ecryptfs-users team mailing list archive

Thread
Date

Re: hardware token

To: Fredrik Thulin <fredrik@xxxxxxxxxx>
From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxx>
Date: Mon, 21 Mar 2011 15:49:13 -0500
Cc: Dustin Kirkland <kirkland@xxxxxxxxxx>, ecryptfs-users <ecryptfs-users@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <AANLkTinhiL2kPrU8+JYfLjvt4N+nDNB6U1QvQ4hv5N8D@mail.gmail.com>
User-agent: Mutt/1.5.20 (2009-06-14)

> For sure. For the authentication part of the PAM module, I've added
> the ability to have multiple tokens for one user (like a backup
> Yubikey, or an administrator with another Yubikey).
> 
> Perhaps it's easier for users to present multiple authentication
> devices (one USB disk, one Yubikey, one smartcard or any combination
> of these) to effectively get backup access to their files, than it is
> to get them to actually print the mount passphrase?
> 
> The mount passphrase would be stored one time for each authentication
> device, encrypted with the PAM_AUTHTOK the authentication device is
> capable of producing.
> 
> Have you had any thoughts along these lines?

FWIW I am hoping to take a good close look thursday or friday.

thanks,
-serge

Attachment: signature.asc
Description: Digital signature

References

hardware token
From: Fredrik Thulin, 2011-03-15
Re: hardware token
From: Serge E. Hallyn, 2011-03-15
Re: hardware token
From: Dustin Kirkland, 2011-03-21
Re: hardware token
From: Fredrik Thulin, 2011-03-21