Horst Pflugstaedt <[EMAIL PROTECTED]> wrote: >> a) it must be able to boot (remotely) without userinput/passphrase
You can use nfs-root or initramdisk from a trusted machine. >> b) the importtant partitions such as /etc, /var, /usr and /home must be >> encrypted/protected. > > I just ask myself why you bother encrypting a filesystem that will be > accessible to anyone having access to the machine since it boots without > password? No password entry does not mean nopassword. A remote server for the password can ensure, that the machine can only boot on the right subnet and allows easy "earising" of all data by deleting the key on the server. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
