On Sun, 2004-11-14 at 13:16 -0600, W. Michael Petullo wrote:
3. Pam-keyring.
The pam-keyring PAM module unlocks a GNOME keyring for a user using that
user's login password. The idea behind pam-keyring is to make using
GNOME keyrings as transparent as possible. Pam-keyring is available
at
http://flyn.org/projects/pam_keyring/index.html.
I think it would be awesome to get something like into the distro.
<snip>
5. Automounting encrypted removable filesystems.
I would like to see encrypted removable filesystems handled as
transparently as other removable media. Red Hat bug #133461
discusses this a bit. I have done some experimentation with
this and have a prototype working. However, my work contains
a large kludge to get HAL to acknowledge dm-crypt filesystems
properly. Documentation of this shortcoming may be found at
http://freedesktop.org/pipermail/hal/2004-September/001051.html and
http://marc.theaimsgroup.com/?l=linux-kernel&m=109937418210973&w=2.
I'm actually working on this; I found it requires some metadata on the
encrypted partition to work really well [1], but I think I got most of
the things sorted such that gnome-volume-manager can popup a dialog
asking for a passphrase when encrypted media is inserted. If the
passphrase is correct the media will automount; I'll post to the hal
mailing list about this when it has matured a bit (probably within a few
weeks).
Cheers,
David
[1] : e.g. to make hal detect that this is in fact an encrypted
filesystem; what cipher is used; to store a passphrase-protected
encryption key and so on. Fortunately, ext3 has room for such metadata
(the first 512 bytes are simply ignored) and vfat can be uhmm,
manipulated, to do the same.