Some starting documents
Dick Middleton
dick at fouter.net
Sat Dec 1 12:43:43 CET 2012
On 12/01/12 09:36, Zenny wrote:
> Hi again:
>
> I thoroughly read the documents in the site, yet I cannot figure out
> how to achieve this:
>
> 1) Two mandos servers-clients authenticating between each other which
> in turn provide authentication passwords to the local clients
Mandos servers and Mandos clients are completely separate things. You need to
configure each server also as a client and give the other server its client
config.
> 2) The /boot is not partitioned, yet / and swap is encrypted over LVM
> (dm-crypt plus LUKS).
/boot can't be encrypted; kernel must be readable. I'm not sure if it can
even be an LVM partition. Need to check grub manual for that. I usually make
the first partition on each disk about 250MB and install kernel/initrd and
grub etc in each. You can mirror these boot partitions if you want RAID0.
> I searched over the Net and could not figure out how to achieve this.
> Any pointers shall be appreciated.
Usually the rest of the disk is made a single (possibly RAID) partition and
then LUKS encrypted. lvm then uses the encrypted partition. However you can,
if you prefer, use the un-encrypted partiton for lvm and encrypt each logical
volume individually as required.
I hope that helps
Dick
More information about the Mandos-Dev
mailing list