Jari Ruusu wrote: > Matthias Schniedermeyer wrote: >> When i use a key-file that is only 'gpg --store -a', for e.x. because >> the key-file is stored inside an encrypted filesystem that is currently >> mounted, mount still asks for a Password where anything can be typed. > > I hope that for security reasons you are using a different key file for each > automounted file system. If you are mounting removable media, then encrypted > key file must be stored on same media. Passphrase-less key file on same > media won't provide any security. If i'm not mistaken i said exactly that. Every HDD has a separate key-file and the container with the key-files is on another partition and the key-file from the container is encrypted. >> What makes this not beautiful is that it can only be short-circuited >> with -p <whatever>. But that doesn't fly with autofs map-type rule. You >> can only provide "-o <whatever>" options that are passed down to mount. >> Naturally redirecting stderr isn't possible either. > > I don't know what automounter implementation you are using, but BSD amd > automounter that I am using lets admin configure a program or script to do > the actual mount operation. autofs(v4) that is included in Linux since i don't know how long. As to the topic of using another mount command, i could use a "program"-type map. But as the line in Syslog is the only annoying thing, with the "map"-type, it's a bit of an overkill. I could also skip autofs completely and just use udev to start a mount after the HDD is connected. But i like the "auto umount"-Part of autofs, so that i can just disconnect the HDD, if enough time had passed since usage. >> The mount succeeds, because nothing can be read from STDIN as i guess >> there is no STDIN, so the mount continues. >> But every time an encrypted automount happens i get an ugly >> ... automount[1441]: >> Password: >> line in syslog. > > I don't see such messages on my box. Do you get the password-question on the commandline with an unencrypted key-file (with Linux)? If not, then the loop-aes-utils package from Debian-SID contains the bug. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
