| View previous topic :: View next topic |
| Author |
Message |
RemcoNL
Apprentice
Joined: 30 Nov 2003
Posts: 178
Location: Leiden, The Netherlands
|
 Posted: Sun Nov 30, 2008 2:48 pm Post subject: [HOW?] Mount an encrypted partition at login |
 |
|
I'd like to create an encrypted partition of 10 GB on my laptop (to simlink my .thunderbird, .mozilla, .ooo, .licq, and just some sensitive documents). Ideally, it should be mounted when I log in (using GDM).
The most promising information I found so far is this tutorial: Gentoo encryption with dm-crypt and luks, but it assumes manual mounting using a passphrase.
Most other howto's are years old. Does anybody use the setup I want, and/or can someone point me into the right direction?
For the record: I will not use a swapfile, and /tmp is simlinked to /dev/shm (ramdrive), so having only one directory encrypted within my homedirectory should be sufficient. I always lock my display when I leave my computer, the encryption is mainly to secure my data in case of theft (or if I ever just forget my laptop in a train  )
_________________
Use Compact Flash cards as a silent IDE hard drive |
|
| Back to top |
|
 |
alex.blackbit
Advocate
Joined: 26 Jul 2005
Posts: 2397
|
| Posted: Sun Nov 30, 2008 3:42 pm Post subject: |
|
|
| i am not sure about this, but you can have a look at sys-auth/pam_mount. |
|
| Back to top |
|
|
RaraRasputin
Tux's lil' helper
Joined: 04 Jun 2004
Posts: 142
Location: Germany
|
| Posted: Fri Dec 19, 2008 1:41 pm Post subject: |
|
|
The tutorial shows you how to create an encrypted volume. To mount it at login, just read the man pages of pam_mount and pam_mount.conf.
Basically your have to add two lines to your /etc/pam.d/system-auth file:
Add this as the last line of the "auth"-section:
| Code: | | auth optional pam_mount.so try_first_pass |
And this as the last line of the "session"-section:
| Code: | | session optional pam_mount.so |
try_first_pass means that pam tries to use your user's password to mount the encrypted partition, so your login password and the encryption password should be the same.
Additionally you have to add a line like the following to /etc/security/pam_mount.conf.xml:
| Code: | | <volume user="john" fstype="crypt" path="/dev/my_encrypted_device" mountpoint="/home/john" /> |
-rasp
_________________
RaraRasputin, lover of the Russian Queen |
|
| Back to top |
|
|
RemcoNL
Apprentice
Joined: 30 Nov 2003
Posts: 178
Location: Leiden, The Netherlands
|
| Posted: Fri Dec 26, 2008 8:54 pm Post subject: |
|
|
Thank you very much RaraRasputin ! This solved it completely, on login I now nicely get my shiny new 10 GB encrypted partition mounted!
And apparently it does not mount (or try to mount but failes because of using the wrong password?) when another user connects, so this is perfect!
Update: "try_first_pass" gives an error at login (or su -), but everything seems to work just fine without it!
I've noticed that the partition does not unmount when I logout, but since it's mounted inside my home directory (and I am the only one using this laptop) it is not a problem.
Performance is quite good, CPUFreq hardly increases the cpuspeed when copying files on disk.
_________________
Use Compact Flash cards as a silent IDE hard drive
Last edited by RemcoNL on Sat Dec 27, 2008 9:59 am; edited 1 time in total |
|
| Back to top |
|
|
jowr
n00b
Joined: 27 Dec 2008
Posts: 52
|
| Posted: Sat Dec 27, 2008 1:44 am Post subject: |
|
|
| It'd be a real - REAL - good idea for you to add /etc/pam.d to your CONFIG_PROTECT entry in make.conf, otherwise an update of pam or whatever will make you have to do this again. |
|
| Back to top |
|
|
|
Networking & Security
