From 0446020d0cc5a4c33e9f7fcc2270ca85721d9296 Mon Sep 17 00:00:00 2001 From: gnu300 Date: Thu, 14 Nov 2019 16:21:35 +0100 Subject: adding information for Fedora 31 Workstation --- Mounting-on-login-using-pam_mount.md | 41 ++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/Mounting-on-login-using-pam_mount.md b/Mounting-on-login-using-pam_mount.md index c098119..783a055 100644 --- a/Mounting-on-login-using-pam_mount.md +++ b/Mounting-on-login-using-pam_mount.md @@ -1,4 +1,4 @@ -This works on Fedora 24 with active SELinux. +This is tested on Fedora 24 and Fedora 31 Workstation with active SELinux. This also works on Ubuntu 16.04 LTS after installing libpam-mount: ``` @@ -36,10 +36,11 @@ Replace `testuser` with your user name. PAM config ---------- -An example `/etc/pam.d/sshd` on Fedora 24 is shown below. Basically, pam_mount must be called two times: +An example `/etc/pam.d/sshd` on Fedora 24 and an example `/etc/pam.d/sddm` on Fedora 31 Workstation is shown below. Basically, pam_mount must be called two times: 1. As the last element in "auth" so it gets the password. 2. As the last element in "session", where it performs the actual mount. +`/etc/pam.d/sshd` ``` #%PAM-1.0 auth required pam_sepermit.so @@ -69,6 +70,42 @@ session optional pam_mount.so # ^^^ insert here # ``` +`/etc/pam.d/sddm` +``` +auth [success=done ignore=ignore default=bad] pam_selinux_permit.so +auth substack password-auth +-auth optional pam_gnome_keyring.so +-auth optional pam_kwallet5.so +-auth optional pam_kwallet.so +auth include postlogin + +# vvv insert here # +auth optional pam_mount.so +# ^^^ insert here # + +account required pam_nologin.so +account include password-auth + +password include password-auth + +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +-session optional pam_ck_connector.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include password-auth +-session optional pam_gnome_keyring.so auto_start +-session optional pam_kwallet5.so auto_start +-session optional pam_kwallet.so auto_start +session include postlogin + +# vvv insert here # +session optional pam_mount.so +# ^^^ insert here # +``` + Encrypting the whole home directory ----------------------------------- -- cgit v1.2.3