From Fedora Project Wiki
No edit summary
No edit summary
Line 1: Line 1:
{{admon/important | Comments and Explanations | The page source contains comments providing guidance to fill out each section.  They are invisible when viewing this page.  To read it, choose the "edit" link.<br/> '''Copy the source to a ''new page'' before making changes!  DO NOT EDIT THIS TEMPLATE FOR YOUR FEATURE.'''}}
{{admon/important | Set a Page Watch| Make sure you click ''watch'' on your new page so that you are notified of changes to it by others, including the Feature Wrangler}}
{{admon/note | All sections of this template are required for review by FESCo.  If any sections are empty it will not be reviewed }}
<!-- All fields on this form are required to be accepted by FESCo.
<!-- All fields on this form are required to be accepted by FESCo.
  We also request that you maintain the same order of sections so that all of the feature pages are uniform.  -->
  We also request that you maintain the same order of sections so that all of the feature pages are uniform.  -->

Revision as of 16:24, 22 December 2010


Support for ecryptfs in authconfig

Summary

Authconfig will allow the system administrator to configure automatic mounting of an encrypted area in each user's home directory.

Owner

Current status

  • Targeted release: Fedora 15
  • Last updated: 2010-12-22
  • Percentage of completion: 30%

Detailed Description

pam_ecryptfs is a PAM module that allows to mount a private part of the home directory (or the entire home directory) when a user logs in. However, using pam_ecryptfs in Fedora <=14 is complicated by the configuration style adopted by authconfig. This feature aims at simplifying this across various PAM users and integrating ecryptfs support into authconfig.

Benefit to Fedora

ecryptfs is a useful tool, but it is hard to configure under Fedora. Compared to encrypted partitions, for example, it easily lets the user do encrypted backups.

Scope

Changes are required to PAM, authconfig, and several pam users. All of these have been identified.

How To Test

  1. Set up an ecryptfs private area under ~/Private using ecryptfs-setup-private.
  2. Enable ecryptfs using authconfig (e.g. setting USE_ECRYPTFS=yes under /etc/sysconfig/authconfig and rerunning authconfig-tui --updateall)
  3. Log out and log back in.
  4. mount should show an ecryptfs mount for ~/Private.

Contingency Plan

The feature touches several independent packages, but all patches have precise dependencies included in their bugzilla entries (see here). In case the feature will not be available for F15, it is possible to either revert changes that were already included, or leave them in. In the latter case the changes will be unnecessary, but will not break anything.

Documentation

  • pam_ecryptfs(8) man page (note the man page is a bit Ubuntu-centric, we do not have /etc/pam.d/common-auth and the Fedora implementation will be different in order to support authconfig)

Release Notes

Fedora 15 brings in improved support for eCryptfs, a stacked cryptographic filesystem for Linux. Starting from Fedora 15, authconfig can be used to automatically mount a private encrypted part of the home directory when a user logs in.

Comments and Discussion

Retrieved from "https://fedoraproject.org/w/index.php?title=Features/EcryptfsAuthConfig&oldid=212486"