[pkg-cryptsetup-devel] cryptsetup: Please save password to kernel keyring
Laurent Bigonville
bigon at debian.org
Fri Apr 13 17:01:27 BST 2018
On Mon, 09 Jan 2017 23:58:11 +0100 Laurent Bigonville <bigon at debian.org>
wrote:
> Hi,
>
> Since gdm 3.22, there is a new pam module that unlock the gnome-keyring
> using the keyring using the password of the luks partition.
>
> The idea is that on a single user laptop, the user uses the same
> password for his encrypted root and user in addition to autologin.
>
> Tje pam module read the kernel keyring to find that password with the
> followin code:
>
> serial = find_key_by_type_and_desc ("user", "cryptsetup", 0);
> if (serial == 0)
> return PAM_AUTHINFO_UNAVAIL;
>
> r = keyctl_read_alloc (serial, &cached_password);
>
> So it would be nice if cryptsetup could store that password in the
> keyring after opening successfully the main luks partition.
>
> Regards,
OK, what could be done for this?
I guess that askpass could store the password in the keyring if a flag
is passed to it asking for it?
Would that be a viable solution?
The difficult part would be to detect a wrong password and not store it
I guess?
More information about the pkg-cryptsetup-devel
mailing list