Created
February 7, 2019 12:08
-
-
Save zilti/f58c80c54d83edebc7e64c7cb51e3932 to your computer and use it in GitHub Desktop.
OpenSUSE eCryptFS PAM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#%PAM-1.0 | |
# | |
# This file is autogenerated by pam-config. All changes | |
# will be overwritten. | |
# | |
# Session-related modules common to all services | |
# | |
# This file is included from other service-specific PAM config files, | |
# and should contain a list of modules that define tasks to be performed | |
# at the start and end of sessions of *any* kind (both interactive and | |
# non-interactive | |
# | |
session optional pam_systemd.so | |
session required pam_limits.so | |
session required pam_unix.so try_first_pass | |
session optional pam_sss.so | |
session required pam_winbind.so | |
session optional pam_umask.so | |
session optional pam_exec.so expose_authtok /etc/security/ecryptfs.bash | |
session optional pam_ecryptfs.so unwrap | |
session optional pam_kwallet5.so | |
session optional pam_env.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
home=`eval echo ~$PAM_USER` | |
ecryptfs=/home/.ecryptfs/$PAM_USER/.ecryptfs | |
read password | |
if [ -d $ecryptfs ]; then | |
# ecryptfs is set | |
echo "Ecryptfs is already configured" | |
exit 0 | |
elif [ `id -u` == 0 ]; then | |
# Setup ecryptfs and make home | |
umask 077 | |
mkdir -p $home | |
group=`id -gn $PAM_USER` | |
chown $PAM_USER:$group $home | |
ecryptfs-setup-private -u $PAM_USER -l "$password" -b --nopwcheck | |
exit 0 | |
else | |
# NOT ROOT | |
echo "Cannot login with 'su' for the first time" | |
exit 1 | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment