Re: Unusual LUKS setup
Le septidi 27 thermidor, an CCXXV, Darac Marjal a écrit :
> It sounds to me, then, that you'd like the system to be unencrypted, but
> your home to be encrypted.
Indeed, that is exactly what I have now.
> You want to look into PAM, which I'm sure can do
> this. With PAM, the system would come up and all the system daemons would
> start. Towards the end of that (or perhaps earlier, depending on the
> dependencies), login methods (getty / x-display-manager / sshd / etc) would
> become available. You'd log in on one of those and PAM would ensure that
> your home is decrypted as part of the session start-up.
>
> A quick google suggests that pam_mount is your friend here. I *think* that
> pam_mount should be able to mount other directories (as well as home), so if
> you have a media partition that you'd like mounted, that can be done.
Thanks for the pointer. Unfortunately:
- If you use SSH, you have to adjust /etc/ssh/sshd_config like this:
UsePAM yes
UsePrivilegeSeparation no
ChallengeResponseAuthentication no
PasswordAuthentication yes
The second and last point are both deal breakers on their own. Plus,
glimpsing at the rest of the documentation, I do not see how it is
better than mounting the partition from the session's startup scripts.
Regards,
--
Nicolas George
Reply to: