1bda92397SAlex Hornung.\" 2bda92397SAlex Hornung.\" Copyright (c) 2010 3bda92397SAlex Hornung.\" The DragonFly Project. All rights reserved. 4bda92397SAlex Hornung.\" 5bda92397SAlex Hornung.\" Redistribution and use in source and binary forms, with or without 6bda92397SAlex Hornung.\" modification, are permitted provided that the following conditions 7bda92397SAlex Hornung.\" are met: 8bda92397SAlex Hornung.\" 9bda92397SAlex Hornung.\" 1. Redistributions of source code must retain the above copyright 10bda92397SAlex Hornung.\" notice, this list of conditions and the following disclaimer. 11bda92397SAlex Hornung.\" 2. Redistributions in binary form must reproduce the above copyright 12bda92397SAlex Hornung.\" notice, this list of conditions and the following disclaimer in 13bda92397SAlex Hornung.\" the documentation and/or other materials provided with the 14bda92397SAlex Hornung.\" distribution. 15bda92397SAlex Hornung.\" 3. Neither the name of The DragonFly Project nor the names of its 16bda92397SAlex Hornung.\" contributors may be used to endorse or promote products derived 17bda92397SAlex Hornung.\" from this software without specific, prior written permission. 18bda92397SAlex Hornung.\" 19bda92397SAlex Hornung.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20bda92397SAlex Hornung.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21bda92397SAlex Hornung.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22bda92397SAlex Hornung.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23bda92397SAlex Hornung.\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 24bda92397SAlex Hornung.\" INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 25bda92397SAlex Hornung.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26bda92397SAlex Hornung.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 27bda92397SAlex Hornung.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28bda92397SAlex Hornung.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 29bda92397SAlex Hornung.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30bda92397SAlex Hornung.\" SUCH DAMAGE. 31bda92397SAlex Hornung.\" 32bda92397SAlex Hornung.Dd October 22, 2010 33bda92397SAlex Hornung.Dt CRYPTTAB 5 34bda92397SAlex Hornung.Os 35bda92397SAlex Hornung.Sh NAME 36bda92397SAlex Hornung.Nm crypttab 37bda92397SAlex Hornung.Nd encrypted disk device table 38bda92397SAlex Hornung.Sh DESCRIPTION 39bda92397SAlex HornungThe 40bda92397SAlex Hornung.Nm 41bda92397SAlex Hornungfile contains a list of the encrypted disk devices of the system. Each 42bda92397SAlex Hornungencrypted volume is described on a separate line; fields on each line are 43bda92397SAlex Hornungseparated by tabs or spaces. 44bda92397SAlex Hornung.Pp 45bda92397SAlex HornungThe first field, 46bda92397SAlex Hornung.Pq Fa name , 47bda92397SAlex Hornungcontains the name of the resultant crypto volume device, which will 48bda92397SAlex Hornungbe a node in 49bda92397SAlex Hornung.Pa /dev/mapper 50bda92397SAlex Hornungwith the given 51bda92397SAlex Hornung.Pa name . 52bda92397SAlex Hornung.Pp 53bda92397SAlex HornungThe second field, 54bda92397SAlex Hornung.Pq Fa device , 55bda92397SAlex Hornungis the underlying device on which the crypto volume resides and must be 56bda92397SAlex Hornunga full device path to a node in 57bda92397SAlex Hornung.Pa /dev . 58bda92397SAlex Hornung.Pp 59bda92397SAlex HornungThe third field, 60bda92397SAlex Hornung.Pq Fa keyfile , 61bda92397SAlex Hornungis either the value 621dfbc7b8SSascha Wildner.Pa none 63bda92397SAlex Hornungor the full path on the file system to a keyfile to unlock the crypto 64bda92397SAlex Hornungvolume. 65bda92397SAlex HornungIf 661dfbc7b8SSascha Wildner.Pa none 67bda92397SAlex Hornungis specified, the system will prompt for a password during the boot 68bda92397SAlex Hornungsequence. 69bda92397SAlex Hornung.Pp 70bda92397SAlex HornungThe fourth field, 71bda92397SAlex Hornung.Pq Fa options , 725e1ed6baSAlex Hornungcan contain a comma separated list with the following options on 73bda92397SAlex Hornung.Dx 745e1ed6baSAlex Hornungor can be set to 751dfbc7b8SSascha Wildner.Pa none . 765e1ed6baSAlex Hornung.Bl -tag -width keyscript=/script.sh 775e1ed6baSAlex Hornung.It Va tries=N 785e1ed6baSAlex HornungPrompt for the passphrase at most 795e1ed6baSAlex Hornung.Fa N 805e1ed6baSAlex Hornungtimes if the entered passphrase is incorrect. 815e1ed6baSAlex Hornung.It Va timeout=T 825e1ed6baSAlex HornungTime out the interactive passphrase prompt after 835e1ed6baSAlex Hornung.Fa T 845e1ed6baSAlex Hornungseconds. 855e1ed6baSAlex Hornung.It Va keyscript=script 865e1ed6baSAlex HornungRun the script pointed at by 875e1ed6baSAlex Hornung.Fa script 885e1ed6baSAlex Hornungto get the passphrase. The stdout output of the script will be used as the 895e1ed6baSAlex Hornungpassphrase instead of showing an interactive prompt. 905e1ed6baSAlex Hornung.El 912400401dSAlex Hornung.Pp 922400401dSAlex HornungNote that the 932400401dSAlex Hornung.Nm 942400401dSAlex Hornungfile on 952400401dSAlex Hornung.Dx 962400401dSAlex Hornungcurrently only supports LUKS volumes and not raw 972400401dSAlex Hornung.Xr cryptsetup 8 982400401dSAlex Hornungvolumes. 99*b41a18baSAlex Hornung.Pp 100*b41a18baSAlex HornungIf the 101*b41a18baSAlex Hornung.Xr dm_target_crypt 4 102*b41a18baSAlex Hornungtarget is not built-in, make sure to set up 103*b41a18baSAlex Hornung.Xr loader.conf 5 104*b41a18baSAlex Hornungto preload it, since 105*b41a18baSAlex Hornung.Xr dm 4 106*b41a18baSAlex Hornungis not able to autoload the targets before 107*b41a18baSAlex Hornung.Pa /boot 108*b41a18baSAlex Hornungis mounted. 109bda92397SAlex Hornung.Sh FILES 110bda92397SAlex Hornung.Bl -tag -width ".Pa /etc/crypttab" -compact 111bda92397SAlex Hornung.It Pa /etc/crypttab 112bda92397SAlex HornungThe 113bda92397SAlex Hornung.Nm 114bda92397SAlex Hornungfile resides in 115bda92397SAlex Hornung.Pa /etc . 116bda92397SAlex Hornung.El 117bda92397SAlex Hornung.Sh EXAMPLES 118bda92397SAlex HornungThe following line specifies a crypto volume without a keyfile, so 119bda92397SAlex Hornungthat a password will be prompted during the boot sequence. Upon 120bda92397SAlex Hornungsuccessful entry of the password the device 121bda92397SAlex Hornung.Pa /dev/mapper/vol1 122bda92397SAlex Hornungwill be created. 123bda92397SAlex Hornung.Pp 124bda92397SAlex Hornung.Dl "vol1 /dev/da0s1b none none" 125bda92397SAlex Hornung.Pp 126bda92397SAlex HornungThe next example is as the one before but using a keyfile on 127bda92397SAlex Hornung.Pa /boot 128bda92397SAlex Hornunginstead of an interactive password prompt. 129bda92397SAlex Hornung.Pp 130bda92397SAlex Hornung.Dl "vol1 /dev/da0s1b /boot/keyfile.0 none" 1315e1ed6baSAlex Hornung.Pp 1325e1ed6baSAlex HornungThe last example shows the use of the options. It will ask at most 2 times 1335e1ed6baSAlex Hornungfor a passphrase and time out after 10 seconds. 1345e1ed6baSAlex Hornung.Pp 1355e1ed6baSAlex Hornung.Dl "vol1 /dev/da0s1b none tries=2,timeout=10" 136bda92397SAlex Hornung.Sh SEE ALSO 137bda92397SAlex Hornung.Xr cryptsetup 8 138bda92397SAlex Hornung.Sh HISTORY 139bda92397SAlex HornungThe 140bda92397SAlex Hornung.Nm 141bda92397SAlex Hornungfile format appeared in 142bda92397SAlex Hornung.Dx 2.9 . 143