To protect data in home directories against theft and hard disk removal, use the YaST user management module to enable encryption of home directories. You can create encrypted home directories for new or existing users. To encrypt or decrypt home directories of already existing users, you need to know their login password. See Chapter Managing Users with YaST (↑Start-Up) for instructions.
Encrypted home partitions are created within a file container as described
in Section 31.1.3, “Creating an Encrypted File as a Container”. Two files are created
under /home
for each encrypted home directory:
LOGIN
.img
The image holding the directory
LOGIN
.key
The image key, protected with the user's login password.
On login the home directory automatically gets decrypted. Internally, it
is provided by means of the pam module pam_mount. If you need to add an
additional login method that provides encrypted home directories, you
have to add this module to the respective configuration file in
/etc/pam.d/
. For more information see also
Chapter 13, Authentication with PAM and the man page of pam_mount
.
![]() | Security Restrictions |
---|---|
Encrypting a user's home directory does not provide strong security from other users. If strong security is required, the system should not be shared physically.
To enhance security, also encrypt the |