-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 30/06/2010 17:11:22, Tim Gustafson wrote:
> I was wondering if anyone could offer any personal experience with > using either fusefs-cryptofs or fusefs-cryptofs. > > I'm going to be bringing a FreeBSD OpenLDAP server online soon and I > need to have the contents of the OpenLDAP database encrypted in the > event of a physical security breach, and so I need a reliable and > efficient disk encryption scheme to handle that. I was thinking of > encrypting /var/db/openldap using either fusefs-cryptofs or > fusefs-cryptofs, but I'm not sure which would be better to use for > this sort of application. On FreeBSD, this is spelled GELI (or GBDE, but I think geli is slightly better). Native filesystem level encryption -- rather more efficient than something like fuse, needs no extra software installed, very secure. See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwrdH4ACgkQ8Mjk52CukIwA/QCfRO9PuHzVXQpoqNkrtob2WM07 fL8AmwRfLVE0fEVSGk1BZeMOnBxLW1t3 =jZk0 -----END PGP SIGNATURE----- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
