NAME
crypttab —
encrypted disk device table
DESCRIPTION
Thecrypttab file contains a list of the encrypted disk
devices of the system. Each encrypted volume is described on a separate line;
fields on each line are separated by tabs or spaces.
The first field, (name), contains the name of the resultant crypto volume device, which will be a node in /dev/mapper with the given name.
The second field, (device), is the underlying device on which the crypto volume resides and must be a full device path to a node in /dev.
The third field, (keyfile), is either the value none or the full path on the file system to a keyfile to unlock the crypto volume. If none is specified, the system will prompt for a password during the boot sequence.
The fourth field, (options), can contain a comma separated list with the following options on DragonFly or can be set to none.
- tries=N
- Prompt for the passphrase at most N times if the entered passphrase is incorrect.
- timeout=T
- Time out the interactive passphrase prompt after T seconds.
- keyscript=script
- Run the script pointed at by script to get the passphrase. The stdout output of the script will be used as the passphrase instead of showing an interactive prompt.
Note that the crypttab file on
DragonFly currently only supports LUKS volumes and
not raw
cryptsetup(8) volumes.
If the dm_target_crypt(4) target is not built-in, make sure to set up loader.conf(5) to preload it, since dm(4) is not able to autoload the targets before /boot is mounted.
FILES
- /etc/crypttab
- The
crypttabfile resides in /etc.
EXAMPLES
The following line specifies a crypto volume without a keyfile, so that a password will be prompted during the boot sequence. Upon successful entry of the password the device /dev/mapper/vol1 will be created.
vol1 /dev/da0s1b none
noneThe next example is as the one before but using a keyfile on /boot instead of an interactive password prompt.
vol1 /dev/da0s1b /boot/keyfile.0
noneThe last example shows the use of the options. It will ask at most 2 times for a passphrase and time out after 10 seconds.
vol1 /dev/da0s1b none
tries=2,timeout=10SEE ALSO
HISTORY
The crypttab file format appeared in
DragonFly 2.9.