Hello,
My understanding is that LUKS supports 8 passphrases and that knowing
any one of them allows one to operate on the LUKS header, for example,
to change the passphrases in all the slots, to copy the exposed header
etc. Is it possible to restrict the rights of a particular slot, say,
slot 8, to only getting read/write access to the data and no access to
the LUKS header? If such were the case, an IT department could deploy
laptops to employees with the employees' passphrase occupying the
special slot.
If such a feature does not exist what commands would need to be removed
from the employees' sudo rights to achieve the same end?
Thanks,
--Suresh
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
