What | Removed | Added |
---|---|---|
Status | IN_PROGRESS | RESOLVED |
Resolution | --- | INVALID |
Flags | needinfo?(massimo.burcheri@gmx.de) |
I've discussed this with several security people and the summary is: it can't be done. When you log in using key-based authentication, no secrets actually pass from the client to the server so no information required to unlock the key for the encrypted directory is available on the server side. What would be required is to add a component to the PAM stack to ask for the passphrase which, partialy if not entirely, defeats the purpose of key-based authentication. So I'm closing this bug as "INVALID" as there is no solution to this problem.