1 |
On Thu, Jun 05, 2014 at 12:24:22AM +0100, Neil Bothwick wrote: |
2 |
> On Wed, 4 Jun 2014 21:59:18 +0200, Frank Steinmetzger wrote: |
3 |
> |
4 |
> > I encrypt my home partition with LUKS and enter a passphrase |
5 |
> > during boot. But I always wanted to get decryption upon login running, |
6 |
> > especially because it would require me to enter one less password. But |
7 |
> > haven’t gotten around to that yet. |
8 |
> |
9 |
> Are you the only use of the computer? If so, set your display manager to |
10 |
> auto-login, you have already authenticated yourself by unlocking the home |
11 |
> partition. |
12 |
|
13 |
Now that’s an interesting idea I haven’t thought of yet. Thanks. My LUKS |
14 |
passphrase is much more secure than my ancient user password anyway *hehe*. |
15 |
|
16 |
> > > With one notable exception. There is sometimes sensitive information |
17 |
> > > in /etc, like wireless passwords. |
18 |
> > |
19 |
> > For that reason I put this stuff into /home/etc/$hostname/ (I back up my |
20 |
> > machines’ /etc on all other machines, also to have a reference if I need |
21 |
> > to know “How did I do this on $other_host?”). And then I symlink to |
22 |
> > that from the real location, i.e.: |
23 |
> |
24 |
> I used to do that, now I have an encrypted /, which contains the keys for |
25 |
> any other encrypted volumes, so I still only need to enter one password. |
26 |
|
27 |
That falls into the category of using initrds which is also far down on my |
28 |
todo. I understand the mechanics and had played with dracut in the past, but |
29 |
nothing workable has come out of it yet. |
30 |
|
31 |
> Nothing is illegal if one hundred businessmen decide to do it. |
32 |
|
33 |
Like stealing taglines. >:-) |
34 |
|
35 |
-- |
36 |
Gruß | Greetings | Qapla’ |
37 |
Please do not share anything from, with or about me on any social network. |
38 |
|
39 |
Please notify me if you did not receive this message. |