Encryption of user data on redhat 5 and 6

[Robert Freeman-Day]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would suggest ecryptfs.  It is in the repositories as well and is a
layered filesystem with pam modules (enabling ftp and ssh mounting,
etc.).  Each user would have their own layered encrypted filesystem and
is done on the fly...so files that are not used are not going to be
decrypted.

Here is one of the developer's blogs talking about ecryptfs (some
entries are Ubu based, but most content still applies):
http://blog.dustinkirkland.com/search/label/ecryptfs

Here is the upstream site:
https://launchpad.net/ecryptfs

RHN package details:
https://rhn.redhat.com/errata/RHSA-2009-1307.html

Docs from IBM:
http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaai/secure/liaaisecureecryptfs.htm
and
http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaai/secure/liaaisecuresusermount.htm

Have fun!
Robert

On 11/02/2010 04:04 PM, Yard, John wrote:
> 
> I am researching encryption of user data on redhat.
> 
> Rh Enterprise 5/6 would be the levels.
> 
> The encryption/dycryption  of user data  on disk must be 
> dynamic and transparent to both ftp and ssh sessions,
> no special commands to encrypt/decrypt user data. Everything
> is scripted, no user intervention.  
> 
> Would like to encrypt/decrypt on a directory driven basis 
> vs a filesystem basis , but this is not an absolute requirement. 
> 
> The filesystems are mounted. Mapping user to filesystem
> is problematic , because there are +300 users , and 
> am not sure how this would scale up .
> 
> Ideas ? Suggestions/ 
> 
> Thks,
> 
> JYard
> UCLA 
> 

- -- 
________

Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzQf4gACgkQup357T5MfTYgkgCg0aaLTzUWzFHw0LiieRo+3g4v
J5EAoJYJguj8JpEVvHtI6rDYcZD2I3IH
=PMQH
-----END PGP SIGNATURE-----