Hi guys, I thought about a way of de-/encrypting home-directories transparently to users. I've got a vague idea how to realize this in a reasonable way:
* Generate a key, associate it with a new svnd-image, prepare the image * Encrypt the key with the users login password, store it in /home * On login, decrypt the key with the password * Pass the decrypted key to vnconfig and mount the image on $HOME This has some consequences, like - creating a new login facility login_decrypt (or sth. similar) - writing a program for keyfile/image generation and password changing - modify vnconfig to read keys from other sources than stdin Since I already got some code, it might be smart to ask now for some feedback before heading into a completely wrong direction. There are probably better ways to accomplish this, so generally opinions regarding the issue would be cool. All the best, /Markus
