diff options
Diffstat (limited to 'upstream/mageia-cauldron/man8/pam_systemd_loadkey.8')
| -rw-r--r-- | upstream/mageia-cauldron/man8/pam_systemd_loadkey.8 | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/upstream/mageia-cauldron/man8/pam_systemd_loadkey.8 b/upstream/mageia-cauldron/man8/pam_systemd_loadkey.8 new file mode 100644 index 00000000..679dfd2e --- /dev/null +++ b/upstream/mageia-cauldron/man8/pam_systemd_loadkey.8 @@ -0,0 +1,99 @@ +'\" t +.TH "PAM_SYSTEMD_LOADKEY" "8" "" "systemd 255" "pam_systemd_loadkey" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_systemd_loadkey \- Read password from kernel keyring and set it as PAM authtok +.SH "SYNOPSIS" +.PP +pam_systemd_loadkey\&.so +.SH "DESCRIPTION" +.PP +\fBpam_systemd_loadkey\fR +reads a NUL\-separated password list from the kernel keyring, and sets the last password in the list as the PAM authtok\&. +.PP +The password list is supposed to be stored in the "user" keyring of the root user, by an earlier call to +\fBsystemd-ask-password\fR(1) +with +\fB\-\-keyname=\fR\&. You can pass the keyname to +\fBpam_systemd_loadkey\fR +via the +\fBkeyname=\fR +option\&. +.SH "OPTIONS" +.PP +The following options are understood: +.PP +\fIkeyname=\fR +.RS 4 +Takes a string argument which sets the keyname to read\&. The default is +"cryptsetup", which is used by +\fBsystemd-cryptsetup@.service\fR(8) +to store LUKS passphrase during boot\&. +.sp +Added in version 255\&. +.RE +.PP +\fIdebug\fR +.RS 4 +The module will log debugging information as it operates\&. +.sp +Added in version 255\&. +.RE +.SH "EXAMPLE" +.PP +This module is intended to be used when you use LUKS with a passphrase, enable autologin in the display manager, and want to unlock Gnome Keyring / KDE KWallet automatically\&. So in total, you only enter one password during boot\&. +.PP +You need to set the password of your Gnome Keyring/KWallet to the same as your LUKS passphrase\&. Then add the following lines to your display manager\*(Aqs PAM config under +/etc/pam\&.d/ +(e\&.g\&. +sddm\-autologin): +.sp +.if n \{\ +.RS 4 +.\} +.nf +\-auth optional pam_systemd_loadkey\&.so +\-session optional pam_gnome_keyring\&.so auto_start +\-session optional pam_kwallet5\&.so auto_start + +.fi +.if n \{\ +.RE +.\} +.PP +And add the following lines to your display manager\*(Aqs systemd service file, so it can access root\*(Aqs keyring: +.sp +.if n \{\ +.RS 4 +.\} +.nf +[Service] +KeyringMode=inherit + +.fi +.if n \{\ +.RE +.\} +.PP +In this setup, early during the boot process, +\fBsystemd-cryptsetup@.service\fR(8) +will ask for the passphrase and store it in the kernel keyring with the keyname +"cryptsetup"\&. Then when the display manager does the autologin, pam_systemd_loadkey will read the passphrase from the kernel keyring, set it as the PAM authtok, and then pam_gnome_keyring and pam_kwallet5 will unlock with the same passphrase\&. |