On Fri, Nov 17, 2006 at 11:58:53AM +0100, Andreas Jaeger wrote:
FYI, here're the minutes from our discussion. I hope to see this for 10.3...
Andreas
Topic: Encrypted Home Directories
* Main new feature: Per user encrypted home
* Proposal: - Enable per user encrypted home partitions (using pam_mount) - use dm-crypt + LUKS as default instead of cryptoloop
Challenges + Problems:
* currently KDM accesses home directory before authentification (after user name is known) to get information about the last session. An encrypted home partition this needs changes in the logic.
What about encrypting ~/Documents only per default? Other diretories could be added by the user easily. Mandriva has a very smart way and a nice gui. The encrypted folder is loopmounted over the same folder. So you have /home/joe/secret (which is a dm-crypt container) /home/joe/secret (which shows the unencrypted content after giving the right password. Ideally Konqueror/Nautilus should ask automatically for a passphrase, when clicking on an encrypted container. Of course it would be nicer to have full /home encrypted.
* For ssh-key it's a problem to read the key files since they are stored in the home directory, only password authentification would work.
* Other programs might read the homedirectory, like procmail. We have to check which other programs do this and decide how to handle this, e.g. a shadow home directory (or union filesystems) for procmail, secret keys...
* Backup software is a challenge, users want encrypted backups.
* Manually mounting via /etc/fstab is not possible currently with dm-crypt, other distributions use /etc/fscrypttab or we would need to extra add support to allow this with /etc/fstab.
Use-case: A separate encrypted partition with secrect data that is only mounted manually if needed by the user and then unmounted again.
* On-the-fly upgrade would be fine. Unfortunately dm-crypt uses two extra blocks so this cannot be done without losing data.
* 10.2 has all the basic support for dm-crypt and LUKS but it's not integrated.
* Linux only supports only 255 loopback mounts, so this limits the maximum of users that can be logged in at the same time.
* FUSE and encrypted single files would be an option as well but there are some drawbacks with it.
* Use case: Laptop stolen or taken away. If one user is comprimised, not all should be comprised.
* Masterkey that is encrypted by the users login, so that only one password is needed to login.
* screensaver issues (just close the lid) What happens with a locked screen and laptop taken away still running?
* suspend to disk How to handle suspend to disk? Umount before suspend and remount later?
Changes for this:
YaST changes: * support dm-crypt by default for new installations in yast2-storage * during user creation allow creation of encrypted home directories * During update: Support old cryptoloop partitions and allow new installations.
Base system changes: * Using pam_mount * Enable dm-crypt in boot.crypto * Handle /etc/fstab unless to not regress * Migration programs to migrate from cryptoloop to dm-crypt
Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org