[dm-crypt] Remote Passphrase management

karna singh karnamonkster at gmail.com
Sat Jul 2 22:17:23 CEST 2011


Hi Arno,

What if the person is offline or travelling ? this is one of the
limitations.
also the passphrases will be fixed.. which is not the best practice.
any suggestions?

Karan

On Fri, Jul 1, 2011 at 3:31 PM, Arno Wagner <arno at wagner.name> wrote:

> Hi Karan,
>
> there is no passphrase reset function. However you can
> set multiple passphrases with LUKS and can, e.g.,
> put a recovery passphrase in a specific slot. You
> can then make a header backup and store it in a database,
> in order to be able to reinstall that recovery passphrase.
> With ssh as root to the laptops, you can do
> this remotely and, as allways on Linux/Unix,
> scripted. There really is not need for a special
> "tool".
>
> Arno
>
>
> On Fri, Jul 01, 2011 at 10:14:05AM +0530, karna singh wrote:
> > Hi,
> >
> > Is there any integration which can be done with Dmcrypt setup so as to
> get
> > the passphrase reset function through a central management tool.
> > We need to roll out laptops in huge number.
> > laptop OS 64 Bit Ubuntu 10.04 LTS.
> >
> > --
> > BR/
> > *Karan*
>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
> --
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
> arno at wagner.name
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25
> 338F
> ----
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
>
> If it's in the news, don't worry about it.  The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>



-- 
BR/
*Karan*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20110703/27a5e2b4/attachment.html>


More information about the dm-crypt mailing list