dealing with workstations/servers in standby?
Mourad De Clerck
mourad at aquazul.com
Sat Apr 6 16:10:53 CEST 2013
Hi,
If I understand correctly, the mandos-server decides to not trust the
client anymore after it has been offline for a while.
Is there any way of automatically dealing with servers or workstations
which are put in standby (or switched off even) to save power?
I'm guessing it'd be possible to have a checker access a secret on the
encrypted volume to verify the encrypted volume is still unlocked when
it "comes back", and thus trustworthy. So as long as the box is woken up
and checked by the mandos-server before rebooting, it'd automatically
reboot.
Trouble is that (I'm assuming) if the checker failed in the first place,
it won't re-enable the client after the checker starts succeeding again
- even if the checker is smarter than fping. Is this correct?
The other case, when it comes to workstations that have been switched
off for a longer period (let's say, over the weekend), is there any
scheme that might keep a semblance of security?
Thanks,
-- Mourad
More information about the Mandos-Dev
mailing list