Bug 677962 - RFE: timeout on boot-time LUKS passwords for non-root partitions
Summary: RFE: timeout on boot-time LUKS passwords for non-root partitions
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: 15
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Lennart Poettering
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-16 11:20 UTC by James Heather
Modified: 2011-06-30 21:15 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-02-23 00:45:18 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description James Heather 2011-02-16 11:20:29 UTC
Could boot-time mounting of LUKS partitions please allow for a timeout for password entry? The timeout would ideally be specified in /etc/crypttab. Some partitions (e.g., root partitions) would not want a timeout, but others (e.g., /home) might.

This should be simple to implement, because cryptsetup already has a '--timeout' option.

Several of my machines have unencrypted root, but encrypted /home. The problem is that I generally want /home to be mounted at boot time (so it shouldn't be noauto), but occasionally I need to reboot the machine remotely. At the moment, I just can't do that: I need to be at the terminal to enter the password.

I'd like it set up so that it'll be mounted if I'm rebooting locally and able to enter the password, but times out if I'm rebooting remotely.

Thanks!

James

Comment 1 Bill Nottingham 2011-02-16 13:57:13 UTC
This is unlikely to be added to Fedora 14 at this time, simply because this functionality has moved in Fedora 15 to the systemd package, and therefore it would be a one-off change for future Fedora releases.

Comment 2 James Heather 2011-02-16 14:02:03 UTC
(In reply to comment #1)
> This is unlikely to be added to Fedora 14 at this time, simply because this
> functionality has moved in Fedora 15 to the systemd package, and therefore it
> would be a one-off change for future Fedora releases.

Ah, OK, not personally too bothered if all I have to do is wait for F15. I can live with my hacky solution till then.

So do you mean that pretty much this exact thing is being included in F15 systemd?

James

Comment 3 Bill Nottingham 2011-02-16 14:11:55 UTC
I *think* so... moving over to systemd for clarification.

Comment 4 Lennart Poettering 2011-02-23 00:45:18 UTC
In F15 you can use "timeout=5min" as option in crypttab to make sure we timeout the password entry eventually.

Comment 5 Aissen 2011-06-30 21:15:05 UTC
This feature is nice, but not documented. I searched in crypttab(5), systemd-ask-password(1), systemd.mount(5).
It didn't use to timeout, and I liked it this way. Now I had to go dig into the source code ( http://cgit.freedesktop.org/systemd/tree/src/cryptsetup.c?id=v26#n106 ) to understand how it worked, and change the (new) default behavior to the one I preferred.


Note You need to log in before you can comment on or make changes to this bug.