[systemd-devel] [PATCH] add keyscript support to cryptsetup
Tollef Fog Heen
tfheen at err.no
Mon Jul 9 22:36:17 PDT 2012
]] Lennart Poettering
> On Mon, 09.07.12 23:14, Tollef Fog Heen (tfheen at err.no) wrote:
>
> >
> > ]] Lennart Poettering
> >
> > > I wonder what the precise usecases for this are, and whether we can't
> > > find better solutions for these usecases... I mean, we already have the
> > > password agent logic, that is asynchronous, and way more powerful:
> >
> > It's also much harder to write something for.
> >
> > A use case for keyscript is something like
> > https://github.com/tfheen/ykfde/blob/master/helper which (while not
> > really a keyscript as it is) implements integration with Yubikeys. Doing
> > that with the full password agent proposal is much, much harder and
> > doesn't really gain us anything in this case.
>
> Well, but this script is very racy as it expects yubikeys to be
> instantly available at boot. This really needs to be async and watch
> both for yubikeys as they are plugged in and for new passwords as they
> are queired. Also this script expects an interactive console, which is
> extra racy...
It's run in the initramfs, so no, it's not racy at all.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
More information about the systemd-devel
mailing list