On Mon, 2011-03-21 at 15:32 -0400, Gregory Maxwell wrote: > On Mon, Mar 21, 2011 at 10:22 AM, Gilboa Davara <gilboad@xxxxxxxxx> wrote: > > Hello all, > > > > I routinely encrypt all important partitions on my laptops / > > workstations / servers using LUKS both at home and at work. > > However, due to the above, I can no longer remotely reboot the machines > > (at least the ones that doesn't have a serial console attached) as I'm > > required to baby-sit the machine until the password prompt appears. > > > > My question is simple: Given the fact that I rarely encrypt the root, > > can I somehow delay the encrypted partition mount to right-before-gdm, > > so all the essential services (samba, nfs, cups) - especially network > > and sshd, will be up, so I can remotely type the password required to > > mount the encrypted partitions? > > > > I could delete the entries from /etc/cryptab, create a service that will > > mount the partitions late in the boot process, but AFAIK, this will not > > display the graphical password prompt making it less than ideal... > > You can use pam_mount (available as part of fedora) to make the system > mount encrypted file systems at login using the same password you use > for login. Nice idea... but won't help. As (and extra) security measure, I never use user-password(s) to encrypt partitions. > I've used this for a number of years, and it's very nice. I recommend it. > The only problem I've had with it is that the syntax has changed > between fedora versions and caused me to have to waste a little time > relearning it... well, that and it adds a few steps to setting up > a new system. - Gilboa -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
