Date: Wed, 8 Sep 2010 11:25:13 +0930 From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: Gleb Kurtsou <gleb.kurtsou@gmail.com> Cc: freebsd-current@freebsd.org, Thomas Vogt <thomas@bsdunix.ch> Subject: Re: pam_pefs setup (Re: RFC: pefs - stacked cryptographic filesystem) Message-ID: <ABE5C83C-DB88-4A13-A765-22046FB64B2E@gsoft.com.au> In-Reply-To: <20100907175207.GB1793@tops> References: <20100906183838.GA3460@tops> <20100906230322.GA5457@tops> <4C86246B.9020802@bsdunix.ch> <20100907135326.GA1712@tops> <4C864D18.2010504@bsdunix.ch> <20100907175207.GB1793@tops>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-59-661035199 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 08/09/2010, at 3:22, Gleb Kurtsou wrote: > Please note that your home directory has to be mounted, I mount it in > /etc/rc.local, but don't add any keys. pam_pefs adds the key. Also = note > that it has to be exactly your home directory (/home/gleb in my case), = to > prevent possible attacks. And keychain database has to be created, so > that pam_pefs knows how to verify the key. Have you considered something similar to pam_mount? = (http://pam-mount.sourceforge.net/) ie pam_pefs could mount your home directory itself and unmount it on = logout. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C --Apple-Mail-59-661035199--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ABE5C83C-DB88-4A13-A765-22046FB64B2E>