You are not logged in.
Hi,
I know that it is posible to mount an encrypted partition at KDM login with PAM but I don´t know how.
I would like to mount my /home partition with the same password which I use to log in at KDM.
Can you give me a short instruction please?
Floh1111
Offline
I think you are looking for ecryptfs http://wiki.archlinux.org/index.php/Sys … h_eCryptfs it has PAM for auto mounting.
Another link http://sysphere.org/~anrxc/j/articles/e … index.html.
This is the dm-crypt documentation http://wiki.archlinux.org/index.php/Sys … r_dm-crypt
Thanks
Jithin
Offline
What you're trying to achieve (and how paranoid are you )?. Do you want to dismount /home when you logout? Do you encrypt swap and/or temp files?
The reason I ask is that I have a slightly different approach. When I boot I am prompted for a password to open my luks-encrypted partition. I have a strong password, the partition is large and contains logical volumes for / , /home, /swap, /tmp.
KDM is set up to log me in automatically so when I boot I enter one password and get straight to my desktop. My linux user password is a single character for when I lock the screen.
The idea is if the laptop is ever stolen then my stuff is safe. It is powered off when not in use.
Offline
My Setup looks like this:
I have an encrypted /dev/sdb4 which is mapped to /dev/mapper/home. This mapper is mounted on /home in the root filesystem.
So I have an encrypted /home partition. No encrypted swap, no encrypted root (I´m not that paranoid ).
Currently I´m mounting /dev/mapper/home on bootup in /etc/fstab so that I´m asked for my pasphrase at bootup.
I want to modify this setup in the way that I mount /dev/mapper/home when I login at KDM and not at bootup.
The password that I use for login is the same as the pasword I use for /dev/mapper/home.
I want to use my login password to mount /dev/mapper/home partition when I login with KDM.
Hope this is a bit more understandy.
Offline
I have a similar problem so I will post it here.
I have a home on /dev/sda4 which is mapped to /dev/mapper/home (similar to the OP). I wan't to be able to SSH to the machine after powering up and mount /home manually. I don't want the system to stop at the very beginning of booting to ask for the password. But still - when I'm near the computer I'd like to be asked for the home encryption password on the console.
So basically I just want the mapping/mounting to happen at different point in booting time.
Last edited by dpc.ucore.info (2011-01-13 14:58:52)
Offline
So here goes my hack / solution:
Instead of adding device to /etc/crypttab :
The /home must be marked noauto in /etc/fstab
# cat /etc/rc.d/home
#!/bin/bash
. /etc/rc.conf
. /etc/rc.d/functions
DEV="/dev/sda4"
MAPPER="home"
MAPPER_PATH="/dev/mapper/$MAPPER"
MOUNT_PATH="/home"
case "$1" in
start)
stat_busy "Mounting "$MOUNT_PATH""
while [ ! -e "$MAPPER_PATH" ]; do
cryptsetup -T 1 -t 20 luksOpen "$DEV" "$MAPPER"
done
fsck "$MAPPER_PATH" && mount "$MAPPER_PATH" "$MOUNT_PATH"
if [ $? -gt 0 ]; then
stat_fail
else
add_daemon home
stat_done
fi
;;
stop)
stat_busy "Unmounting $MOUNT_PATH"
umount "$MOUNT_PATH" && cryptsetup luksClose "$MAPPER_PATH"
if [ $? -gt 0 ]; then
stat_fail
else
rm_daemon home
stat_done
fi
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "usage: $0 {start|stop|restart}"
esac
exit 0
Last edited by dpc.ucore.info (2011-01-19 12:55:56)
Offline
Will be more friendly for ssh user something like this:
...
chsh -s "/bin/conspy.sh" root
while [ ! -e "$MAPPER_PATH" ]; do
cryptsetup -T 1 -t 20 luksOpen "$DEV" "$MAPPER"
done
chsh -s "/bin/bash" root
...
/bin/conspy.sh
#!/bin/sh
#
/usr/bin/conspy 1
conspy should be installed
Last edited by azhezhel (2012-08-13 19:04:20)
Offline