Hi,
On my 12.2 x86_64 machine, each user has a separate, encrypted partition that currently gets mounted at boot-up, no matter which user is going to login. I would like to have a user’s partition mount at login time instead, so that the authorizations for all of the partitions do not have to be entered at boot-up.
I believe that this can be accomplished using **pam-mount, **but I have not been able to puzzle out the right way to do it, though I have read through the pam documentation several times.
I also think that it would be useful to have the setup for such a technique available in the installer.
Does anyone here know how to make this work?
[QUOTE=robin_listas;2530095]On 2013-02-26 03:46, jlturriff wrote:
> I also think that it would be useful to have the setup for such a
> technique available in the installer.
And it does.
I don’t know how to do it manually.
The YaST partitioner module should be able to do it later, too, I think.
Are you sure? I know that the installer can set up to mount encrypted partitions at boot time (I've been doing that since ~openSUSE 10), but if it can set them up to mount at login time, I've never seen that. Can you point me to the steps for it?
>> Are you sure? I know that the installer can set up to mount
>> encrypted partitions at boot time (I’ve been doing that since ~openSUSE
>> 10), but if it can set them up to mount at login time, I’ve never seen
>> that. Can you point me to the steps for it?
Absolutely.
Yast, user management, new user. In the Details tab, click “use
encrypted home directory” (and select a size). Follow your nose, that is
as far as I tried.
I think it creates an encrypted filesystem on a loop file, not a
partition. Never used it myself, so I can’t be more explicit.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
At least on 12.2 it results in rather noisy output during tty login. Also it does not add pam_mount to su, so doing “su - user” puts you in wrong home.
But it can be used as template to setup your own encrypted partition(s) with pam_mount.
>> Are you sure? I know that the installer can set up to mount
>> encrypted partitions at boot time (I’ve been doing that since ~openSUSE
>> 10), but if it can set them up to mount at login time, I’ve never seen
>> that. Can you point me to the steps for it?
Absolutely.
Yast, user management, new user. In the Details tab, click “use
encrypted home directory” (and select a size). Follow your nose, that is
as far as I tried.
I think it creates an encrypted filesystem on a loop file, not a
partition. Never used it myself, so I can’t be more explicit.
Okay, I know about that, but that’s not what I’m looking for. I want to mount a partition at login time.
Just edit /etc/security/pam_mount.conf.xml (I think it is the right name) and replace reference to image file to partition. I am not sure how pam_mount manages encryption keys, you may need to experiment.