Jürgen Pabel wrote: > Why? My project "tokentube" is an integration component between LUKS and > credential verification via PAM on Linux. It allows for users to use > their Linux username and password to unlock LUKS during system startup > (instead of a dedicated encryption passphrase). There's a presenation > online in case you want to know more about tokentube: > > http://programm.froscon.org/2009/attachments/93_From%20PBA%20To%20Login.pdf Interesting idea. I wonder whether those separate key files per user are worth the effort though. LUKS has eight key slots so when reserving one for the admin you still have seven left for users. Have you considered simply storing a mapping of user names to key slots? Also, as long as you're using local authentication you don't need to store the password for pam authentication. Should be sufficient to just reconfigure the displaymanager to auto login the user that unlocked the root device. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
