system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-22 02:34:54 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

man: lift pam_systemd_homed description to Summary

Browse source 
Also change the title to describe the module more comprehensively.
Follow-up for 90bc309aa2. Suggested
in https://bugzilla.redhat.com/show_bug.cgi?id=2085485#c5.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2022-07-13 10:19:19 +02:00 committed by Luca Boccassi
parent 8ce1a3033f
commit 9e6df03412
1 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
man/pam_systemd_home.xml
View file

@ -17,8 +17,8 @@
<refnamediv>
<refname>pam_systemd_home</refname>
<refpurpose>Automatically mount home directories managed by <filename>systemd-homed.service</filename> on
login, and unmount them on logout</refpurpose>
<refpurpose>Authenticate users and mount home directories via <filename>systemd-homed.service</filename>
</refpurpose>
</refnamediv>
<refsynopsisdiv>
@ -31,7 +31,11 @@
<para><command>pam_systemd_home</command> ensures that home directories managed by
<citerefentry><refentrytitle>systemd-homed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
are automatically activated (mounted) on user login, and are deactivated (unmounted) when the last
session of the user ends.</para>
session of the user ends. For such users, it also provides authentication (when per-user disk encryption
is used, the disk encryption key is derived from the authentication credential supplied at login time),
account management (the <ulink url="https://systemd.io/USER_RECORD/">JSON user record</ulink> embedded in
the home store contains account details), and implements the updating of the encryption password (which
is also used for user authentication).</para>
</refsect1>
<refsect1>
@ -93,13 +97,13 @@
<refsect1>
<title>Module Types Provided</title>
<para>The module implements all four PAM operations: <option>auth</option> (reason: when per-user
disk encryption is used, the disk encryption key is derived from the authentication credential supplied
at login time), <option>account</option> (reason: <filename>systemd-homed.service</filename> account
validity may be configured in more detail than in the traditional Linux user database, and thus needs to
be verified separately), <option>session</option> (user sessions must be tracked, in order to implement
automatic release when the last session of a managed user is gone), <option>password</option> (user
passwords may be changed through PAM).</para>
<para>The module implements all four PAM operations: <option>auth</option> (reason: to allow
authentication using the encrypted data), <option>account</option> (reason: users with
<filename>systemd-homed.service</filename> user accounts are described in a <ulink
url="https://systemd.io/USER_RECORD/">JSON user record</ulink> and may be configured in more detail than
in the traditional Linux user database), <option>session</option> (user sessions must be tracked in order
to implement automatic release when the last session of the user is gone), <option>password</option> (to
change the encryption password — also used for user authentication — through PAM).</para>
</refsect1>
<refsect1>