* [dm-crypt] Naming key slots to permit luksKillSlot to be aimed...
@ 2009-10-12 11:58 David Greaves
2009-10-12 18:11 ` Heinz Diehl
2009-10-12 18:33 ` Christian Pernegger
0 siblings, 2 replies; 4+ messages in thread
From: David Greaves @ 2009-10-12 11:58 UTC (permalink / raw)
To: dm-crypt
So I have multiple keyslots in use:
* 1 for admin
* 1 for userA
* 1 for userB
userA leaves without divulging passphrase; userB is out of reach.
How do I know which slot to luksKillSlot?
Have I missed something?
A solution may be an optional name that shows up in luksDump and is setup at
creation time:
cryptsetup luksAddKey --name "admin" /dev/sda1
cryptsetup luksAddKey --name "johndoe" /dev/sda1
cheers
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Naming key slots to permit luksKillSlot to be aimed...
2009-10-12 11:58 [dm-crypt] Naming key slots to permit luksKillSlot to be aimed David Greaves
@ 2009-10-12 18:11 ` Heinz Diehl
2009-10-12 18:33 ` Christian Pernegger
1 sibling, 0 replies; 4+ messages in thread
From: Heinz Diehl @ 2009-10-12 18:11 UTC (permalink / raw)
To: dm-crypt
On 12.10.2009, David Greaves wrote:
> How do I know which slot to luksKillSlot?
Purge all of them and let the users complain..
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Naming key slots to permit luksKillSlot to be aimed...
2009-10-12 11:58 [dm-crypt] Naming key slots to permit luksKillSlot to be aimed David Greaves
2009-10-12 18:11 ` Heinz Diehl
@ 2009-10-12 18:33 ` Christian Pernegger
2009-10-12 20:20 ` David Greaves
1 sibling, 1 reply; 4+ messages in thread
From: Christian Pernegger @ 2009-10-12 18:33 UTC (permalink / raw)
To: David Greaves; +Cc: dm-crypt
> How do I know which slot to luksKillSlot?
Specify the slot number when adding keys and keep a list of 'slot
number = user' entries somewhere.
After the fact ... kill both users and re-add the one that should remain.
Cheers,
C.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Naming key slots to permit luksKillSlot to be aimed...
2009-10-12 18:33 ` Christian Pernegger
@ 2009-10-12 20:20 ` David Greaves
0 siblings, 0 replies; 4+ messages in thread
From: David Greaves @ 2009-10-12 20:20 UTC (permalink / raw)
To: Christian Pernegger; +Cc: dm-crypt
Christian Pernegger wrote:
>> How do I know which slot to luksKillSlot?
>
> Specify the slot number when adding keys and keep a list of 'slot
> number = user' entries somewhere.
OK, glad I didn't miss anything.
I guess "somewhere" could/should be the header :)
> After the fact ... kill both users and re-add the one that should remain.
So clearly there's a usability problem there.
Cheers
David
--
"Don't worry, you'll be fine; I saw it work in a cartoon once..."
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-10-12 20:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-12 11:58 [dm-crypt] Naming key slots to permit luksKillSlot to be aimed David Greaves
2009-10-12 18:11 ` Heinz Diehl
2009-10-12 18:33 ` Christian Pernegger
2009-10-12 20:20 ` David Greaves
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox