On Sun, 2004-11-14 at 13:16 -0600, W. Michael Petullo wrote: > 3. Pam-keyring. > > The pam-keyring PAM module unlocks a GNOME keyring for a user using that > user's login password. The idea behind pam-keyring is to make using > GNOME keyrings as transparent as possible. Pam-keyring is available > at http://flyn.org/projects/pam_keyring/index.html. > I think it would be awesome to get something like into the distro. <snip> > 5. Automounting encrypted removable filesystems. > > I would like to see encrypted removable filesystems handled as > transparently as other removable media. Red Hat bug #133461 > discusses this a bit. I have done some experimentation with > this and have a prototype working. However, my work contains > a large kludge to get HAL to acknowledge dm-crypt filesystems > properly. Documentation of this shortcoming may be found at > http://freedesktop.org/pipermail/hal/2004-September/001051.html and > http://marc.theaimsgroup.com/?l=linux-kernel&m=109937418210973&w=2. > I'm actually working on this; I found it requires some metadata on the encrypted partition to work really well [1], but I think I got most of the things sorted such that gnome-volume-manager can popup a dialog asking for a passphrase when encrypted media is inserted. If the passphrase is correct the media will automount; I'll post to the hal mailing list about this when it has matured a bit (probably within a few weeks). Cheers, David [1] : e.g. to make hal detect that this is in fact an encrypted filesystem; what cipher is used; to store a passphrase-protected encryption key and so on. Fortunately, ext3 has room for such metadata (the first 512 bytes are simply ignored) and vfat can be uhmm, manipulated, to do the same.
