Multiple Passwords on One Account
I'd like to join three ideas into one interesting and sometimes useful feature. There was a question about using multiple passwords earlier this year, but it didn't receive much attention. I'd like to ask the question again after showing an interesting and new way to use the feature. The three original posts I found to be interestingly combined were:
Multiple passwords per user
http://blog.littleimpact.de/index.php/2009/09/14/automatic-encryption-of-home-directories-using-truecrypt-62-and-pam_exec/
http://www.truecrypt.org/docs/hidden-volume
Basically I'd like to login to my account with two passwords and depending on the password I use, I would get a different content in my home directory. In a way I would get a cryptographically hidden account into my system. So the question is, is it possible to allow multiple passwords to log on to Ubuntu/Linux for the same user?
Solution 1:
- Not with native Linux/Ubuntu (ie. by manually editing the password files);
- It is possible using a LDAP server. The
userPassword
can have more than 1 value.
But there is NO way to distinguish between the 2 passwords after logon. The password is not kept in memory or set to a variable after the initial check so this ...
Basically I'd like to login to my account with two passwords and depending on the password I use, I would get a different content in my home directory.
... is not going to be possible. What you want is pretty impossible anyways. Hiding is never a good method.
- In general I would advice to use 2 accounts. Than means 2 /home/'s. Those 2 are separated as it is but the one with the extra data should be the admin/sudo and the one that does not need to see this data should be a normal account.
Besides that there are some commands that might be handy ...
-
chmod og-rwx {file}
will make the files only viewable by that user. - Or similar:
attr -s hidden -V true {file}
.
Hiding though is never a good method. "obscurity" is not a valid method for protecting data.
If these files are that important I would not store them on the machine and use an external medium like an USB stick. And only attach it when it is "safe".