-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Schwartz wrote: > You do want to encrypt swap and there is a reasonable argument to be > made that if you don't, there is almost no point in encrypting /home. And it turns out that encrypting the swap is very easy. I've taken care of that. >> I didn't notice in the luksopen information anything written about boot >> time prompts for the passphrase. If you place /sbin/luksopen in >> /etc/rc.d/rc.local (after ensuring luksopen is in /sbin), does the boot >> process pause and prompt for a passphrase automatically? > > > That's the point of the luksopen script and putting it in > /etc/rc.d/rc.local. It will run before booting is finished on FC4 and > you will be prompted for the LUKS passphrase. Thank you. That worked well, but only experimentally for an additional partition I had available for playing with. Encrypting /home is proving to be more difficult. Can you direct me to any guidance/documentation on encrypting /home? If there isn't any I hope to write some once I'm successful and fully understand what's going on. I figured out that I can log on as root and still be able to unmount /home to encrypt it, but then what do I need to do in order to mount it during boot? It gets mounted (I think) well before /etc/rc.d/rc.local is run, which is where /sbin/luksopen is being launched. So, because the partition is encrypted but not mapped, the boot process is abruptly halted. Can you shed some light on this problem? Thank you, again. John -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEcmSguY7WcSII22oRAlktAJ9jiJ1tm1OohrUMN/NN2NysGYCGJgCfdl3m MngQK7gxqIhqPtuKyMHFADU= =If/q -----END PGP SIGNATURE----- --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
