Package: ecryptfs-utils
Version: 64-2
Severity: minor
Tags: patch
It looks like there were ecryptfs-setup-confidential (I see it on the
https://wiki.ubuntu.com/EncryptedPrivateDirectory under "Getting
Involved"). But current upstream and Debian ships with
ecryptfs-setup-private and uses ~/Private/ as the default mount point.
I think ecryptfs-utils/doc/ecryptfs-pam-doc.txt in the source needs to
be updated accordingly to reduce confusion. I attach patch here.
Please forward this to upstream.
By the way, I do not see auth-client-config package in Debian.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (800, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ecryptfs-utils depends on:
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libecryptfs0 64-2 ecryptfs cryptographic filesystem
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libgpg-error0 1.4-2 library for common error values an
ii libgpgme11 1.1.6-2 GPGME - GnuPG Made Easy
ii libkeyutils1 1.2-9 Linux Key Management Utilities (li
ii libpam0g 1.0.1-4+b1 Pluggable Authentication Modules l
ii libpkcs11-helper1 1.05-1 library that simplifies the intera
ii libssl0.9.8 0.9.8g-14 SSL shared libraries
ii libtspi1 0.3.1-7 open-source TCG Software Stack (li
ecryptfs-utils recommends no packages.
Versions of packages ecryptfs-utils suggests:
pn auth-client-config <none> (no description available)
ii opencryptoki 2.2.6+dfsg-5 PKCS#11 implementation for Linux (
-- no debconf information
--- ecryptfs-pam-doc.txt.orig 2008-11-08 13:15:07.000000000 +0900
+++ ecryptfs-pam-doc.txt 2008-11-08 13:15:51.000000000 +0900
@@ -7,11 +7,11 @@
eCryptfs is set up in the Open Client to automatically mount on user
login. The default mount is an overlay mount on top of
-~/Confidential/, and it uses a passphrase-based key.
+~/Private/, and it uses a passphrase-based key.
eCryptfs requires that the user's mount passphrase be inserted into
the user session keyring in order to access the files under the
-~/Confidential/ mount point. The mount passphrase is wrapped
+~/Private/ mount point. The mount passphrase is wrapped
(encrypted) with the user's login passphrase and is stored in the
~/.ecryptfs/wrapped-passphrase file. When the user logs in, the
eCryptfs PAM module intercepts the user's login passphrase, uses it to
@@ -21,7 +21,7 @@
Once the user has logged in, his ~/.bash_profile script is executed by
the Bash shell. A segment of code in ~/.bash_profile checks for the
existence of a ~/.ecryptfs/auto-mount file. If this file exists, then
-code is executed to mount ~/Confidential/ via eCryptfs.
+code is executed to mount ~/Private/ via eCryptfs.
When the user changes his login credentials, the eCryptfs PAM module
unwraps the mount passphrase in ~/.ecryptfs/wrapped-passphrase with
@@ -38,7 +38,7 @@
In order for these operations to complete successfully, the eCryptfs
PAM module needs to be inserted into the PAM stack in
/etc/pam.d/system-auth, an entry needs to be in /etc/fstab for the
-user's ~/Confidential/ directory, the ~/.ecryptfs/auto-mount and
+user's ~/Private/ directory, the ~/.ecryptfs/auto-mount and
~/.ecryptfs/wrapped-passphrase files need to exist, and the mount code
needs to be in the user's ~/.bash_profile script.
@@ -75,7 +75,7 @@
The following line needs to be added to /etc/fstab:
-/home/user/Confidential /home/user/Confidential ecryptfs rw,ecryptfs_sig=deadbeefbaadf00d,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,user,noauto, 0 0
+/home/user/Private /home/user/Private ecryptfs rw,ecryptfs_sig=deadbeefbaadf00d,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,user,noauto, 0 0
Where 'user' is the username and 'deadbeefbaadf00d' is the mount
passphrase signature/identifier value. This signature is in /etc/mtab
@@ -85,9 +85,9 @@
~/.bash_profile:
if test -e $HOME/.ecryptfs/auto-mount; then
- mount | grep "$HOME/Confidential type ecryptfs"
+ mount | grep "$HOME/Private type ecryptfs"
if test $? != 0; then
- mount -i $HOME/Confidential
+ mount -i $HOME/Private
fi
fi
ecryptfs-zombie-kill
@@ -112,18 +112,18 @@
Troubleshooting
- Problem: The ~/Confidential/ directory is not being mounted on login.
- Problem: The ~/Confidential/ directory is mounted on login, but
- the files under the ~/Confidential/ directory cannot be read.
+ Problem: The ~/Private/ directory is not being mounted on login.
+ Problem: The ~/Private/ directory is mounted on login, but
+ the files under the ~/Private/ directory cannot be read.
Solution: Your ~/.ecryptfs/wrapped-passphrase file may be
incorrect. Run ecryptfs-wrap-passphrase to recreate it if
that is the case. Otherwise, the PAM stack is not set up
correctly. Otherwise, the code to mount your
- ~/Confidential directory is not in your ~/.bash_profile
+ ~/Private directory is not in your ~/.bash_profile
file.
- Problem: The ~/Confidential/ directory mounts on console login
+ Problem: The ~/Private/ directory mounts on console login
but not on GDM login.
Solution: Make sure you have the most recent
@@ -139,7 +139,7 @@
Problem: How to I backup my encrypted files?
- Solution: Unmount your ~/Confidential directory so that
+ Solution: Unmount your ~/Private directory so that
the lower filesystem files (in encrypted state) show up at
that path location, and then copy the files in that
directory to another storage device.
