systemd password agent
Teddy Hogeborn
teddy at recompile.se
Sat Jul 27 13:03:25 CEST 2019
jesse at kci.net (Jesse Norell) writes:
> I am trying/wanting to use mandos to decrypt a second disk on a
> stretch system with systemd, and quickly find that keyscript is not
> supported in /etc/crypttab. It seems the correct way to address this
> is to write a password agent for systemd, and I am curious of the
> status of that both as officially supported by the mandos project, and
> if anyone has any working examples they could share.
>
> I came across the 'Mandos on Fedora/RHEL' thread from 2013 where
> Nathanael Noblet mentioned having a proof of concept password agent to
> get started, but in some quick searching I don't see a mandos package
> in RHEL to consult, and I don't see any signs of mandos-agent in the
> mandos source; my guess is I am now fully up to speed on systemd
> support for secondary disks. :)
>
> I'd be glad for any further insights/pointers/etc.
I have just made a commit to trunk which adds support for dracut(8), and
this includes adding a Password Agent program: password-agent(8mandos).
One complication for your use case might be that "password-agent" does
not currently distinguish between password questions, it simply runs
mandos-client (configurable), and when a password is received, this
password is sent to all currently active password questions, and the
agent then exits. This may or may not work for your situation, I guess
you will have to experiment.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20190727/48131f28/attachment.sig>
More information about the Mandos-Dev
mailing list