Delayed encrypted partition mount
Gregory Maxwell
gmaxwell at gmail.com
Mon Mar 21 19:32:59 UTC 2011
On Mon, Mar 21, 2011 at 10:22 AM, Gilboa Davara <gilboad at gmail.com> wrote:
> Hello all,
>
> I routinely encrypt all important partitions on my laptops /
> workstations / servers using LUKS both at home and at work.
> However, due to the above, I can no longer remotely reboot the machines
> (at least the ones that doesn't have a serial console attached) as I'm
> required to baby-sit the machine until the password prompt appears.
>
> My question is simple: Given the fact that I rarely encrypt the root,
> can I somehow delay the encrypted partition mount to right-before-gdm,
> so all the essential services (samba, nfs, cups) - especially network
> and sshd, will be up, so I can remotely type the password required to
> mount the encrypted partitions?
>
> I could delete the entries from /etc/cryptab, create a service that will
> mount the partitions late in the boot process, but AFAIK, this will not
> display the graphical password prompt making it less than ideal...
You can use pam_mount (available as part of fedora) to make the system
mount encrypted file systems at login using the same password you use
for login.
I've used this for a number of years, and it's very nice. I recommend it.
The only problem I've had with it is that the syntax has changed
between fedora versions and caused me to have to waste a little time
relearning it... well, that and it adds a few steps to setting up
a new system.
More information about the devel
mailing list