Support to automatically mount ~/Private at login

Using ecryptfs-utils and pam configuration files.

diff --git a/stage5/misc/ecryptfs-pam.d/system-auth b/stage5/misc/ecryptfs-pam.d/system-auth
new file mode 100644 (file)
index 0000000..d3d16f1
--- /dev/null
+++ b/stage5/misc/ecryptfs-pam.d/system-auth
@@ -0,0 +1,6 @@
+# Begin /etc/pam.d/system-auth
+
+auth      required    pam_unix.so
+auth      optional    pam_ecryptfs.so unwrap
+
+# End /etc/pam.d/system-auth

diff --git a/stage5/misc/ecryptfs-pam.d/system-password b/stage5/misc/ecryptfs-pam.d/system-password
new file mode 100644 (file)
index 0000000..ecb301a
--- /dev/null
+++ b/stage5/misc/ecryptfs-pam.d/system-password
@@ -0,0 +1,9 @@
+# Begin /etc/pam.d/system-password
+
+password  optional    pam_ecryptfs.so
+
+# use sha512 hash for encryption, use shadow, and try to use any previously
+# defined authentication token (chosen password) set by any prior module
+password  required    pam_unix.so       sha512 shadow try_first_pass
+
+# End /etc/pam.d/system-password

diff --git a/stage5/misc/ecryptfs-pam.d/system-session b/stage5/misc/ecryptfs-pam.d/system-session
new file mode 100644 (file)
index 0000000..d33b76c
--- /dev/null
+++ b/stage5/misc/ecryptfs-pam.d/system-session
@@ -0,0 +1,6 @@
+# Begin /etc/pam.d/system-session
+
+session   required    pam_unix.so
+session   optional    pam_ecryptfs.so unwrap
+
+# End /etc/pam.d/system-session

diff --git a/stage5/pkg/ecryptfs-utils b/stage5/pkg/ecryptfs-utils
index bfd349b..1eaaf7c 100644 (file)
--- a/stage5/pkg/ecryptfs-utils
+++ b/stage5/pkg/ecryptfs-utils
@@ -6,4 +6,6 @@ hvbuild_post()
     #   setreuid: Operation not permitted
     #   ERROR:  Could not mount private ecryptfs directory
     chmod +s /sbin/mount.ecryptfs_private
+
+    install -v -m644 ${SCRDIR}/misc/ecryptfs-pam.d/* /etc/pam.d/
 }