[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Serveur with encrypted partition : 2 steps boot.

Le 17/04/2013 01:15, Bob Proulx a écrit :
Erwan David wrote:
update-rc.d dovecot disable 2
reboot, indeed dovecot is not started
telinit 3
dovecot does not start (even if there is a Sxxdovecot in /etc/rc3.d)
Hmm...  It should start.  I just tested this on a service locally and
it starts for me.  are you sure it isn't starting due to the presence
of a new policy-rc.d script?  :-)

Coming back after some testing and interrupts...

No, there is no policy-rc.d script, so it's not the reason. I use a wheezy, with sysv-init if it makes a difference

In any case...  I wanted to add an additional comment.  I have been
thinking of doing something like this myself.  I haven't done it yet
but if I were implementing this then I think I would have the server
contact a central machine elsewhere on the network to get the keys to
decrypt and mount the encrypted partitions.  I am not sure what the
best mechanics would be to implement it.  But I think as soon as
networking came online I would have the remote server with the
encrypted disks contact a different server that I controlled.  Have it
pull the keys for the partition from there.  Then automatically mount
the partitions.  Then have it continue the boot process normally and
start the daemons normally.

I have no central machine on "the network". I want to encrypt because the machine is hosted, thus I do not physically control it. And that would leave some problem of booting the key_bearing machine.

Reply to: