They definitely could change the password( just as in a regular non-encrypted setup ). I simply modified login_passwd style a little bit so that when user logins and authenticates via the regular method, the same password is used to attach a vnd device, which is then mounted. So yes, you could change the user( or even root) password without even needing a physical access - root account would suffice (but if you have root account you might just as well read the real password from the memory ). But they would not be able to mount the home directory. As far as I know the only way to avoid this is to encrypt the entire root partition ( or at least /etc ).
On 11/7/05, Will H. Backman <[EMAIL PROTECTED]> wrote: > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of > > Uosis L > > Sent: Monday, November 07, 2005 3:29 PM > > To: Richard P. Koett > > Cc: misc@openbsd.org > > Subject: Re: Trigger on user logout? > > > > Thanks for advices. > > > > All these methods would definitely work, but the problem with shell > > logout file is that vnconfig/umount both need to be executed as root. > > Of course, its possible to make it work that way ( with sudo, suid > > bit, etc ), but that would be kinda complicated ( there would have to > > be an extra suid program which does the real work ). Cron job is an > > interesting idea, but the problem with that is the time delay before > > filesystem becomes inaccessible. What I'm trying to do is to make all > > this mechanism transparent to the shell ( something similar to the > > login styles ), but I get the feeling that I'll have to go with the > > logout file approach... > > I guess this means that the home directory is encrypted in a way that > the user's login password ends up protecting the directory. In your > setup, would someone with access to the physical disk be able to change > the user's password and then login as that user?