From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ml@philippwendler.de>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id d8RryZHxFxrH for <dm-crypt@saout.de>;
 Mon, 19 Mar 2012 09:18:30 +0100 (CET)
Received: from ngcobalt23.manitu.net (ngcobalt23.manitu.net [217.11.48.123])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Mon, 19 Mar 2012 09:18:29 +0100 (CET)
Received: from ngcobalt23.manitu.net (localhost [127.0.0.1])
 by ngcobalt23.manitu.net (8.10.2/8.10.2) with ESMTP id q2J7RSG06776
 for <dm-crypt@saout.de>; Mon, 19 Mar 2012 08:27:28 +0100
Received: from server.passau (188-192-74-118-dynip.superkabel.de
 [188.192.74.118]) (Authenticated sender: pwendler)
 by ngcobalt23.manitu.net (Postfix) with ESMTPSA id A401D2F0067
 for <dm-crypt@saout.de>; Mon, 19 Mar 2012 08:27:28 +0100 (CET)
Received: from [IPv6:2001:6f8:1c32::3] (mail.philippw.xdns.eu
 [IPv6:2001:6f8:1c32::3])
 by server.passau (Postfix) with ESMTPS id 7A01880021
 for <dm-crypt@saout.de>; Mon, 19 Mar 2012 08:27:27 +0100 (CET)
Message-ID: <4F66DFDF.90203@philippwendler.de>
Date: Mon, 19 Mar 2012 08:27:27 +0100
From: Philipp Wendler <ml@philippwendler.de>
MIME-Version: 1.0
References: <CAADET=cJiQmaosf+7Y=sCAamOX=1ywWYJOXUhV1F8pF3cpxgFg@mail.gmail.com>
In-Reply-To: <CAADET=cJiQmaosf+7Y=sCAamOX=1ywWYJOXUhV1F8pF3cpxgFg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Newbie questions: how to configure and mount an
 encrypted partition on bootup?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hi,

Am 19.03.2012 04:33, schrieb David Li:

>         2.      On each subsequent boot, how would I let dm-crypt to
> automatically retrieve the passphrase once the user logins into the system.
> Assume that the passphrase has been stored on the same server to store the
> root fs. I don't want to force him to type in the LUKS passphrase again to
> unlock the partitions.

As Arno said, this is not secure at all.
However, one can use the login password of the user (which is typed in
anyway), either directly or indirectly. For example the gnome-keyring
can securely store passwords and is decrypted automatically on login
without an additional password.
It might be easier for you to use ecryptfs, though. This does what you
want by default (per-user encryption with no additional password to
enter), you just need to set up an encrypted directory once for each
user (could probably be automated).

Of course, this is only secure if the login password is strong and the
system and its administrator can be trusted.

Greetings, Philipp