1PAM_SYSTEMD_HOME(8)            pam_systemd_home            PAM_SYSTEMD_HOME(8)
2
3
4

NAME

6       pam_systemd_home - Automatically mount home directories managed by
7       systemd-homed.service on login, and unmount them on logout
8

SYNOPSIS

10       pam_systemd_home.so
11

DESCRIPTION

13       pam_systemd_home ensures that home directories managed by systemd-
14       homed.service(8) are automatically activated (mounted) on user login,
15       and are deactivated (unmounted) when the last session of the user ends.
16

OPTIONS

18       The following options are understood:
19
20       suspend=
21           Takes a boolean argument. If true, the home directory of the user
22           will be suspended automatically during system suspend; if false it
23           will remain active. Automatic suspending of the home directory
24           improves security substantially as secret key material is
25           automatically removed from memory before the system is put to sleep
26           and must be re-acquired (through user re-authentication) when
27           coming back from suspend. It is recommended to set this parameter
28           for all PAM applications that have support for automatically
29           re-authenticating via PAM on system resume. If multiple sessions of
30           the same user are open in parallel the user's home directory will
31           be left unsuspended on system suspend as long as at least one of
32           the sessions does not set this parameter. Defaults to off.
33
34       debug[=]
35           Takes an optional boolean argument. If yes or without the argument,
36           the module will log debugging information as it operates.
37

MODULE TYPES PROVIDED

39       The module provides all four management operations: auth, account,
40       session, password.
41

ENVIRONMENT

43       The following environment variables are initialized by the module and
44       available to the processes of the user's session:
45
46       $SYSTEMD_HOME=1
47           Indicates that the user's home directory is managed by
48           systemd-homed.service.
49

EXAMPLE

51       Here's an example PAM configuration fragment that permits users managed
52       by systemd-homed.service to log in:
53
54           #%PAM-1.0
55           auth      sufficient pam_unix.so
56           -auth     sufficient pam_systemd_home.so
57           auth      required   pam_deny.so
58
59           account   required   pam_nologin.so
60           -account  sufficient pam_systemd_home.so
61           account   sufficient pam_unix.so
62           account   required   pam_permit.so
63
64           -password sufficient pam_systemd_home.so
65           password  sufficient pam_unix.so sha512 shadow try_first_pass try_authtok
66           password  required   pam_deny.so
67
68           -session  optional   pam_keyinit.so revoke
69           -session  optional   pam_loginuid.so
70           -session  optional   pam_systemd_home.so
71           -session  optional   pam_systemd.so
72           session   required   pam_unix.so
73

SEE ALSO

75       systemd(1), systemd-homed.service(8), homed.conf(5), homectl(1),
76       pam_systemd(8), pam.conf(5), pam.d(5), pam(8)
77
78
79
80systemd 245                                                PAM_SYSTEMD_HOME(8)
Impressum