Re: Q. LUKS or ecryptfs-utils ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 22/10/14 03:32 PM, James B. Byrne wrote:

I am now investigating encrypting our IMAP user spool files.  Does anyone have
experience with handling encrypted data stores using either or both of the
subject methods and would care tio share their observations?  Which is the
preferred method (I know: it depends, but on what?)?   What administrative
pain does each cause?

Our IMAP host is a KVM guest so spinning up a duplicate and simply copying the
data to an encrypted device or filesystem is not a very big deal.  We can live
with manually mounting the file system and providing a pass-phrase at boot.
we are also looking into a semi-auto USB based solution to that issue.

Our mail server has used LUKS encryption for the <swap> and / partitions for a while without issue. I use:

/dev/sda1 - /boot (normal ext4 partition)
/dev/sda2 - LVM PV - VG:
            lv_swap -> luks -> <swap>
            lv_root -> luks -> ext4 -> /

Running on CentOS 6.x, postfix/dovecot. Authentication DB is another server with similar LUKS config. Both are KVM VMs. As you mentioned, I do need to enter the passphrase on boot. I have an alert system that warns me if a VM reboots unexpectedly.

--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without access to education?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux