fai and cryptsetup

Michael Tautschnig mt at debian.org
Sun Sep 26 13:30:48 CEST 2010


> Hi,
> 
> On Sun, Sep 26, 2010 at 01:00:46AM +0200, Michael Tautschnig wrote:
> > Indeed, it was easy :-) - as of 4.0~beta2+experimental17 you should be able to
> > use
> > 
> > luks:"Your passphrase" / ...
> > 
> > instead of just "luks" to get a device encrypted with the passphrase of your
> > choice. The crypttab then has "none" for the keyfile name, which should make it
> > ask you for a passphrase at bootup. Big fat WARNING: this is untested, but
> > testing would be much appreciated :-)
> 
> it seems that the implementation is wrong. I can see from the log that
> it uses the passphrase to generate a key file. That is not right.
> Unfortunately I see the dillemma. You either have to specify a keyfile
> to luksFormat or enter the passphrase on generation, which will not work
> without using expect or something.
> 

[...]

Hmm, I thought that using the keyfile just meant "read key from this file" - can
you just briefly confirm that this is not the case, i.e., using a keyfile is
something totally different from using a passphrase?

Thanks a lot,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20100926/85ab030f/attachment.bin 


More information about the linux-fai mailing list