summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Mounting-on-login-using-pam_mount.md41
1 files changed, 39 insertions, 2 deletions
diff --git a/Mounting-on-login-using-pam_mount.md b/Mounting-on-login-using-pam_mount.md
index c098119..783a055 100644
--- a/Mounting-on-login-using-pam_mount.md
+++ b/Mounting-on-login-using-pam_mount.md
@@ -1,4 +1,4 @@
-This works on Fedora 24 with active SELinux.
+This is tested on Fedora 24 and Fedora 31 Workstation with active SELinux.
This also works on Ubuntu 16.04 LTS after installing libpam-mount:
```
@@ -36,10 +36,11 @@ Replace `testuser` with your user name.
PAM config
----------
-An example `/etc/pam.d/sshd` on Fedora 24 is shown below. Basically, pam_mount must be called two times:
+An example `/etc/pam.d/sshd` on Fedora 24 and an example `/etc/pam.d/sddm` on Fedora 31 Workstation is shown below. Basically, pam_mount must be called two times:
1. As the last element in "auth" so it gets the password.
2. As the last element in "session", where it performs the actual mount.
+`/etc/pam.d/sshd`
```
#%PAM-1.0
auth required pam_sepermit.so
@@ -69,6 +70,42 @@ session optional pam_mount.so
# ^^^ insert here #
```
+`/etc/pam.d/sddm`
+```
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth substack password-auth
+-auth optional pam_gnome_keyring.so
+-auth optional pam_kwallet5.so
+-auth optional pam_kwallet.so
+auth include postlogin
+
+# vvv insert here #
+auth optional pam_mount.so
+# ^^^ insert here #
+
+account required pam_nologin.so
+account include password-auth
+
+password include password-auth
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+-session optional pam_ck_connector.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+-session optional pam_gnome_keyring.so auto_start
+-session optional pam_kwallet5.so auto_start
+-session optional pam_kwallet.so auto_start
+session include postlogin
+
+# vvv insert here #
+session optional pam_mount.so
+# ^^^ insert here #
+```
+
Encrypting the whole home directory
-----------------------------------