Ubuntu, Gnome, PAM and ecryptfs

Posted by Michel on Ask Ubuntu See other posts from Ask Ubuntu or by Michel
Published on 2011-11-14T23:50:35Z Indexed on 2011/11/15 10:15 UTC
Read the original article Hit count: 465

Filed under:
|
|

I would like to have a directory accessible to a couple of users, and not readable by maintenance types ... I can do what I want using ecryptfs and a password known only to the "couple of users" in question, who then can mount the directory and use as they see fit.

I would love to be able to automate that process and unlock the directory at login - again, only for the "couple users" in question, without asking a password.

Gnome-keyring is able to store passphrases/passwords encrypted; and, apparently, if I could get a key identity to ecryptfs, Gnome PAM modules would allow the key with that identity to be unlocked, and the directory could be mounted.

Alas, I have found no way to go from point A (Gnome PAM keyring module) to point B (use the unlocked key in ecryptfs).

Another use of the same mechanism would allow to build a "key escrow" mechanism, where keys to encrypted volumes are safekept with, e.g., HR; so that company information in encrypted directories can be recovered if you pass under the proverbial bus.

© Ask Ubuntu or respective owner

Related posts about ecryptfs

Related posts about gnome-keyring