Accessing the user's password to use it in a command upon login?

In Ubuntu, there’s an “Encrypt my home directory” feature that makes it so that upon login, an eCryptfs filesystem is mounted on top of /home/<username>. The password used to decrypt the eCryptfs filesystem is the same as the user password, and the user only has to provide their password once to do both the login and the eCryptfs unlocking. This makes me think that somehow, Ubuntu is running the eCryptfs mount command upon login, using the password the user input into GDM.

How would I implement something similar? I’d like to make a setup where the user’s home directory is stored within a LUKS-encrypted image file that is mounted upon login at /home/<username>, and unmounted at logout. I know I can run shell commands upon login but before the session is fully initialized using /etc/gdm/PreSession/Default, but I’m not sure how I would get access to the user password from within that.

The way this is done for ecryptfs is via a PAM module. There isn’t really anything gdm specific about this, other than that the corresponding pam config has to be included (directly or indirectly) in /etc/pam.d/gdm-password.

FYI Ubuntu ceased that feature for being not trustable.

I realize that, but I think that’s because of vulns in eCryptfs, whereas I’m not going to be using eCryptfs.

Thanks, I’ll look into it!

This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.