On Tuesday 21 August 2007 10:59:18 Michael Halcrow wrote: > On Tue, Aug 21, 2007 at 12:49:16PM -0500, Michael Halcrow wrote: > > For instance, in the IBM Open Client Linux distro, a ~/Confidential/ > > directory is mounted automatically when the user logs in, using his > > login passphrase to unwrap a mount passphrase, with the help of a > > PAM module. > > I just posted the guide for setting that up here: > > http://ecryptfs.sourceforge.net/ecryptfs-pam-doc.txt
Mike - Thanks for your very quick reply. I think I follow the logic. My ideal scenario would be for a user to log in and have the entire home directory encrypted (mail, firefox, etc.). I am looking for a transparent user experience, but I am still not quite sure how to accomplish this. Your instructions assume a separate confidential folder and no pre-existing files within that folder. These are the steps that I see would need to happen in my case: One time only 1. User is logged out 2. Root logs in and moves /home/user content to another folder 3. Root mount -t ecryptfs /home/user /home/user 4. Root moves content back to /home/user (encryption happens at this time?!) All consecutive times - manual option 1. User is logged out 2. Root logs in and mount -t ecryptfs /home/user /home/user 3. User logs in All consecutive times - automatic option 1. User logs in In order for the automatic option to work, the .profile can not be encrypted?! I am not sure how to do this. I am also not sure how to use plaintext passthrough mount mode. Is there anything else? I also have a questions about the mount passphrase signature/identifier value. It gets entered into the /etc/fstab for automount. Is this a potential security risk, if the hard drive gets lost? Thanks again! -- Tim ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ eCryptfs-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
