Le septidi 27 thermidor, an CCXXV, Darac Marjal a écrit : > It sounds to me, then, that you'd like the system to be unencrypted, but > your home to be encrypted.
Indeed, that is exactly what I have now. > You want to look into PAM, which I'm sure can do > this. With PAM, the system would come up and all the system daemons would > start. Towards the end of that (or perhaps earlier, depending on the > dependencies), login methods (getty / x-display-manager / sshd / etc) would > become available. You'd log in on one of those and PAM would ensure that > your home is decrypted as part of the session start-up. > > A quick google suggests that pam_mount is your friend here. I *think* that > pam_mount should be able to mount other directories (as well as home), so if > you have a media partition that you'd like mounted, that can be done. Thanks for the pointer. Unfortunately: - If you use SSH, you have to adjust /etc/ssh/sshd_config like this: UsePAM yes UsePrivilegeSeparation no ChallengeResponseAuthentication no PasswordAuthentication yes The second and last point are both deal breakers on their own. Plus, glimpsing at the rest of the documentation, I do not see how it is better than mounting the partition from the session's startup scripts. Regards, -- Nicolas George
