From mboxrd@z Thu Jan  1 00:00:00 1970
From: Guillaume Le Vaillant <glv@posteo.net>
Subject: Re: Unencrypted boot with encrypted root
Date: Fri, 03 Apr 2020 21:56:37 +0200
Message-ID: <87y2rcgx6y.fsf@yamatai>
References: <87ftdmi7pp.fsf@ambrevar.xyz>
 <17c316adc8485d1f09f70d291cfaad50258c6c1f.camel@wine-logistix.de>
 <87k12wsg36.fsf@ambrevar.xyz>
 <d90905feac53ae8ed431c7428baf09ae87013658.camel@wine-logistix.de>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:39048)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <glv@posteo.net>) id 1jKSQq-00077w-S6
 for guix-devel@gnu.org; Fri, 03 Apr 2020 15:56:50 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <glv@posteo.net>) id 1jKSQp-00056F-IJ
 for guix-devel@gnu.org; Fri, 03 Apr 2020 15:56:48 -0400
Received: from mout01.posteo.de ([185.67.36.65]:36999)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <glv@posteo.net>) id 1jKSQp-0004z1-1z
 for guix-devel@gnu.org; Fri, 03 Apr 2020 15:56:47 -0400
Received: from submission (posteo.de [89.146.220.130])
 by mout01.posteo.de (Postfix) with ESMTPS id A62E716005F
 for <guix-devel@gnu.org>; Fri,  3 Apr 2020 21:56:44 +0200 (CEST)
In-reply-to: <d90905feac53ae8ed431c7428baf09ae87013658.camel@wine-logistix.de>
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org
Sender: "Guix-devel"
 <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
To: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Ellen Papsch <ellen.papsch@wine-logistix.de> skribis:

> Am Freitag, den 03.04.2020, 18:13 +0200 schrieb Pierre Neidhardt:
>>
>> By the way, is it possible to use the user password to unlock the
>> $HOME partition?
>>=20
>
> AFAIK GNU/Linux userland does not support it. GDM or another login
> manager would have to integrate that feature somehow. Maybe (maybe)
> there is some PAM way, but that's a wild guess.
>

You can use the pam-mount service to mount paritions when users log in.

There's an example in the manual for a user mounting their encrypted
'/home/user' directory. And if the user's password matches one of the
passwords that can decrypt the partition, you don't have to enter it
twice.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQkUwKxurH4Z/3KlryPP4Yfgut6mgUCXoeU9QAKCRCPP4Yfgut6
mu4cAQCmxNdRUlMGVTe3sejcyrthHo0mxTkLtfQmRTTE8Y8ELQEAxz8U/DONs5K6
IGtxbyNLwTgGI2C3R6haSEhGz+L3YgA=
=8GGP
-----END PGP SIGNATURE-----
--=-=-=--