pam_pefs setup (Re: RFC: pefs - stacked cryptographic filesystem)

Daniel O'Connor doconnor at
Wed Sep 8 02:25:22 UTC 2010

On 08/09/2010, at 3:22, Gleb Kurtsou wrote:
> Please note that your home directory has to be mounted, I mount it in
> /etc/rc.local, but don't add any keys. pam_pefs adds the key. Also note
> that it has to be exactly your home directory (/home/gleb in my case), to
> prevent possible attacks. And keychain database has to be created, so
> that pam_pefs knows how to verify the key.

Have you considered something similar to pam_mount? (

ie pam_pefs could mount your home directory itself and unmount it on logout.

Daniel O'Connor software and network engineer
for Genesis Software -
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C

More information about the freebsd-current mailing list