Merge lp:~dominik-gierlach/ecryptfs/ecryptfs into lp:ecryptfs

Proposed by Dominik Gierlach on 2016-10-05
Status: Merged
Merged at revision: 891
Proposed branch: lp:~dominik-gierlach/ecryptfs/ecryptfs
Merge into: lp:ecryptfs
Diff against target: 63 lines (+12/-3)
2 files modified
doc/manpage/ecryptfs-migrate-home.8 (+3/-0)
src/utils/ecryptfs-migrate-home (+9/-3)
To merge this branch: bzr merge lp:~dominik-gierlach/ecryptfs/ecryptfs
Reviewer Review Type Date Requested Status
Tyler Hicks 2016-10-05 Approve on 2017-06-08
Review via email: mp+307669@code.launchpad.net

Description of the change

Pass through --nopwcheck option from ecryptfs-migrate-home to ecryptfs-setup-private

Might be a fix for issue #1630477

To post a comment you must log in.
887. By Dominikus Gierlach <email address hidden> on 2016-10-06

Updated manpages with new option for ecryptfs-migrate-home

Tyler Hicks (tyhicks) wrote :

This looks reasonable to me. Thanks for the fix!

review: Approve
suoko (suoko) wrote :

Hi,

I'm trying this --nopwcheck with a domain user after the ubuntu 18.04 was joined to AD domain with the centrify tool.
If I use --nopwcheck , ecryptfs-migrate-home does not work, it shows instructions on how to use the command.
Without nopwcheck option, the passphrase is not recognized.
Can you suggest a solution ?
Here is a solution which is not working either in my case.

https://community.centrify.com/t5/Centrify-Express/Encrypt-Home-directories-for-domain-Users/td-p/17510

suoko (suoko) wrote :

Centrify guys suggest:
"Is there any chance to modify the script to interact with PAM and use "adinfo -A <domain> -u <user> -p <password>" for user password checking?"

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'doc/manpage/ecryptfs-migrate-home.8'
2--- doc/manpage/ecryptfs-migrate-home.8 2015-11-23 14:17:48 +0000
3+++ doc/manpage/ecryptfs-migrate-home.8 2016-10-06 13:08:13 +0000
4@@ -9,6 +9,9 @@
5 .TP
6 .B -u, --user USER
7 Migrate USER's home directory to an encrypted home directory
8+.TP
9+.B \-\-nopwcheck
10+Do not check the validity of the specified login password (useful for LDAP user accounts)
11
12 .SH DESCRIPTION
13 \fBWARNING\fP: Make a complete backup copy of the non-encrypted data to another system or external media. This script is dangerous and in case of an error, could result in data lost, or USER locked out of the system!
14
15=== modified file 'src/utils/ecryptfs-migrate-home'
16--- src/utils/ecryptfs-migrate-home 2012-08-04 05:37:11 +0000
17+++ src/utils/ecryptfs-migrate-home 2016-10-06 13:08:13 +0000
18@@ -25,6 +25,7 @@
19 set -e
20
21 PRIVATE_DIR="Private"
22+PWCHECK_OPTION=
23
24 usage() {
25 echo "
26@@ -33,6 +34,8 @@
27 $0 -u USER
28
29 -u,--user Migrate USER's home directory to an encrypted home directory
30+ --nopwcheck Do not check the validity of the specified
31+ login password (useful for LDAP user accounts)
32
33 WARNING: Make a complete backup copy of the non-encrypted data to
34 another system or external media. This script is dangerous and, in
35@@ -145,7 +148,7 @@
36 ECRYPTFS_SETUP_PRIVATE_ARGS="$ECRYPTFS_SETUP_PRIVATE_ARGS -m $MOUNTPASS"
37 fi
38 export ECRYPTFS_MIGRATE="1"
39- if ! ecryptfs-setup-private -u "$USER_NAME" -b $ECRYPTFS_SETUP_PRIVATE_ARGS; then
40+ if ! ecryptfs-setup-private -u "$USER_NAME" $PWCHECK_OPTION -b $ECRYPTFS_SETUP_PRIVATE_ARGS; then
41 # too bad, something went wrong, we'll try to recover
42 rm -rf "$USER_HOME"
43 mv "$orig" "$USER_HOME"
44@@ -177,14 +180,17 @@
45 }
46
47 DO_ENCRYPT=
48-while true; do
49- [ -z "$1" ] && break
50+while [ ! -z "$1" ]; do
51 case "$1" in
52 -u|--user)
53 DO_ENCRYPT=1
54 USER_NAME="$2"
55 shift 2
56 ;;
57+ --nopwcheck)
58+ PWCHECK_OPTION="--nopwcheck"
59+ shift 1
60+ ;;
61 *)
62 usage
63 ;;

Subscribers

People subscribed via source and target branches