Additional security for laptops...|
Bill Cox <bill,AT,viasic,DOT,com>|
Fri, 17 Jan 2003 06:12:09 +0100|
I'm a happy cipe user with no significant complaints. There's one
enhancement I'd like to see, since my company works mostly with Linux
I'm encouraging our Linux laptop users to set up cipe clients so they
can be more productive at home. However, if one of our users has a
laptop stollen, or if a friend simply borrows it for a while, we could
have source code stollen, or disks could be erased on servers at work.
These laptops have the key in /etc/cipe/options.cipcb<number> file, and
while it's only readable by root, anyone with one of our laptops in hand
can easily get at it without a password.
To get around this, I've written a simple script to decrypt the key
file, bring up the cipe connection, and then delete the unencrypted key
file. To decrypt the key file, the user has to know the password. This
way, a stollen laptop can't easily be used to access our network.
Would there be any interest in adding a password feature so there would
never be an unencrypted key file on the disk? This would require the
user to type a password to enable a cipe connection. This would not be
good on servers, but it would be nice for laptop clients.