Re: two luks questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mittwoch, 26. April 2006 10:02 schrieb ext John Norvell:
> Dirk Heinrichs wrote:

> > This means you entered the wrong passphrase. Adding a new passphrase
> > requires knowledge of an existing one.
>
> This is the critical ambiguity in all the cryptsetup documents (and the
> error message): If I'm adding a NEW password, in what sense can it be an
> existing one? Existing where?

LUKS gives you 8 key slots. When you first create a mapping (via luksFormat) 
you put a key in key slot 0. When you later add more keys, you should 
provide either a passphrase or a keyfile corresponding to one of the key 
slots where a passphrase or key already exists.

This is just the same as for luksOpen. You need to know one passphrase for 
one of the used key slots to either do luksOpen or luksAddKey.

> Let's say, for instance, that I'm setting up an encrypted home directory
> for user "john." I set it up initially with john's login password with
> the eventual intention of using pam_mount with john's login password.
> But, I want to add root's password as well, just in case. What do I do
> for this password to "exist" somewhere so I can attach it to this
> partition?

See above: Do luksFormat, enter john's passphrase, this goes into key slot 
0.

Then do luksAddKey: You are first prompted for the passphrase of an existing 
key slot (to make sure you arte allowed to add another key), enter john's 
passphrase. Then you are prompted for the new passphrase, which goes into 
key slot 1.

If you want to add another key, or just create the mapping with luksOpen, 
you can enter either john's or root's passphrase.

HTH...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@xxxxxxxxxxxxx
Hambornerstraße 55      | Web:  http://www.capgemini.com
D-40472 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

Attachment: pgpgRzIvjzTTb.pgp
Description: PGP signature


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux