From owner-freebsd-security@FreeBSD.ORG  Thu Sep  7 15:35:43 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BC92516A4DF
	for <freebsd-security@freebsd.org>;
	Thu,  7 Sep 2006 15:35:43 +0000 (UTC)
	(envelope-from arne_woerner@yahoo.com)
Received: from web30314.mail.mud.yahoo.com (web30314.mail.mud.yahoo.com
	[209.191.69.76]) by mx1.FreeBSD.org (Postfix) with SMTP id 00ED043D93
	for <freebsd-security@freebsd.org>;
	Thu,  7 Sep 2006 15:35:01 +0000 (GMT)
	(envelope-from arne_woerner@yahoo.com)
Received: (qmail 49549 invoked by uid 60001); 7 Sep 2006 15:34:29 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=U7i4SA5NY39U8dETpvO4mZc65E8dt0g6nGPB0hS78Ec+zwOP/ko4qNoOH/r9x1julHMd5Z5GF0IZtn+zC/eYDl1tyDyqMvnYJPl2oHwxdY2CG9J4vRgfbxb+wJpM4O1MPkULxsSTVH2KPTdrwtD2DBznMr3Z87h4ff2gjNy3nZE=
	; 
Message-ID: <20060907153429.49547.qmail@web30314.mail.mud.yahoo.com>
Received: from [213.54.79.79] by web30314.mail.mud.yahoo.com via HTTP;
	Thu, 07 Sep 2006 08:34:29 PDT
Date: Thu, 7 Sep 2006 08:34:29 -0700 (PDT)
From: "R. B. Riddick" <arne_woerner@yahoo.com>
To: Jack Barnett <jackbarnett@gmail.com>, freebsd-security@freebsd.org
In-Reply-To: <dedb607c0609070829k37572e6fu2c497d09ef81f091@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Cc: Frank Steinborn <steinex@nognu.de>
Subject: Re: Getting GELI Keys from Floppy
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2006 15:35:43 -0000

--- Jack Barnett <jackbarnett@gmail.com> wrote:
> One idea is having 1 server with a CD-ROM drive and exporting it via NFS.
> When a server boots it mounts the remote CD-ROM drive and looks for key
> "$HOSTNAME.key".
>
But then u would have the problem with network security...

> > On 9/6/06, Barkley Vowk <bvowk@math.ualberta.ca> wrote:
> > > Get a usb flash drive, from there its a simple matter of changing the
> > geli
> > > script to mount a specific usb device before starting. Look in
> > > /etc/rc.d/geli and geli2. I'd put your mounting and checks between the
> > > kldstat and the "if [ -z" in the geli_start() sub.
> >
Oh... I just see Mr. Barkley V. gave an important and helpful hint in this
thread, too... I just wanted to point that out, because it is quite astonishing
after the first few words...

-Arne


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com