Bug 464895
| Summary: | Support for global pass phrase for encrypted block devices | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Alexander Todorov <atodorov> | |
| Component: | initscripts | Assignee: | initscripts Maintenance Team <initscripts-maint-list> | |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE <qe-baseos-auto> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 5.3 | CC: | notting, rlerch | |
| Target Milestone: | rc | Keywords: | Reopened | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
On systems with more than two encrypted block devices, anaconda has a option to provide a global passphrase. The init scripts, however, do not support this feature. When booting the system, entering each individual passphrase for all encrypted devices will be required.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 549609 (view as bug list) | Environment: | ||
| Last Closed: | 2008-10-02 14:04:23 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 454962, 549609 | |||
|
Description
Alexander Todorov
2008-10-01 08:00:58 UTC
plymouth is not going in RHEL 5 any time soon, and this really can't be fixed without it. I'm not asking to port plymouth to RHEL 5 but to instrument some logic in the init script responsible for decrypting partitions. The way I see it is: 1) Ask for passphrase 2) Store the pass phrase into some variable in the script 3) Try to unlock the partition, if fails ask again 4) Repeat 1-3 /optionally accumulate entered passwords and try with all/ That would involve writing entirely separate widgetry just to ask for the password and keep it around, as we're certainly not going to be asking for passphrases in shell code. It's not worth it to do a one-off solution like that for RHEL 5. Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Although Anaconda provides the ability to use a global pass phrase for all encrypted block devices this is not supported from the init process. The user will have to manually enter the pass phrase for every encrypted device when booting the system. Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -Although Anaconda provides the ability to use a global pass phrase for all encrypted block devices this is not supported from the init process. The user will have to manually enter the pass phrase for every encrypted device when booting the system.+On systems with more than two encrypted block devices, anaconda has a option to provide a global passphrase. The init scripts, however, do not support this feature. When booting the system, entering each individual passphrase for all encrypted devices will be required. |