Le 17/04/2013 01:15, Bob Proulx a écrit :
Erwan David wrote:update-rc.d dovecot disable 2 reboot, indeed dovecot is not started telinit 3 dovecot does not start (even if there is a Sxxdovecot in /etc/rc3.d)Hmm... It should start. I just tested this on a service locally and it starts for me. are you sure it isn't starting due to the presence of a new policy-rc.d script? :-)
Coming back after some testing and interrupts...No, there is no policy-rc.d script, so it's not the reason. I use a wheezy, with sysv-init if it makes a difference
In any case... I wanted to add an additional comment. I have been thinking of doing something like this myself. I haven't done it yet but if I were implementing this then I think I would have the server contact a central machine elsewhere on the network to get the keys to decrypt and mount the encrypted partitions. I am not sure what the best mechanics would be to implement it. But I think as soon as networking came online I would have the remote server with the encrypted disks contact a different server that I controlled. Have it pull the keys for the partition from there. Then automatically mount the partitions. Then have it continue the boot process normally and start the daemons normally.
I have no central machine on "the network". I want to encrypt because the machine is hosted, thus I do not physically control it. And that would leave some problem of booting the key_bearing machine.