User Tools
docs:ecryptfs
Differences
This shows you the differences between two versions of the page.
|
docs:ecryptfs [2011-02-06 01:45] arekm |
docs:ecryptfs [2011-02-06 01:59] arekm |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | /* pragma: section-numbers 2 */ | ||
| - | |||
| - | |||
| - | ====== eCryptfs ====== | ||
| - | eCryptfs is a POSIX-compliant enterprise-class stacked (on top of other filesystem) cryptographic filesystem for Linux. | ||
| - | |||
| - | |||
| - | |||
| - | ===== Resources ===== | ||
| - | |||
| - | * [[https://launchpad.net/ecryptfs/|Project homepage]] | ||
| - | |||
| - | |||
| - | ===== Contents ===== | ||
| - | /* UndefinedMacro: TableOfContents(None) */ | ||
| - | |||
| - | |||
| - | |||
| - | ===== Utils ===== | ||
| - | Install ecryptfs-utils-85-4 and pam-pam_ecryptfs-85-4 or newer. | ||
| - | |||
| - | |||
| - | |||
| - | ===== PAM ===== | ||
| - | Three new lines. Note need to be places after pam_unix.so! | ||
| - | |||
| - | |||
| - | |||
| - | <file>[root@host ~]# cat /etc/pam.d/system-auth | ||
| - | #%PAM-1.0 | ||
| - | auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed | ||
| - | auth required pam_env.so | ||
| - | auth required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed | ||
| - | auth required pam_unix.so try_first_pass | ||
| - | |||
| - | # ECRYPTFS SUPPORT - has to be AFTER pam_unix | ||
| - | auth optional pam_ecryptfs.so unwrap | ||
| - | |||
| - | account required pam_tally.so file=/var/log/faillog onerr=succeed | ||
| - | account required pam_time.so | ||
| - | account required pam_unix.so | ||
| - | |||
| - | # password [success=1 ignore=reset abort=die default=bad] pam_pwgen.so upper=1 digit=1 | ||
| - | password required pam_cracklib.so try_first_pass difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 | ||
| - | password required pam_unix.so try_first_pass sha512 shadow use_authtok | ||
| - | |||
| - | # ECRYPTFS SUPPORT - has to be AFTER pam_unix | ||
| - | password required pam_ecryptfs.so | ||
| - | |||
| - | password required pam_exec.so failok seteuid /usr/bin/make -C /var/db | ||
| - | # password required pam_exec.so failok seteuid /usr/bin/make -C /var/yp | ||
| - | |||
| - | session optional pam_keyinit.so revoke debug | ||
| - | session required pam_limits.so change_uid | ||
| - | session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid | ||
| - | session required pam_unix.so | ||
| - | |||
| - | # ECRYPTFS SUPPORT - has to be AFTER pam_unix | ||
| - | session optional pam_ecryptfs.so unwrap | ||
| - | </file> | ||
| - | |||
| - | |||
| - | ===== Account migration ===== | ||
| - | End all USER session, logout from machine and run from root: | ||
| - | |||
| - | ''ecryptfs-migrate-home -u USER'' | ||
| - | |||
| - | Follow instruction on the screen. | ||
| - | |||
docs/ecryptfs.txt · Last modified: 2011-02-06 01:59 by arekm
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
