On Fri, 2009-08-14 at 10:19 -0700, Ross Boylan wrote: > Someone referred recently to a scenario in which a human would type in > the password for the root partition, and then the passwords for the > other partitions would come from a file in /etc. > > Could anyone provide some more details about how that would work, and > whether it is advisable? Clearly someone with access to the live system > could get the passwords for all but root, and someone who, e.g., stole > the disk, would only need to crach one password. I think those limits > would be acceptable to me; are there others? I think unless I'm careful I'll end up with an unencrypted initrd that includes file with the passwords. So I need either to make the boot partition the one with the user-entered password, or eliminate the file(s) with the secrets from the initrd. Debian has a file /etc/cryptab that supports automounting, but I'll have to dig around to see how this interacts with the initrd framework (I'm running Lenny). Moji, thanks for the example. Ross > > It is useful for me to have quite a few partitions (I've just discovered > I need more so I can control mount options better), and typing in a > whole bunch of passwords on boot is pretty tedious. > > Thanks. > Ross Boylan > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
