On Wed, October 26, 2016 3:21 pm, Sven Eschenberg wrote: > > > Am 26.10.2016 um 23:08 schrieb ClEmFoster: > >> On Wed, October 26, 2016 2:39 pm, Michael Kjörling wrote: >> > >>> luksChangeKey <device> [<new key file>] >>> >>> Changes an existing passphrase. The passphrase to be changed >>> must be supplied interactively or via --key-file. The new passphrase >>> can be supplied interactively or in a file given as positional >>> argument. /.../ <options> can be [--key-file, --keyfile-offset, >>> --keyfile-size, >>> --new-keyfile-offset, --new-keyfile-size, --key-slot]. >>> >>> >>> >>> That should be all you need. >>> >> >> I did read that in the man page, but if you want a passphrase changed >> in that manor then you have to put the new and old passphrase in a file >> plain text. Unless I am missing something. I was hoping to fine some >> way to encrypt it before passing it in. like you can do with other >> applications. >> > > That makes absolutely no sense to me. Why would you want to encrypt a > passphrase? Or in other words, what's wrong with binary files? Or don't you > want to store the files on disk? Then be reminded: STDIN and STDOUT are > files, and can be connected to pipes. > I think keyfile and Passphrase are being confused here. This whole disk OS is not booted yet when an admin has to type in the passphrase. Once the OS is running it is true a keyfile could be used but then it would also have to be rotated. I am looking to change the passphrase on a 100+ machines utilizing some kind of automated system. If I didn't have an IDM I could generate the hash for any given user and automation could edit the shadow file. I was looking for something similar, where I didn't have to have a plain text passphrase sitting on a central server. > >> >>> >>> >>> -- >>> Michael Kjörling â?¢ https://michael.kjorling.se â?¢ >>> michael@xxxxxxxxxxx â??People who think they know everything really >>> annoy those of us who know we donâ??t.â?? (Bjarne Stroustrup) >>> _______________________________________________ >>> dm-crypt mailing list dm-crypt@xxxxxxxx >>> http://www.saout.de/mailman/listinfo/dm-crypt >>> >>> >>> >>> >> >> >> Thanks >> >> >> Travis >> >> >> _______________________________________________ >> dm-crypt mailing list dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt >> >> > > -Sven > _______________________________________________ > dm-crypt mailing list dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > > Travis _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
