LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-12-2011, 03:44 AM   #1
guna_pmk
Member
 
Registered: Sep 2008
Posts: 213

Rep: Reputation: 4
crypttab with nfs mounted keyfile


Hi friends,

I am implementing hard drive encryption. I wish to pass a key file to the crypttab from an NFS mounted location. But I could see that the disk encryption process starts very early during the booting process, before fstab is run. I could not find which script, in rc5.d, starts this service.

And I am confused on how nfs mount are performed from fstab, as the network service starts at a very later stage than after fstab is called to mount the local partitions/disks. In my case, I have to wait until the nfs is mounted and then call the /dev/mapper mount (in fastab) to mount the encrypted partition.

Can somebody please clarify this?

Thanks
 
Old 04-13-2011, 05:38 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Read through the boot scripts in /etc/init.d/. If you use the _netdev mount option, a script can run "mount -a -O no_netdev" to mount filesystems that aren't net devices, and defer mounting them until later. It isn't an option on how a filesystem is mounted, but used by scripts to control what gets mounted. Try grepping for no_netdev in the scripts.

Quote:
I wish to pass a key file to the crypttab from an NFS mounted location.
Having the secret on an NFS share defeats the purpose of encryption. It will only protect you when you dispose of the hard drive. The passphrase should be committed to memory and not exist in a file, unless you have it locked in a safe.
 
Old 04-15-2011, 06:14 AM   #3
guna_pmk
Member
 
Registered: Sep 2008
Posts: 213

Original Poster
Rep: Reputation: 4
Apologies for not responding to your suggestion. I have not done anything on that yet. I shall update it when I have done something about this.

For the time being I have created a password protected encrypted volume.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A loop device mounted within an NFS share is not accessible via NFS? srikanthnv Linux - Software 17 12-18-2011 09:31 AM
mounting nfs from a mounted nfs edubidu Linux - Networking 6 01-22-2010 03:54 AM
LXer: How to set up an auto-mounted keyfile based luks partition for your home direct LXer Syndicated Linux News 0 02-13-2009 06:50 AM
export NFS mounted file system via NFS smkamene Linux - Networking 3 02-10-2009 03:12 PM
NFS: a mounted to b, b mounted to c, c can't read a? Steve Cronje Linux - Networking 9 10-25-2004 09:51 AM


All times are GMT -5. The time now is 11:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration