pam_pefs setup (Re: RFC: pefs - stacked cryptographic
filesystem)
Daniel O'Connor
doconnor at gsoft.com.au
Wed Sep 8 02:25:22 UTC 2010
On 08/09/2010, at 3:22, Gleb Kurtsou wrote:
> Please note that your home directory has to be mounted, I mount it in
> /etc/rc.local, but don't add any keys. pam_pefs adds the key. Also note
> that it has to be exactly your home directory (/home/gleb in my case), to
> prevent possible attacks. And keychain database has to be created, so
> that pam_pefs knows how to verify the key.
Have you considered something similar to pam_mount? (http://pam-mount.sourceforge.net/)
ie pam_pefs could mount your home directory itself and unmount it on logout.
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
More information about the freebsd-current
mailing list