Ubuntu, Gnome, PAM and ecryptfs
Posted
by
Michel
on Ask Ubuntu
See other posts from Ask Ubuntu
or by Michel
Published on 2011-11-14T23:50:35Z
Indexed on
2011/11/15
10:15 UTC
Read the original article
Hit count: 463
I would like to have a directory accessible to a couple of users, and not readable by maintenance types ... I can do what I want using ecryptfs and a password known only to the "couple of users" in question, who then can mount the directory and use as they see fit.
I would love to be able to automate that process and unlock the directory at login - again, only for the "couple users" in question, without asking a password.
Gnome-keyring is able to store passphrases/passwords encrypted; and, apparently, if I could get a key identity to ecryptfs, Gnome PAM modules would allow the key with that identity to be unlocked, and the directory could be mounted.
Alas, I have found no way to go from point A (Gnome PAM keyring module) to point B (use the unlocked key in ecryptfs).
Another use of the same mechanism would allow to build a "key escrow" mechanism, where keys to encrypted volumes are safekept with, e.g., HR; so that company information in encrypted directories can be recovered if you pass under the proverbial bus.
© Ask Ubuntu or respective owner