PLDWWW: Docs/Ecryptfs
arekm
arekm at pld-linux.org
Sun Feb 6 01:45:49 CET 2011
Author: arekm Date: Sun Feb 6 00:45:49 2011 GMT
Module: PLDWWW URL: http://www.pld-linux.org/Docs/Ecryptfs
---- Log message:
---- Page affected: Docs/Ecryptfs
---- Diffs:
================================================================
New page:
#pragma section-numbers 2
= eCryptfs =
eCryptfs is a POSIX-compliant enterprise-class stacked (on top of other filesystem) cryptographic filesystem for Linux.
== Resources ==
* [https://launchpad.net/ecryptfs/ Project homepage]
== Contents ==
[[TableOfContents]]
== Utils ==
Install ecryptfs-utils-85-4 and pam-pam_ecryptfs-85-4 or newer.
== PAM ==
Three new lines. Note need to be places after pam_unix.so!
{{{
[root at host ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
auth required pam_env.so
auth required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed
auth required pam_unix.so try_first_pass
# ECRYPTFS SUPPORT - has to be AFTER pam_unix
auth optional pam_ecryptfs.so unwrap
account required pam_tally.so file=/var/log/faillog onerr=succeed
account required pam_time.so
account required pam_unix.so
# password [success=1 ignore=reset abort=die default=bad] pam_pwgen.so upper=1 digit=1
password required pam_cracklib.so try_first_pass difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass sha512 shadow use_authtok
# ECRYPTFS SUPPORT - has to be AFTER pam_unix
password required pam_ecryptfs.so
password required pam_exec.so failok seteuid /usr/bin/make -C /var/db
# password required pam_exec.so failok seteuid /usr/bin/make -C /var/yp
session optional pam_keyinit.so revoke debug
session required pam_limits.so change_uid
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
# ECRYPTFS SUPPORT - has to be AFTER pam_unix
session optional pam_ecryptfs.so unwrap
}}}
== Account migration ==
End all USER session, logout from machine and run from root:
{{{ecryptfs-migrate-home -u USER}}}
Follow instruction on the screen.
More information about the pld-cvs-commit
mailing list