I use kernel 2.4.19-crypto-r7 which I can't update with emerge, because I have XFS as filesystem and I want to keep using XFS and crypto with my kernel. and, of course, keep the gentoo emerge compatible. In other words, it is the latest kernel-source available with emerge for my situation.

The kernel and kernel related grsecurity works as expecteds, no problem so far.
But gradm is not functional nor can I get it work.

I have deleted /etc/grsecurity/pm because I have forgotten the password I have initialy set, which is my error, sorry.
I have set a new password with gradm -P.

Have a look at the snippet:
---schnipp---
# gradm -E
Error writing to /proc/sys/kernel/grsecurity/acl
write: Invalid argument

messages:
... kernel: Proc handler: being fed garbage 160 byte send 1175 required
---schnapp---

no matter, if /proc/sys/kernel/grsecurity/grsec_lock is set or unset.

I have joined the grsecurity mailing list, there are postings about the same error, but unresolved. I have asked myself, see the maintainer's answer:

---schnipp---
As for your problem with authenticating to
the kernel, you need to use compatible versions of gradm and grsecurity.
When they are mismatched is when you can't authenticate.  Since you are
using gentoo, I think they should have their own gradm?  I'm not sure
how up to date they keep things..but if you use the versions on
grsecurity.net, it will work.
---schnapp---

I have also found a message which is pointing out, that the password for gradm is magically hidden, so that replacing /etc/grsecurity/pm does not work. Is this true? I don't know.

There are new grsecurity and gradm versions out there. But as they seem to be connected with each other I refused installing a new gradm version. Nor do I know, if I can patch the gentoo 2.4.19-crypto-r7 kernel sources with a new one.

So, is my error already known or do you verify my problems?

cheers,
Sascha