placing an encrypted dm - raid dividing on login
I have a dm - raid1 with a LUKS secured dividing md0 on it and also I would certainly like it to be placed instantly when I login, making use of pam_mount.
Until now I have actually set up the pam_mount.conf.xml as adheres to :
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="1" />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<volume
user="me"
path="/dev/mapper/data"
mountpoint="/mnt/data"
fstype="crypt"
cipher="aes-cbc-essiv:sha256"
fskeypath="/home/data.key"
fskeycipher="aes-256-cbc"
fskeyhash="md5" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
Further I included @include common-pammount to /etc/pam.d/login and also /etc/pam.d/gdm.
The trouble though, is that/ dev/mapper/data is not in position when it will be placed. Nonetheless, the placing jobs if I do
cryptsetup luksOpen /dev/md0 data
You can attempt making use of PAM script to run the cryptsetup command at session start.
PAM manuscript runs among 3 trainer manuscripts onsessionopen,
onsessionclose or onauth (relying on the occasion that it is phoned call to take care of) ; each manuscript is passed the customer name and also the conjuring up solution name. If you call for pam_script in your session prior to pam_mount, you can have onsessionopen do the cryptsetup conjuration.
Information and also instances can be located at : http://linux.bononline.nl/linux/pamscript/01/build.html
Related questions