* Miroslav Maiksnar <[EMAIL PROTECTED]> [2006-07-13 00:12:36 +0200]: > Problems with /etc/crypttab are: > 1) I'm not using it at all, because it is located on encrypted partition and > at the moment, when it become accessible is everything already set up. > 2) when I setup information in crypttab according to my needs, i got message > "yaird error: encrypted device 'root' has keyfile specified > in /etc/crypttab:6. This is not supported. (fatal)". And after some RTFM I > found "If the source of the passphrase is something other than the console, > abort. There are too many variables to support this reliably."
Correct. YAIRD doesn't want to mess up your system. This is a feature, not a bug. Consider this: If your system will boot from USB (sometimes that's a hidden option - access your BIOS with a USB stick inserted to find out), why not put the contents of /boot on the stick and do install grub to the MBR of the stick? The configuration change could be accomplished via the chroot jail as earlier mentioned. Your /etc/fstab on the final system would look something like this: # /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/mapper/vgdc-lvroot / ext3 defaults,errors=remount-ro 0 1 /dev/mapper/vgdc-lvusr /usr reiserfs defaults 0 2 /dev/mapper/vgdc-lvvar /var reiserfs defaults 0 2 /dev/mapper/vgdc-lvhome /home reiserfs defaults 0 2 /dev/mapper/vgdc-lvtmp /tmp ext3 defaults 0 2 /dev/mapper/swap none swap sw 0 0 # /dev/sda1 /boot ext2 defaults 0 2 /etc/crypttab like this: # <target name> <source device> <key file> <options> davescrunch /dev/hda5 none cipher=blahblahblah swap /dev/hda2 /etc/keys/swapkey cipher=blahblahblah The stick normally is not mounted at boot, only when you want to do a kernel change by uncommenting the /dev/sda1 line and doing: # mount /dev/sda1 the key is removed from the usbplug when the passphrase is asked for (this indicates the kernel and ramdisk are loaded anyway). Pull the key, type passphrase, machine boots all crypted devices unlocked. The entire system is encrypted. Been using this with yaird for quite some time now... -- Cheers, Dave -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
