Bug 702208

Summary: systemd does not ask a second time for (wrong) pass-phrase for decryption of the home partition
Product: [openSUSE] openSUSE 12.1 Reporter: Hendrik Woltersdorf <hendrikw>
Component: BasesystemAssignee: Frederic Crozat <fcrozat>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: cobexer
Version: Milestone 2   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Hendrik Woltersdorf 2011-06-26 06:37:55 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20100101 Firefox/5.0

I have installed OpenSUSE 12.1 Milestone 2 with /home on a separate encrypted partition. During boot systemd asks only one time for the pass-phrase. If I enter a invalid phrase, the boot process continuous without decrypting the home partition. This results in an unusable system. 

/var/log/messages:
...
Jun 26 08:13:30 lthendrik kernel: [   25.858474] systemd-cryptsetup[652]: Invalid passphrase.
...
Jun 26 08:13:37 lthendrik kdm: :0 '[4091]: Cannot update authorization file in home dir /home/hendrik
Jun 26 08:13:37 lthendrik kdm: :0 '[4091]: Cannot chdir to hendrik's home /home/hendrik: No such file or directory
...
  

Reproducible: Always

Steps to Reproduce:
1. put /home on an encrypted partition
2. boot with systemd enabled
3. enter a wrong pass-phrase for decryption of home partition
Actual Results:  
System boots without the /home partition.

Expected Results:  
systemd should ask (at least) a second time, if a wrong pass-phrase is entered.

I am not sure, if this is an OpenSUSE-specific problem or a systemd-bug, that should be reported upstream.
Comment 1 Hendrik Woltersdorf 2011-06-29 18:22:46 UTC 
I am also not sure, that the pass-phrase I entered was actually wrong, because that happens far too often - and only with systemd, but not with sysvinit.
Comment 2 Hendrik Woltersdorf 2011-07-07 19:45:24 UTC 
One more test:
My /etc/crypttab:
cr_sda8         /dev/disk/by-id/ata-ST9500420AS_5VJ92AFR-part8 none       none

I replaced the last "none" with "tries=3". Then I see the "asking" (Please enter pass-phrase for ...) a second time, but the system does not wait for the answer and continues booting immediately.
Comment 3 Christoph Obexer 2011-07-11 05:29:55 UTC 
on two of my systems I get 0 tries to enter the password. the text that tells me to enter the password appears, but does not take input and does not delay the boot. thus after a few seconds the terminal on vt1 and the X server (with auto login) start.

my /etc/crypttab looks similar, and I also use none none.

I setup the test system as follows:
clean installation in a vm.
at the partitioning step i created the setup by hand.
I created 3 primary partitions swap / and /home where /home is the encrypted partition.

@Hendrik: what did you do differently that you managed to get one try for the password entry?
Comment 4 Hendrik Woltersdorf 2011-07-11 15:12:27 UTC 
I did nothing special differently. I use logical partitions on an older laptop.  There I do a always clean install for these tests.
Comment 5 Frederic Crozat 2011-08-16 12:14:31 UTC 
could you test with latest Factory ?

latest systemd should block correctly on passphrase request.
Comment 6 Hendrik Woltersdorf 2011-08-16 15:17:44 UTC 
Today I tested this with systemd-33-8.2.i586 and it did block correctly on passphrase request. So IMHO the problem is solved.
Comment 7 Frederic Crozat 2011-08-16 15:21:32 UTC 
excellent. closing as fixed