I hoped that after successful login home directory would be mounted, but this is all I get in logs and directory is not mounted:

Jan 16 02:12:37 ubuntu dovecot-auth: pam_sm_authenticate: Called
Jan 16 02:12:37 ubuntu dovecot-auth: pam_sm_authenticate: username = [username]
Jan 16 02:12:37 ubuntu dovecot-auth: Passphrase file wrapped
Jan 16 02:12:38 ubuntu dovecot-auth: Error attempting to add filename encryption key to user session keyring; rc = [1]
Jan 16 02:12:38 ubuntu dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

If I create an SSH session and then perform IMAP login, it works (obviously) but I get this:

Jan 16 02:30:25 ubuntu dovecot-auth: pam_sm_authenticate: Called
Jan 16 02:30:25 ubuntu dovecot-auth: pam_sm_authenticate: username = [username]
Jan 16 02:30:25 ubuntu dovecot-auth: pam_sm_authenticate: /home/username is already mounted

So, it does seem like Dovecot (well, PAM module, I guess) is trying to mount the home directory, but it either mounts and dismounts it immediately or something else happen - and I am unable to figure out that part.

I have also tried using SSHD's PAM file for Dovecot, but nothing really changed, except the fact I was not getting the error message ("Error attempting to add filename encryption key to user session keyring...").

On Ubuntu community Dovecot page (https://help.ubuntu.com/community/Dovecot) there is a paragraph that says:

NOTE: Dovecot will NOT work in an encrypted directory/folder. Dovecot would just complain about permissions and wont work. One answer is to create a 2nd user account that has an unencrypted home directory. We have not tested this solution on a separate home partition, but most probably the outcome would be the same.

However, I am not sure if this is definitive answer (and I don't understand what they mean with having 2nd user account).

I would appreciate if someone could tell me if it is possible to use Dovecot (with mail directory inside user's home directory) with ecryptfs.

I have seen this question (and borrowed some wording from it :) on Launchpad's ecryptfs questions page (but no answer to it), so seems like I am not the only one with the problem.

Thanks.

Using ecryptfs encrypted home directories with Dovecot

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?