On Thu, Dec 01, 2005 at 01:48:12AM +0100, [EMAIL PROTECTED] wrote: > Hi guys, > > I thought about a way of de-/encrypting home-directories transparently to > users. I've got a vague idea how to realize this in a reasonable way: > > * Generate a key, associate it with a new svnd-image, prepare the image > * Encrypt the key with the users login password, store it in /home > * On login, decrypt the key with the password > * Pass the decrypted key to vnconfig and mount the image on $HOME >
If you write that, I'd probably use it. I have set it up by making my .bash_profile check to see if the homedir is mounted or not and then running the commands to do so if it isn't. The passphrase for the image was not the same. I was thinking about writing some kind of X program to get the password so I didn't need to switch back to console, login to mount my homedir then logout when I use xdm but I never bothered. The extra login wasn't too onerous for me. That setup worked for both svnd devices other similar loopback crypto setups in other operating systems. In your plan have you also considered logins via SSH with keys?
