If I'm in an HPC environment with multiple login nodes, such as login1, login2..., login3..., HPC generally uses LDAP to manage account login information for these nodes. On login1, I log in with the user1 account and execute fscrypt setup, which creates a .fscrypt folder in the / directory. I then run fscrypt setup /mnt/lustre using login as the login key, followed by fscrypt encryption dir and locking the file. However, when I log in to login2 with the user1 account and execute fscrypt unlock, the fscrypt program cannot find the metadata information located in the / directory, and it prompts the following error.
"ttt" is encrypted with fscrypt.
Policy: 2700eb1e6f935208b14ca12a4aff3b25
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No
Protected with 2 protectors:
PROTECTOR LINKED DESCRIPTION
[cannot follow filesystem link "UUID=1cddd903-cbe0-4491-bf06-a98504e8b27c\nPATH=/\n": protector metadata for a50d4adfab0ce6a2 not found on filesystem /]
a405cfc9c27eebc7 No custom protector "Recovery passphrase for ttt"In this scenario with multiple login nodes, how should I correctly apply the fscrypt tool to encrypt files under shared storage?
If I'm in an HPC environment with multiple login nodes, such as login1, login2..., login3..., HPC generally uses LDAP to manage account login information for these nodes. On login1, I log in with the user1 account and execute fscrypt setup, which creates a .fscrypt folder in the / directory. I then run fscrypt setup /mnt/lustre using login as the login key, followed by fscrypt encryption dir and locking the file. However, when I log in to login2 with the user1 account and execute fscrypt unlock, the fscrypt program cannot find the metadata information located in the / directory, and it prompts the following error.
In this scenario with multiple login nodes, how should I correctly apply the fscrypt tool to encrypt files under shared storage?