[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making encrypted $HOME as easy and convenient as possible

Le mardi 13 septembre 2011 à 21:14 +0100, Jon Dowland a écrit : 
> For a single-user system, is it possible to pass through the decryption
> password to later processes, to avoid needing to provide another password to
> log in?  I know you could set your display manager to auto-login, but that
> doesn't get you an unlocked keyring.

If your filesystem is encrypted, you can setup a password-less keyring.

> Same question for multi-user systems. In the multi-user case, I'm fairly sure
> it's possible to have multiple decryption pass-phrases.  However in that case,
> you would probably want a different encryption key for / as for each user's
> $HOME. Otherwise, each user could decrypt each other's stuff:  and the weakest
> pass-phrase would be the weak-point for all users.

I think this is mostly a non-issue. What use case are you trying to
address precisely?

 .''`.      Josselin Mouette
: :' :
`. `'

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: