To protect data in home directories against theft and hard disk removal, use the YaST user management module to enable encryption of home directories. You can create encrypted home directories for new or existing users. To encrypt or decrypt home directories of already existing users, you need to know their login password. See Abschnitt „Verwalten verschlüsselter Home-Verzeichnisse“ (Kapitel 8, Verwalten von Benutzern mit YaST, ↑Referenz) for instructions.
Encrypted home partitions are created within a file container as
described in Section 11.1.3, “Creating an Encrypted File as a Container”. Two
files are created under /home
for each encrypted
home directory:
LOGIN
.img
The image holding the directory
LOGIN
.key
The image key, protected with the user's login password.
On login the home directory automatically gets decrypted. Internally, it
is provided by means of the pam module pam_mount. If you need to add an
additional login method that provides encrypted home directories, you
have to add this module to the respective configuration file in
/etc/pam.d/
. For more information see also
Chapter 2, Authentication with PAM and the man page of
pam_mount
.
![]() | Security Restrictions |
---|---|
Encrypting a user's home directory does not provide strong security from other users. If strong security is required, the system should not be shared physically.
To enhance security, also encrypt the |