From owner-freebsd-current@FreeBSD.ORG  Wed Sep  8 02:25:22 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A5AD31065697
	for <freebsd-current@freebsd.org>; Wed,  8 Sep 2010 02:25:22 +0000 (UTC)
	(envelope-from doconnor@gsoft.com.au)
Received: from cain.gsoft.com.au (cain.gsoft.com.au [203.31.81.10])
	by mx1.freebsd.org (Postfix) with ESMTP id A7A4D8FC14
	for <freebsd-current@freebsd.org>; Wed,  8 Sep 2010 02:25:21 +0000 (UTC)
Received: from ur.gsoft.com.au (Ur.gsoft.com.au [203.31.81.44])
	(authenticated bits=0)
	by cain.gsoft.com.au (8.14.4/8.14.3) with ESMTP id o881tDFf025269
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
	Wed, 8 Sep 2010 11:25:18 +0930 (CST)
	(envelope-from doconnor@gsoft.com.au)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: multipart/signed; boundary=Apple-Mail-59-661035199;
	protocol="application/pkcs7-signature"; micalg=sha1
From: "Daniel O'Connor" <doconnor@gsoft.com.au>
In-Reply-To: <20100907175207.GB1793@tops>
Date: Wed, 8 Sep 2010 11:25:13 +0930
Message-Id: <ABE5C83C-DB88-4A13-A765-22046FB64B2E@gsoft.com.au>
References: <20100906183838.GA3460@tops> <20100906230322.GA5457@tops>
	<4C86246B.9020802@bsdunix.ch> <20100907135326.GA1712@tops>
	<4C864D18.2010504@bsdunix.ch> <20100907175207.GB1793@tops>
To: Gleb Kurtsou <gleb.kurtsou@gmail.com>
X-Mailer: Apple Mail (2.1081)
X-Spam-Score: -2.51 () ALL_TRUSTED,BAYES_00,T_RP_MATCHES_RCVD
X-Scanned-By: MIMEDefang 2.67 on 203.31.81.10
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-current@freebsd.org, Thomas Vogt <thomas@bsdunix.ch>
Subject: Re: pam_pefs setup (Re: RFC: pefs - stacked cryptographic
	filesystem)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2010 02:25:22 -0000


--Apple-Mail-59-661035199
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On 08/09/2010, at 3:22, Gleb Kurtsou wrote:
> Please note that your home directory has to be mounted, I mount it in
> /etc/rc.local, but don't add any keys. pam_pefs adds the key. Also =
note
> that it has to be exactly your home directory (/home/gleb in my case), =
to
> prevent possible attacks. And keychain database has to be created, so
> that pam_pefs knows how to verify the key.

Have you considered something similar to pam_mount? =
(http://pam-mount.sourceforge.net/)

ie pam_pefs could mount your home directory itself and unmount it on =
logout.

--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C







--Apple-Mail-59-661035199--