Hi,
if the home directory needs to be decrypted during login then we really
need a password for authentication, etc. And, that means that
fingerprint login must not be used (if we are authenticating to log in
the user).
I have not looked at pam_systemd_home.so more closely. But, if we need
the us
On Mo, 25.04.22 12:09, Benjamin Berg (benja...@sipsolutions.net) wrote:
> Hi,
>
> if the home directory needs to be decrypted during login then we really
> need a password for authentication, etc. And, that means that
> fingerprint login must not be used (if we are authenticating to log in
> the u
On Mon, 2022-04-25 at 13:28 +0200, Lennart Poettering wrote:
> On Mo, 25.04.22 12:09, Benjamin Berg (benja...@sipsolutions.net) wrote:
> > if the home directory needs to be decrypted during login then we really
> > need a password for authentication, etc. And, that means that
> > fingerprint login
hi,
the udev rules prohibit renaming anything other than a network device :
what is (would be) the way to really rename a block device (not just to
create a symbolic link) ?
the objective behind this question is (would be) to give access to the
block device through an associated read-only loop de
On Mo, 25.04.22 15:39, Benjamin Berg (benja...@sipsolutions.net) wrote:
> > Right now homed supports neither (I think it would make a ton of sense
> > to add though.
> >
> > Note that homed home directories are LUKS-unlocked by the password
> > entered or the secret unlocked by pkcs11/fido2. Thus
On Mo, 25.04.22 16:25, Pascal (patate...@gmail.com) wrote:
> hi,
>
> the udev rules prohibit renaming anything other than a network device :
> what is (would be) the way to really rename a block device (not just to
> create a symbolic link) ?
This functionality does not exist in the kernel to my
On Mo, 25.04.22 16:29, Lennart Poettering (lenn...@poettering.net) wrote:
> On Mo, 25.04.22 15:39, Benjamin Berg (benja...@sipsolutions.net) wrote:
>
> > > Right now homed supports neither (I think it would make a ton of sense
> > > to add though.
> > >
> > > Note that homed home directories are L
thanks for this quick feedback Lennart.
don't worry, this is not an evolution request for systemd :-)
yes for blockdev --setro and, unfortunately, yes for overflows from file
systems.
*I had once considered using qemu-nbd/snapshot to "tolerate" some writes
without altering the real device (because
On Mon, 2022-04-25 at 16:29 +0200, Lennart Poettering wrote:
> On Mo, 25.04.22 15:39, Benjamin Berg (benja...@sipsolutions.net) wrote:
>
> > > Right now homed supports neither (I think it would make a ton of sense
> > > to add though.
> > >
> > > Note that homed home directories are LUKS-unlocked
On Mo, 25.04.22 17:05, Benjamin Berg (benja...@sipsolutions.net) wrote:
> > i.e. that wen you enroll a fingerprint you can associate some secret
> > key with it that you pass to the hw. And then you store that secret
> > key also on the host, and whenever you need to authorize a user you
> > ask t
On Mon, 2022-04-25 at 17:46 +0200, Lennart Poettering wrote:
> On Mo, 25.04.22 17:05, Benjamin Berg (benja...@sipsolutions.net) wrote:
>
> > > i.e. that wen you enroll a fingerprint you can associate some secret
> > > key with it that you pass to the hw. And then you store that secret
> > > key al
>>> juice schrieb am 25.04.2022 um 17:03 in Nachricht
<4cbf03ca-7a0a-4dbe-ad00-c6f3938ff...@swagman.org>:
>
> 25. huhtikuuta 2022 16.39.56 GMT+03:00 Benjamin Berg
> kirjoitti:
>>On Mon, 2022-04-25 at 13:28 +0200, Lennart Poettering wrote:
>>>
>>> Hmm, not sure I follow? I don't know how finger
>>> "Ulrich Windl" schrieb am 26.04.2022 um
08:41 in Nachricht <6267942302a100049...@gwsmtp.uni-regensburg.de>:
juice schrieb am 25.04.2022 um 17:03 in Nachricht
...
>> Fingerprints can be used on place of username, that is OK and does not
>> present similar risks.
>
> Fingerprints ar
13 matches
Mail list logo
