On 22/10/14 03:32 PM, James B. Byrne wrote:
I am now investigating encrypting our IMAP user spool files. Does anyone have
experience with handling encrypted data stores using either or both of the
subject methods and would care tio share their observations? Which is the
preferred method (I know: it depends, but on what?)? What administrative
pain does each cause?
Our IMAP host is a KVM guest so spinning up a duplicate and simply copying the
data to an encrypted device or filesystem is not a very big deal. We can live
with manually mounting the file system and providing a pass-phrase at boot.
we are also looking into a semi-auto USB based solution to that issue.
Our mail server has used LUKS encryption for the <swap> and / partitions
for a while without issue. I use:
/dev/sda1 - /boot (normal ext4 partition)
/dev/sda2 - LVM PV - VG:
lv_swap -> luks -> <swap>
lv_root -> luks -> ext4 -> /
Running on CentOS 6.x, postfix/dovecot. Authentication DB is another
server with similar LUKS config. Both are KVM VMs. As you mentioned, I
do need to enter the passphrase on boot. I have an alert system that
warns me if a VM reboots unexpectedly.
--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
