Requests for Enhancements
Mutiple Logins in Knoppix
I recently had an idea for non-server type computers. This would be implementable on Knoppix, but could be applied to any distribution.
Right now, "knoppix home=scan" will scan media for a knoppix.img file.
It would be cool if the system looked for all files called "home-*.img". For example, I might have a home-hal.img file which would be an encrypted filesystem containg the user hal's home directory.
Suppose it found two files: home-hal.img and home-dave.img. Then the login screen would show four user options: default, hal, dave, and new. Default would create a home directory in the ramdisk using the default settings, just like Knoppix does now.
If I chose hal, it would ask for a passphrase. If that passphrase works on the encrypted home directory, then it would add hal to /etc/passwd, mount the encrypted filesystem at /home/hal, and log me in.
The "new" option would create a new user and a new encrypted home directory on whatever media is chosen.
The advantages are:
- One is not limited to the "knoppix" user.
- There can be mutliple home-directory images for multiple users on the same hard drive.
- This encourages use of encryption for security.
- It seems more natural security model. In the old model of enforcing security, the kernel is expected to respect /etc/passwd and home-directory permissions. User A could always use a live-cd to read User B's private files, even if User B had set the permissions on those files to keep them private.
This idea needs work. But I think it has some promise.