On Mon, Mar 21, 2011 at 10:22 AM, Gilboa Davara <gilboad@xxxxxxxxx> wrote: > Hello all, > > I routinely encrypt all important partitions on my laptops / > workstations / servers using LUKS both at home and at work. > However, due to the above, I can no longer remotely reboot the machines > (at least the ones that doesn't have a serial console attached) as I'm > required to baby-sit the machine until the password prompt appears. > > My question is simple: Given the fact that I rarely encrypt the root, > can I somehow delay the encrypted partition mount to right-before-gdm, > so all the essential services (samba, nfs, cups) - especially network > and sshd, will be up, so I can remotely type the password required to > mount the encrypted partitions? > > I could delete the entries from /etc/cryptab, create a service that will > mount the partitions late in the boot process, but AFAIK, this will not > display the graphical password prompt making it less than ideal... You can use pam_mount (available as part of fedora) to make the system mount encrypted file systems at login using the same password you use for login. I've used this for a number of years, and it's very nice. I recommend it. The only problem I've had with it is that the syntax has changed between fedora versions and caused me to have to waste a little time relearning it... well, that and it adds a few steps to setting up a new system. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
