From mboxrd@z Thu Jan 1 00:00:00 1970 From: Guillaume Le Vaillant Subject: Re: Unencrypted boot with encrypted root Date: Fri, 03 Apr 2020 21:56:37 +0200 Message-ID: <87y2rcgx6y.fsf@yamatai> References: <87ftdmi7pp.fsf@ambrevar.xyz> <17c316adc8485d1f09f70d291cfaad50258c6c1f.camel@wine-logistix.de> <87k12wsg36.fsf@ambrevar.xyz> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:39048) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jKSQq-00077w-S6 for guix-devel@gnu.org; Fri, 03 Apr 2020 15:56:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jKSQp-00056F-IJ for guix-devel@gnu.org; Fri, 03 Apr 2020 15:56:48 -0400 Received: from mout01.posteo.de ([185.67.36.65]:36999) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jKSQp-0004z1-1z for guix-devel@gnu.org; Fri, 03 Apr 2020 15:56:47 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id A62E716005F for ; Fri, 3 Apr 2020 21:56:44 +0200 (CEST) In-reply-to: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Ellen Papsch skribis: > Am Freitag, den 03.04.2020, 18:13 +0200 schrieb Pierre Neidhardt: >> >> By the way, is it possible to use the user password to unlock the >> $HOME partition? >>=20 > > AFAIK GNU/Linux userland does not support it. GDM or another login > manager would have to integrate that feature somehow. Maybe (maybe) > there is some PAM way, but that's a wild guess. > You can use the pam-mount service to mount paritions when users log in. There's an example in the manual for a user mounting their encrypted '/home/user' directory. And if the user's password matches one of the passwords that can decrypt the partition, you don't have to enter it twice. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQkUwKxurH4Z/3KlryPP4Yfgut6mgUCXoeU9QAKCRCPP4Yfgut6 mu4cAQCmxNdRUlMGVTe3sejcyrthHo0mxTkLtfQmRTTE8Y8ELQEAxz8U/DONs5K6 IGtxbyNLwTgGI2C3R6haSEhGz+L3YgA= =8GGP -----END PGP SIGNATURE----- --=-=-=--