On Wed, Mar 8, 2023 at 7:11 PM Adrien CLERC <adrien@antipoul.fr> wrote:Le 08/03/2023 à 16:28, Alexey Kuznetsov a écrit :
Hello!
I have an idea about how modern linux should work with encrypted LUKS partitions.
Hi,
I'm using LUKS for a long time on both my personal (desktop) and professional (laptop) computers. Since they are single user (me), I use autologin in the display manager, lightdm in my case. Because there is only one slot configured in LUKS, I'm sure this is me, so lightdm can autologin safely.
However, you are proposing to solve the case for multiple user computers. In that case, I would think about a much simpler design:
- Remember which slot was used to unlock the LUKS root partition
- Make a map with slot -> user to autologin
- Autologin that user on boot
No more passing password, no more password update headache. But only a root user can update the map "slot -> user".
Adrien
Right. But you still have to remember passpharse and your main account password. This is not about autologin. This is about unlocking your machine LUKS with only login/password without having an additional passphrase to remember.