Public bug reported:
Wishlist item. If separate LUKS/dm_crypt volumes are being used for
each user's home directory they can be auto-mounted at login using
pam_mount by supplying a key file encrypted by the login password via
openssl that contains the LUKS/dm_crypt key and specifying it in
pam_mount.conf. But there is no mechanism for re-encrypting the key
file when the user changes their password resulting in them being left
in the empty home mount directory on their next login. While auto-
mounting an encrypted volume via a generally weak login password reduces
it's effectiveness, this can be mitigated somewhat by storing the keys
somewhere like /etc/keys/dm_crypt with 700 permissions and root
ownership, increasing the default minimum password length to something
>6 characters, and using an encrypted root volume. This setup is
important for easing security implementation on laptops.
** Affects: pam (Ubuntu)
Importance: Undecided
Status: New
--
passwd, pam_mount, and LUKS/dm_crypt need better integration
https://bugs.launchpad.net/bugs/179894
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
