* [dm-crypt] Naming key slots to permit luksKillSlot to be aimed... @ 2009-10-12 11:58 David Greaves 2009-10-12 18:11 ` Heinz Diehl 2009-10-12 18:33 ` Christian Pernegger 0 siblings, 2 replies; 4+ messages in thread From: David Greaves @ 2009-10-12 11:58 UTC (permalink / raw) To: dm-crypt So I have multiple keyslots in use: * 1 for admin * 1 for userA * 1 for userB userA leaves without divulging passphrase; userB is out of reach. How do I know which slot to luksKillSlot? Have I missed something? A solution may be an optional name that shows up in luksDump and is setup at creation time: cryptsetup luksAddKey --name "admin" /dev/sda1 cryptsetup luksAddKey --name "johndoe" /dev/sda1 cheers David ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Naming key slots to permit luksKillSlot to be aimed... 2009-10-12 11:58 [dm-crypt] Naming key slots to permit luksKillSlot to be aimed David Greaves @ 2009-10-12 18:11 ` Heinz Diehl 2009-10-12 18:33 ` Christian Pernegger 1 sibling, 0 replies; 4+ messages in thread From: Heinz Diehl @ 2009-10-12 18:11 UTC (permalink / raw) To: dm-crypt On 12.10.2009, David Greaves wrote: > How do I know which slot to luksKillSlot? Purge all of them and let the users complain.. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Naming key slots to permit luksKillSlot to be aimed... 2009-10-12 11:58 [dm-crypt] Naming key slots to permit luksKillSlot to be aimed David Greaves 2009-10-12 18:11 ` Heinz Diehl @ 2009-10-12 18:33 ` Christian Pernegger 2009-10-12 20:20 ` David Greaves 1 sibling, 1 reply; 4+ messages in thread From: Christian Pernegger @ 2009-10-12 18:33 UTC (permalink / raw) To: David Greaves; +Cc: dm-crypt > How do I know which slot to luksKillSlot? Specify the slot number when adding keys and keep a list of 'slot number = user' entries somewhere. After the fact ... kill both users and re-add the one that should remain. Cheers, C. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] Naming key slots to permit luksKillSlot to be aimed... 2009-10-12 18:33 ` Christian Pernegger @ 2009-10-12 20:20 ` David Greaves 0 siblings, 0 replies; 4+ messages in thread From: David Greaves @ 2009-10-12 20:20 UTC (permalink / raw) To: Christian Pernegger; +Cc: dm-crypt Christian Pernegger wrote: >> How do I know which slot to luksKillSlot? > > Specify the slot number when adding keys and keep a list of 'slot > number = user' entries somewhere. OK, glad I didn't miss anything. I guess "somewhere" could/should be the header :) > After the fact ... kill both users and re-add the one that should remain. So clearly there's a usability problem there. Cheers David -- "Don't worry, you'll be fine; I saw it work in a cartoon once..." ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-10-12 20:20 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-10-12 11:58 [dm-crypt] Naming key slots to permit luksKillSlot to be aimed David Greaves 2009-10-12 18:11 ` Heinz Diehl 2009-10-12 18:33 ` Christian Pernegger 2009-10-12 20:20 ` David Greaves
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox