Package pam_mount

A PAM module that can mount volumes for a user session

http://pam-mount.sourceforge.net/

This module is aimed at environments with central file servers that a user
wishes to mount on login and unmount on logout, such as (semi-)diskless
stations where many users can logon and where statically mounting the entire
/home from a server is a security risk, or listing all possible volumes in
/etc/fstab is not feasible.

* Users can define their own list of volumes without having to change
  (possibly non-writable) global config files.
* Single sign-on feature - the user needs to type the password just once (at login)
* Transparent mount process
* No stored passwords
* Volumes are unmounted on logout, freeing system resources and not leaving
  data exposed.

The module also supports mounting local filesystems of any kind the normal
mount utility supports, with extra code to make sure certain volumes are set up
properly because often they need more  than just a mount call, such as
encrypted volumes. This includes SMB/CIFS, FUSE, dm-crypt and LUKS.

If  you  intend  to use pam_mount to protect volumes on your computer using an
encrypted filesystem system, please know that there are many other issues you
need to consider in order to protect your data. For example, you probably want
to disable or encrypt your swap partition (the cryptoswap can help you do
this). Do not assume  a  system  is  secure  without  carefully  considering
potential threats.
File Formats (Section 5)
pam_mount.conf
The pam_mount configuration file defines soft defaults for commands pam_mount will be executing, the messages it will show, and which volumes to mount on login...
System Administration (Section 8)
mount.crypt
mount.crypt [-nrv] [-o options] device directory
pam_mount
This module is aimed at environments with central file servers that a user wishes to mount on login and unmount on logout, such as (semi-)diskless stations...
pmt-ehd
pmt-ehd [-DFx] [-c fscipher] [-h hash] [-k fscipher_keybits] [-t fstype] -f container_path -s size_in_mb
pmvarrun
A separate program is needed so that /var/run/pam_mount/user may be created with a pam_mount-specific security context (otherwise SELinux policy will conflict...
umount.crypt
umount.crypt will unmount directory and disassociates the underlying crypto device, and loop device if such was used.