From: Philipp Wendler <ml@philippwendler.de>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Newbie questions: how to configure and mount an encrypted partition on bootup?
Date: Mon, 19 Mar 2012 08:27:27 +0100 [thread overview]
Message-ID: <4F66DFDF.90203@philippwendler.de> (raw)
In-Reply-To: <CAADET=cJiQmaosf+7Y=sCAamOX=1ywWYJOXUhV1F8pF3cpxgFg@mail.gmail.com>
Hi,
Am 19.03.2012 04:33, schrieb David Li:
> 2. On each subsequent boot, how would I let dm-crypt to
> automatically retrieve the passphrase once the user logins into the system.
> Assume that the passphrase has been stored on the same server to store the
> root fs. I don't want to force him to type in the LUKS passphrase again to
> unlock the partitions.
As Arno said, this is not secure at all.
However, one can use the login password of the user (which is typed in
anyway), either directly or indirectly. For example the gnome-keyring
can securely store passwords and is decrypted automatically on login
without an additional password.
It might be easier for you to use ecryptfs, though. This does what you
want by default (per-user encryption with no additional password to
enter), you just need to set up an encrypted directory once for each
user (could probably be automated).
Of course, this is only secure if the login password is strong and the
system and its administrator can be trusted.
Greetings, Philipp
prev parent reply other threads:[~2012-03-19 8:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-19 3:33 [dm-crypt] Newbie questions: how to configure and mount an encrypted partition on bootup? David Li
2012-03-19 7:02 ` Arno Wagner
2012-03-19 7:27 ` Philipp Wendler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F66DFDF.90203@philippwendler.de \
--to=ml@philippwendler.de \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox