On Wed, Mar 8, 2023 at 11:33 AM Alexey Kuznetsov <[email protected]> wrote:
> > > On Wed, Mar 8, 2023 at 7:11 PM Adrien CLERC <[email protected]> wrote: > >> Le 08/03/2023 à 16:28, Alexey Kuznetsov a écrit : >> >> Hello! >> >> I have an idea about how modern linux should work with encrypted LUKS >> partitions. >> >> Hi, >> >> I'm using LUKS for a long time on both my personal (desktop) and >> professional (laptop) computers. Since they are single user (me), I use >> autologin in the display manager, lightdm in my case. Because there is only >> one slot configured in LUKS, I'm sure this is me, so lightdm can autologin >> safely. >> >> However, you are proposing to solve the case for multiple user computers. >> In that case, I would think about a much simpler design: >> >> - Remember which slot was used to unlock the LUKS root partition >> >> - Make a map with slot -> user to autologin >> >> - Autologin that user on boot >> >> No more passing password, no more password update headache. But only a >> root user can update the map "slot -> user". >> >> Adrien >> > Right. But you still have to remember passpharse and your main account > password. This is not about autologin. This is about unlocking your machine > LUKS with only login/password without having an additional passphrase to > remember. > The reason you can not use Login/Password as the LUKS passphrase is because The Passphrase can not be different for different users. The passphrase is not simply a password but instead it is part of the key material used to decrypt and encrypt. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/ ⠈⠳⣄⠀⠀
