Mounting a user partition under /home at login

Hi,
On my 12.2 x86_64 machine, each user has a separate, encrypted partition that currently gets mounted at boot-up, no matter which user is going to login. I would like to have a user’s partition mount at login time instead, so that the authorizations for all of the partitions do not have to be entered at boot-up.

 I believe that this can be accomplished using **pam-mount, **but I have not been able to puzzle out the right way to do it, though I have read through the pam documentation several times.

 I also think that it would be useful to have the setup for such a technique available in the installer.

 Does anyone here know how to make this work?

Leslie

On 2013-02-26 03:46, jlturriff wrote:
> I also think that it would be useful to have the setup for such a
> technique available in the installer.

And it does.

I don’t know how to do it manually.

The YaST partitioner module should be able to do it later, too, I think.
I have nver done it personally.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

[QUOTE=robin_listas;2530095]On 2013-02-26 03:46, jlturriff wrote:
> I also think that it would be useful to have the setup for such a
> technique available in the installer.

And it does.

I don’t know how to do it manually.

The YaST partitioner module should be able to do it later, too, I think.

  Are you sure?  I know that the installer can set up to mount encrypted partitions at boot time (I've been doing that since ~openSUSE 10), but if it can set them up to mount at login time, I've never seen that.  Can you point me to the steps for it?

Leslie

There may be other solutions, but in my old days (ahem), we did such things (mounting when needed/accessed) using automount.

You can best start reading

man automount

On 2013-02-26 04:36, jlturriff wrote:

>> Are you sure? I know that the installer can set up to mount
>> encrypted partitions at boot time (I’ve been doing that since ~openSUSE
>> 10), but if it can set them up to mount at login time, I’ve never seen
>> that. Can you point me to the steps for it?

Absolutely.

Yast, user management, new user. In the Details tab, click “use
encrypted home directory” (and select a size). Follow your nose, that is
as far as I tried.

I think it creates an encrypted filesystem on a loop file, not a
partition. Never used it myself, so I can’t be more explicit.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Yes.

/dev/mapper/_dev_loop1 /home/encfs ext3 rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0
/dev/loop1: ]: (/home/encfs.img)

At least on 12.2 it results in rather noisy output during tty login. Also it does not add pam_mount to su, so doing “su - user” puts you in wrong home.

But it can be used as template to setup your own encrypted partition(s) with pam_mount.

[QUOTE=robin_listas;2530194]On 2013-02-26 04:36, jlturriff wrote:

>> Are you sure? I know that the installer can set up to mount
>> encrypted partitions at boot time (I’ve been doing that since ~openSUSE
>> 10), but if it can set them up to mount at login time, I’ve never seen
>> that. Can you point me to the steps for it?

Absolutely.

Yast, user management, new user. In the Details tab, click “use
encrypted home directory” (and select a size). Follow your nose, that is
as far as I tried.

I think it creates an encrypted filesystem on a loop file, not a
partition. Never used it myself, so I can’t be more explicit.

Okay, I know about that, but that’s not what I’m looking for. I want to mount a partition at login time.

I’m not sure I follow what you mean about su.

But it can be used as template to setup your own encrypted partition(s) with pam_mount.

I’ll see if I can figure that out.

Just edit /etc/security/pam_mount.conf.xml (I think it is the right name) and replace reference to image file to partition. I am not sure how pam_mount manages encryption keys, you may need to experiment.