On Sat, 2008-02-16 at 21:34 +0100, Naga Toro wrote:
> On Saturday 16 February 2008 10.04.30 Florian Philipp wrote:
> > By the way, I use pam_mount and cryptsetup-luks to mount my encrypted
> > home-partition with my login password on the fly. If you want a short
> > howto and my configuration, just ask, I can answer again in 10 hours
> > (Sat Feb 16 19:00:00 UTC).
> Please do, atleast I'm curious.
I think I can skip the creation of a cryptsetup-luks partition (or
whatever). It should be clear that you need to use your login password.
The next step would be to emerge pam_mount.
Then edit /etc/security/pam_mount.conf.xml
The relevant part to add is:
As you can see, "dsl" is my user name and /dev/vg/home_dsl my encrypted
home volume. In case I've missed something in this file, I've attached
Then you need to edit /etc/pam.d/system-auth:
auth required pam_env.so
auth optional pam_mount.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so use_first_pass
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_mount.so
(or something similar)
I think the relevant parts are "use_first_pass" and "pam_mount" in
"auth" and "session".
I don't say that my setup is perfect. It was a huge trial and error
phase to get it working.
Of course, you need to use pam for it to work but that's the default
setting on Gentoo. Please check your USE-flags for pam and your
sshd_config for usage of pam.
If it doesn't work, try it without XDM/KDM/GDM (I use XDM but all should
work). pam should write some debug information. Then search /dev/mapper
for something that looks like your home-partition's mapping.