On Thu, Jun 05, 2014 at 12:24:22AM +0100, Neil Bothwick wrote:
> On Wed, 4 Jun 2014 21:59:18 +0200, Frank Steinmetzger wrote:
> 
> > I encrypt my home partition with LUKS and enter a passphrase
> > during boot. But I always wanted to get decryption upon login running,
> > especially because it would require me to enter one less password. But
> > haven’t gotten around to that yet.
> 
> Are you the only use of the computer? If so, set your display manager to
> auto-login, you have already authenticated yourself by unlocking the home
> partition.

Now that’s an interesting idea I haven’t thought of yet. Thanks. My LUKS
passphrase is much more secure than my ancient user password anyway *hehe*.

> > > With one notable exception. There is sometimes sensitive information
> > > in /etc, like wireless passwords.
> > 
> > For that reason I put this stuff into /home/etc/$hostname/ (I back up my
> > machines’ /etc on all other machines, also to have a reference if I need
> > to know “How did I do this on $other_host?”). And then I symlink to
> > that from the real location, i.e.:
> 
> I used to do that, now I have an encrypted /, which contains the keys for
> any other encrypted volumes, so I still only need to enter one password.

That falls into the category of using initrds which is also far down on my
todo. I understand the mechanics and had played with dracut in the past, but
nothing workable has come out of it yet.

> Nothing is illegal if one hundred businessmen decide to do it.

Like stealing taglines. >:-)

-- 
Gruß | Greetings | Qapla’
Please do not share anything from, with or about me on any social network.

Please notify me if you did not receive this message.