[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unusual LUKS setup

Le septidi 27 thermidor, an CCXXV, Darac Marjal a écrit :
> It sounds to me, then, that you'd like the system to be unencrypted, but
> your home to be encrypted.

Indeed, that is exactly what I have now.

>			     You want to look into PAM, which I'm sure can do
> this. With PAM, the system would come up and all the system daemons would
> start. Towards the end of that (or perhaps earlier, depending on the
> dependencies), login methods (getty / x-display-manager / sshd / etc) would
> become available. You'd log in on one of those and PAM would ensure that
> your home is decrypted as part of the session start-up.
> 
> A quick google suggests that pam_mount is your friend here. I *think* that
> pam_mount should be able to mount other directories (as well as home), so if
> you have a media partition that you'd like mounted, that can be done.

Thanks for the pointer. Unfortunately:

- If you use SSH, you have to adjust /etc/ssh/sshd_config like this:

  UsePAM yes
  UsePrivilegeSeparation no
  ChallengeResponseAuthentication no
  PasswordAuthentication yes

The second and last point are both deal breakers on their own. Plus,
glimpsing at the rest of the documentation, I do not see how it is
better than mounting the partition from the session's startup scripts.

Regards,

-- 
  Nicolas George
Reply to: