DragonFly On-Line Manual Pages

Search: Section:  

CRYPTTAB(5)              DragonFly File Formats Manual             CRYPTTAB(5)


crypttab -- encrypted disk device table


The crypttab file contains a list of the encrypted disk devices of the system. Each encrypted volume is described on a separate line; fields on each line are separated by tabs or spaces. The first field, (name), contains the name of the resultant crypto volume device, which will be a node in /dev/mapper with the given name. The second field, (device), is the underlying device on which the crypto volume resides and must be a full device path to a node in /dev. The third field, (keyfile), is either the value none or the full path on the file system to a keyfile to unlock the crypto volume. If none is specified, the system will prompt for a password during the boot sequence. The fourth field, (options), can contain a comma separated list with the following options on DragonFly or can be set to none. tries=N Prompt for the passphrase at most N times if the entered passphrase is incorrect. timeout=T Time out the interactive passphrase prompt after T seconds. keyscript=script Run the script pointed at by script to get the passphrase. The stdout output of the script will be used as the passphrase instead of showing an inter- active prompt. Note that the crypttab file on DragonFly currently only supports LUKS volumes and not raw cryptsetup(8) volumes. If the dm_target_crypt(4) target is not built-in, make sure to set up loader.conf(5) to preload it, since dm(4) is not able to autoload the targets before /boot is mounted.


/etc/crypttab The crypttab file resides in /etc.


The following line specifies a crypto volume without a keyfile, so that a password will be prompted during the boot sequence. Upon successful entry of the password the device /dev/mapper/vol1 will be created. vol1 /dev/da0s1b none none The next example is as the one before but using a keyfile on /boot instead of an interactive password prompt. vol1 /dev/da0s1b /boot/keyfile.0 none The last example shows the use of the options. It will ask at most 2 times for a passphrase and time out after 10 seconds. vol1 /dev/da0s1b none tries=2,timeout=10




The crypttab file format appeared in DragonFly 2.9. DragonFly 3.5 October 22, 2010 DragonFly 3.5

Search: Section: