On Wed, Mar 28, 2012 at 09:37:16AM -0700, C.J. Adams-Collier KF7BMP wrote: | card be inserted at boot time. Ryan's history administering the | intranet for a company in the medical field have set his bar probably | higher than DISA's in many ways, but may not require that the physical | token be inserted at boot.
It really depends on which machine it is. The nice thing about LUKS is that you can define multiple keys per encrypted volume. In the case of one of my headless machine, I have two defined: one passphrase I physically type in and a giant on that is on a USB key (in the event I need to reboot the machine but don't want to have to find a monitor and keyboard). Full disk encryption with LUKS is actually pretty easy, and I do have the full process written down. I've been looking for a reason to actually type it out for later use...I'll do that later today and then send it on for reference. later. ryanc -- http://pgp.mit.edu:11371/pks/lookup?search=ryanc%40greengrey.org
pgpMnz65koikt.pgp
Description: PGP signature
