From owner-freebsd-current Wed Mar 12 17:39:15 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F243037B401 for ; Wed, 12 Mar 2003 17:39:13 -0800 (PST) Received: from pakastelohi.cypherpunks.to (pakastelohi.cypherpunks.to [213.130.163.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF3CE43FB1 for ; Wed, 12 Mar 2003 17:39:12 -0800 (PST) (envelope-from shamrock@cypherpunks.to) Received: from VAIO650 (adsl-208-201-229-160.sonic.net [208.201.229.160]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by pakastelohi.cypherpunks.to (Postfix) with ESMTP id 92044366FD for ; Thu, 13 Mar 2003 02:39:10 +0100 (CET) From: "Lucky Green" To: Subject: GBDE automation scripts? Date: Wed, 12 Mar 2003 17:39:01 -0800 Message-ID: <00be01c2e901$54c1a090$6601a8c0@VAIO650> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am writing a section for the Handbook on how to use gbde. Currently, using gbde is a rather manual process. Each time a host reboots, the admin needs to attach the gbde device(s), enter any required passphrases, manually fsck the partition, and mount it. I suspect some subscribers to this mailing list have scripts in place to at least partially automate the process. If you have such a script, could you please get in touch with me for inclusion of the script in the Handbook? What I am looking for is something along the following lines: At the low end: a script that takes a list of gbde-encrypted file systems stored in an fstab-like file that contains the names of the gbde lock files together with their ultimate mount points. Think of this file as an /etc/fstab.gbde. The script then prompts the admin for the required passphrases, and completes the remainder of the tasks though mounting the attached partitions. For simplicity, the script could assume that the gbde lock files are all stored in /etc/gbde/ and are named with the name of the underlying device. At the not quite so low end: same as above, but the script will try an admin-provided passphrase on all gbde devices, only asking the admin to provide additional passphrases if the decryption does not yield a file system that mount knows about. Rationale: Few will use 4 passphrases to encrypt /aux1 through /aux4 and the user probably doesn't want to be prompted multiple times, once for each device, to enter the same passphrase multiple times. Much better user experience: extend fstab(5) to hold the information that would under the earlier scenarios have been stored in /etc/fstab.gbde. Of course the gbde devices listed in /etc/fstab should not be auto-mounted during boot. Then extend mount with an argument to mount encrypted partitions based on the information stored in /etc/fstab, asking the user for a passphrase as needed. Hey, one can hope. ;) Either way, if you have any scripts that do even part of what I am describing, please get in touch with time. Thanks, --Lucky To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message