[systemd-devel] Hiding systemd-cryptsetup password prompt
Luca Boccassi
luca.boccassi at gmail.com
Tue Jun 4 16:24:36 UTC 2024
Add headless=yes to the crypttab entry for the device you want to
avoid interactive passwords prompt for
On Tue, 4 Jun 2024 at 17:22, Sergio Arroutbi <sarroutb at redhat.com> wrote:
>
> Hello Lennart. Thanks for your quick response.
>
> This option will disable all password prompt ... hiding also our calls to systemd-ask-password ... is it possible to discard systemd-cryptsetup one specifically?
>
> On Tue, Jun 4, 2024 at 2:52 PM Lennart Poettering <lennart at poettering.net> wrote:
>>
>> On Di, 04.06.24 13:08, Sergio Arroutbi (sarroutb at redhat.com) wrote:
>>
>> > Hello.
>> >
>> > We are implementing a feature related to PKCS#11 that, when some conditions
>> > are met (mostly that PKCS11 PIN has not been stored in configuration and
>> > input to our systemd unit), requires systemd-cryptsetup service password
>> > prompt to be hidden from TTY and executed only listening to password
>> > provided by the socket defined in
>> > https://systemd.io/PASSWORD_AGENTS/
>>
>> The boot-time password prompt on the TTY is just an agent too. Mask it
>> via "systemctl mask systemd-ask-password-console.service".
>>
>> Lennart
>>
>> --
>> Lennart Poettering, Berlin
>>
>
>
> --
> Sergio Arroutbi Braojos
> Senior Software Engineer at Red Hat - Special Projects (SECENGSP)
> Red Hat
More information about the systemd-devel
mailing list