Re: Serveur with encrypted partition : 2 steps boot.
Le 17/04/2013 01:15, Bob Proulx a écrit :
Erwan David wrote:
update-rc.d dovecot disable 2
reboot, indeed dovecot is not started
dovecot does not start (even if there is a Sxxdovecot in /etc/rc3.d)
Hmm... It should start. I just tested this on a service locally and
it starts for me. are you sure it isn't starting due to the presence
of a new policy-rc.d script? :-)
Coming back after some testing and interrupts...
No, there is no policy-rc.d script, so it's not the reason. I use a
wheezy, with sysv-init if it makes a difference
In any case... I wanted to add an additional comment. I have been
thinking of doing something like this myself. I haven't done it yet
but if I were implementing this then I think I would have the server
contact a central machine elsewhere on the network to get the keys to
decrypt and mount the encrypted partitions. I am not sure what the
best mechanics would be to implement it. But I think as soon as
networking came online I would have the remote server with the
encrypted disks contact a different server that I controlled. Have it
pull the keys for the partition from there. Then automatically mount
the partitions. Then have it continue the boot process normally and
start the daemons normally.
I have no central machine on "the network". I want to encrypt because
the machine is hosted, thus I do not physically control it. And that
would leave some problem of booting the key_bearing machine.