Mailinglist Archive: opensuse (1620 mails)

< Previous Next >
Re: [opensuse] Is there something like Debians Mandos for Opensuse?
On 11/29/2014 09:05 AM, Carlos E. R. wrote:
I don't see how an encrypted root that automatically boots can be a good
thing. If somebody steals the machine, they can "open" it completely!

How does that Mandos does the trick, where is the password stored?

It looks a bit like a Kerberos ticket server.
The key is not stored on the machine with the encrypted ROOTFS.
Rather the boot sequence - think of it as a shim within grub (or
whatever) - contacts the key server much in the same way that a kerberos
enabled session starts up.

That's a pretty broad-brush explanation.

My own Kerberos experience is with AIX machines and applications needing
to authenticate to communicate with another machine. The irony is that
these machines were all in a SPFrame with the common high speed fabric
between them, a *very* closed subnet! The IBM FSE told me that the
AS400 (or whatever they term it today) version of the application suite
ran all on one machine, one CPU but different LPARs :-)

--
/"\
\ / ASCII Ribbon Campaign
X Against HTML Mail
/ \
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups