summaryrefslogtreecommitdiffstats
path: root/upstream/opensuse-tumbleweed/man7/systemd.system-credentials.7
diff options
context:
space:
mode:
Diffstat (limited to 'upstream/opensuse-tumbleweed/man7/systemd.system-credentials.7')
-rw-r--r--upstream/opensuse-tumbleweed/man7/systemd.system-credentials.7200
1 files changed, 200 insertions, 0 deletions
diff --git a/upstream/opensuse-tumbleweed/man7/systemd.system-credentials.7 b/upstream/opensuse-tumbleweed/man7/systemd.system-credentials.7
new file mode 100644
index 00000000..e3f2cee6
--- /dev/null
+++ b/upstream/opensuse-tumbleweed/man7/systemd.system-credentials.7
@@ -0,0 +1,200 @@
+'\" t
+.TH "SYSTEMD\&.SYSTEM\-CREDENTIALS" "7" "" "systemd 254" "systemd.system-credentials"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+systemd.system-credentials \- System Credentials
+.SH "DESCRIPTION"
+.PP
+\m[blue]\fBSystem and Service Credentials\fR\m[]\&\s-2\u[1]\d\s+2
+are data objects that may be passed into booted systems or system services as they are invoked\&. They can be acquired from various external sources, and propagated into the system and from there into system services\&. Credentials may optionally be encrypted with a machine\-specific key and/or locked to the local TPM2 device, and are only decrypted when the consuming service is invoked\&.
+.PP
+System credentials may be used to provision and configure various aspects of the system\&. Depending on the consuming component credentials are only used on initial invocations or are needed for all invocations\&.
+.PP
+Credentials may be used for any kind of data, binary or text, and may carry passwords, secrets, certificates, cryptographic key material, identity information, configuration, and more\&.
+.SH "WELL KNOWN SYSTEM CREDENTIALS"
+.PP
+\fIfirstboot\&.keymap\fR
+.RS 4
+The console key mapping to set (e\&.g\&.
+"de")\&. Read by
+\fBsystemd-firstboot\fR(1), and only honoured if no console keymap has been configured before\&.
+.RE
+.PP
+\fIfirstboot\&.locale\fR, \fIfirstboot\&.locale\-messages\fR
+.RS 4
+The system locale to set (e\&.g\&.
+"de_DE\&.UTF\-8")\&. Read by
+\fBsystemd-firstboot\fR(1), and only honoured if no locale has been configured before\&.
+\fIfirstboot\&.locale\fR
+sets
+"LANG", while
+\fIfirstboot\&.locale\-message\fR
+sets
+"LC_MESSAGES"\&.
+.RE
+.PP
+\fIfirstboot\&.timezone\fR
+.RS 4
+The system timezone to set (e\&.g\&.
+"Europe/Berlin")\&. Read by
+\fBsystemd-firstboot\fR(1), and only honoured if no system timezone has been configured before\&.
+.RE
+.PP
+\fIlogin\&.issue\fR
+.RS 4
+The data of this credential is written to
+/etc/issue\&.d/50\-provision\&.conf, if the file doesn\*(Aqt exist yet\&.
+\fBagetty\fR(8)
+reads this file and shows its contents at the login prompt of terminal logins\&. See
+\fBissue\fR(5)
+for details\&.
+.sp
+Consumed by
+/usr/lib/tmpfiles\&.d/provision\&.conf, see
+\fBtmpfiles.d\fR(5)\&.
+.RE
+.PP
+\fIlogin\&.motd\fR
+.RS 4
+The data of this credential is written to
+/etc/motd\&.d/50\-provision\&.conf, if the file doesn\*(Aqt exist yet\&.
+\fBpam_motd\fR(8)
+reads this file and shows its contents as "message of the day" during terminal logins\&. See
+\fBmotd\fR(5)
+for details\&.
+.sp
+Consumed by
+/usr/lib/tmpfiles\&.d/provision\&.conf, see
+\fBtmpfiles.d\fR(5)\&.
+.RE
+.PP
+\fInetwork\&.hosts\fR
+.RS 4
+The data of this credential is written to
+/etc/hosts, if the file doesn\*(Aqt exist yet\&. See
+\fBhosts\fR(5)
+for details\&.
+.sp
+Consumed by
+/usr/lib/tmpfiles\&.d/provision\&.conf, see
+\fBtmpfiles.d\fR(5)\&.
+.RE
+.PP
+\fInetwork\&.dns\fR, \fInetwork\&.search_domains\fR
+.RS 4
+DNS server information and search domains\&. Read by
+\fBsystemd-resolved.service\fR(8)\&.
+.RE
+.PP
+\fIpasswd\&.hashed\-password\&.root\fR, \fIpasswd\&.plaintext\-password\&.root\fR
+.RS 4
+May contain the password (either in UNIX hashed format, or in plaintext) for the root users\&. Read by both
+\fBsystemd-firstboot\fR(1)
+and
+\fBsystemd-sysusers\fR(1), and only honoured if no root password has been configured before\&.
+.RE
+.PP
+\fIpasswd\&.shell\&.root\fR
+.RS 4
+The path to the shell program (e\&.g\&.
+"/bin/bash") for the root user\&. Read by both
+\fBsystemd-firstboot\fR(1)
+and
+\fBsystemd-sysusers\fR(1), and only honoured if no root shell has been configured before\&.
+.RE
+.PP
+\fIssh\&.authorized_keys\&.root\fR
+.RS 4
+The data of this credential is written to
+/root/\&.ssh/authorized_keys, if the file doesn\*(Aqt exist yet\&. This allows provisioning SSH access for the system\*(Aqs root user\&.
+.sp
+Consumed by
+/usr/lib/tmpfiles\&.d/provision\&.conf, see
+\fBtmpfiles.d\fR(5)\&.
+.RE
+.PP
+\fIsysusers\&.extra\fR
+.RS 4
+Additional
+\fBsysusers.d\fR(5)
+lines to process during boot\&.
+.RE
+.PP
+\fIsysctl\&.extra\fR
+.RS 4
+Additional
+\fBsysctl.d\fR(5)
+lines to process during boot\&.
+.RE
+.PP
+\fItmpfiles\&.extra\fR
+.RS 4
+Additional
+\fBtmpfiles.d\fR(5)
+lines to process during boot\&.
+.RE
+.PP
+\fIfstab\&.extra\fR
+.RS 4
+Additional mounts to establish at boot\&. For details, see
+\fBsystemd-fstab-generator\fR(8)\&.
+.RE
+.PP
+\fIvconsole\&.keymap\fR, \fIvconsole\&.keymap_toggle\fR, \fIvconsole\&.font\fR, \fIvconsole\&.font_map\fR, \fIvconsole\&.font_unimap\fR
+.RS 4
+Console settings to apply, see
+\fBsystemd-vconsole-setup.service\fR(8)
+for details\&.
+.RE
+.PP
+\fIgetty\&.ttys\&.serial\fR, \fIgetty\&.ttys\&.container\fR
+.RS 4
+Used for spawning additional login prompts, see
+\fBsystemd-getty-generator\fR(8)
+for details\&.
+.RE
+.PP
+\fIvmm\&.notify_socket\fR
+.RS 4
+Configures an
+\fBsd_notify\fR(3)
+compatible
+\fBAF_VSOCK\fR
+socket the service manager will report status information, ready notification and exit status on\&. For details see
+\fBsystemd\fR(1)\&.
+.RE
+.PP
+\fIsystem\&.machine_id\fR
+.RS 4
+Takes a 128bit ID to initialize the machine ID from (if it is not set yet)\&. Interpreted by the service manager (PID 1)\&. For details see
+\fBsystemd\fR(1)\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBsystemd\fR(1),
+\fBkernel-command-line\fR(7),
+\fBsmbios-type-11\fR(7)
+.SH "NOTES"
+.IP " 1." 4
+System and Service Credentials
+.RS 4
+\%https://systemd.io/CREDENTIALS
+.RE
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 00:53:59 +0000