On Tue, Sep 24, 2019 at 3:32 PM Frantisek Zatloukal <fzatlouk(a)redhat.com> wrote:
So, as I understand that, enforcing per-user encryption is not going to prevent anybody
from having automatic login?
It's a really good question. They are mutually exclusive because to
combine them is absurd.
The user's passphrase isn't actually stored anywhere, whether for
login, fscrypt/ext4, or LUKS - it's salted and hashed, the method
differing for login and LUKS and fscrypt. This is expressly to make it
impossible to reverse and obtain the user's actual passphrase.
Autologin is just metadata that sets a persistent permissive policy.
Whereas in the case of autologin combined with user data home
encryption, the user's passphrase must be stored in such a way that
it's trivial to reverse, in order to hand it off to LUKS or fscrypt
and unlock the user's data store in a totally unattended fashion. The
user's passphrase is as exposed as their data, so it's actually
exposing more information about the user than if no data encryption
were employed.
--
Chris Murphy