norgaard at locolomo.org
Wed Mar 22 09:14:37 UTC 2006
Kenyon Ralph wrote:
> On 3/22/06, Erik Norgaard <norgaard at locolomo.org> wrote:
>> 2) One thing is to create an entire encrypted device for /home. But that
>> have the unfortunate consequence that other user's data is unencrypted
>> once the system is up.
>> What would be more appropriate is a solution where each home-dir is an
>> encrypted mfs which is decrypted and mounted when the user log in, is
>> this possible?
> I think this is exactly what Mac OS X does with its FileVault feature.
I was just reading this column by Kelly Martin
when I wrote this, but the FreeBSD solution may not be so simple as the
OSX. Now, the FileVault according to the article encrypts the entire
home partition which is fine for single user laptops, but on multiuser
systems, each home directory should be distinct encrypted partitions in
order not to disclose data to other users.
In this case, you would also like the ability to dynamically grow the
filesystem when more space is needed, unless ofcourse you simply say,
that's the hard quota limit.
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
More information about the freebsd-questions