I suggest you read up on encryption in general. If the passphrase is stored on the system, the encryption becomes totally worthless. Arno On Sun, Mar 18, 2012 at 08:33:43PM -0700, David Li wrote: > Hi, > I am totally new to dm-crypt. My OS is RHEL5/6. > > Here is what I want to do: > I have a system that is pxebooted and the root fs is nfs mounted > from > another server. But I have a local disk that can be used as an encrypted > storage perhaps for user data. In the beginning it's blank with no > partitions. > > So the first time I would let the user to decide how to partition > and > set up LUKS. From that point on each subsequent boot would automatically > mount the encrypted partitions as configured. > > I am looking for general programmable way to achieve this. Maybe > someone has done the exact thing before. > > Specifically, > 1. On first boot, how should I modify the initramfs to prompt > the > user to set up LUKS? Or initramfs is not the way, what else? > > 2. On each subsequent boot, how would I let dm-crypt to > automatically retrieve the passphrase once the user logins into the system. > Assume that the passphrase has been stored on the same server to store the > root fs. I don't want to force him to type in the LUKS passphrase again to > unlock the partitions. > Thanks. > David > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt