ecryptfs-users team mailing list archive
-
ecryptfs-users team
-
Mailing list archive
-
Message #00091
Re: hardware token
> For sure. For the authentication part of the PAM module, I've added
> the ability to have multiple tokens for one user (like a backup
> Yubikey, or an administrator with another Yubikey).
>
> Perhaps it's easier for users to present multiple authentication
> devices (one USB disk, one Yubikey, one smartcard or any combination
> of these) to effectively get backup access to their files, than it is
> to get them to actually print the mount passphrase?
>
> The mount passphrase would be stored one time for each authentication
> device, encrypted with the PAM_AUTHTOK the authentication device is
> capable of producing.
>
> Have you had any thoughts along these lines?
FWIW I am hoping to take a good close look thursday or friday.
thanks,
-serge
Attachment:
signature.asc
Description: Digital signature
References