LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 06-04-2008, 06:08 PM   #1
dschmid
LQ Newbie
 
Registered: Jun 2008
Posts: 2

Rep: Reputation: 0
Many Questions about thinkfinger pam_mount gdm gnome-keyring and luks


Hello, I have a little problem. I'm using Arch on my IBM x60s Thinkpad. First I have configured my System to use thinkfinger for authentification in the shell, gdm and on gnome-screensaver. That works really great. The next thing I wanted to do was to unlock a luks crypted volume on gdm login with my fingerprint. So I tried pam_mount, and added these two lines to my /etc/pam.d/gdm file:

auth optional pam_mount.so
session optional pam_mount.so

With this setup logon with fingerprint is not possible and I get asked for password twice. When I enter my password mounting is ok (my user pass and the pass for the encrypted volume are the same).
For security reasons is my pass over thirty digets and so very frustrating to enter.
I think pam_mount with thinkfinger there is no way to do this because pam_mount needs to get the password.
My question now is - is it possible to unlock gnome-keyring (with pam_keyring???) with thinkfinger input or is that the same issue? If I can store store the password in my keyring to use that for my luksOpen command would be great.

I think that both ways are not possible because one plain password is always needed. It would be great if there where a solution to use only a fingerprint instead of an password to encrypt and decrypt something (with a hash from the fingerprint or something else).

Any tip, idea or anything else is welcome. Thx for any help.
 
Old 06-04-2008, 07:27 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by dschmid View Post
It would be great if there where a solution to use only a fingerprint instead of an password to encrypt and decrypt something (with a hash from the fingerprint or something else).

Any tip, idea or anything else is welcome. Thx for any help.
I don't have an answer to your questions, but I do have a small question of my own: Why would you want to encrypt/decrypt stuff using something you leave in cleartext almost everywhere you go? I'm really curious about this, as your answer might help me understand how people can *solely* rely on something like fingerprints for granting access to stuff.
 
Old 06-04-2008, 07:51 PM   #3
dschmid
LQ Newbie
 
Registered: Jun 2008
Posts: 2

Original Poster
Rep: Reputation: 0
You are right the fingerprint is not the securest solution. But if my notebook gets stolen the chance is very low that the thief is clever enough to get my fingerprint from my keys to use it for login.
Today are many thumbdrives and hdds on the market that uses the fingerprint as key for decrypting the encrypted data on it. So there has to be a way to de- and encrypting date with biometric input.
The best and easiest solution for me now is to use my fingerprint for gdm shell and screensaver. And create a keyring file (gnome-keyring) that prompts me after login for password (12 - 16 digets not so an ugly long one) and mounts automatically my luks volume in gnome. I next try it with an truecrypt file bacause you can chose the algorithms and mix them. I think that increases the security a bit.
 
  


Reply

Tags
gnome, keyring, luks, mount, pam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to disable gnome-keyring? fannymites Linux - Software 19 12-12-2012 09:40 AM
Any way to change the Gnome Keyring password? DarkElf109 Ubuntu 5 05-20-2012 03:08 AM
pam authentication for keyring with thinkfinger Blue_Ice Linux - Security 2 02-25-2010 02:24 PM
Gnome keyring from nowhere fridgitator Linux - Newbie 2 02-20-2008 12:45 AM
How to get rid of the gnome keyring ? thejasondean Linux - Software 4 05-19-2006 03:08 AM


All times are GMT -5. The time now is 06:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration