# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-06-01 06:08+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "PAM_SYSTEMD_HOME" msgstr "" #. type: TH #: archlinux fedora-40 mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "systemd 255" msgstr "" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "pam_systemd_home" msgstr "" #. ----------------------------------------------------------------- #. * MAIN CONTENT STARTS HERE * #. ----------------------------------------------------------------- #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "pam_systemd_home - Authenticate users and mount home directories via systemd-" "homed\\&.service" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "pam_systemd_home\\&.so" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "B ensures that home directories managed by B(8) are automatically activated (mounted) on user login, and are " "deactivated (unmounted) when the last session of the user ends\\&. For such " "users, it also provides authentication (when per-user disk encryption is " "used, the disk encryption key is derived from the authentication credential " "supplied at login time), account management (the \\m[blue]B\\m[]\\&\\s-2\\u[1]\\d\\s+2 embedded in the home store contains " "account details), and implements the updating of the encryption password " "(which is also used for user authentication)\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "OPTIONS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The following options are understood:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Takes a boolean argument\\&. If true, the home directory of the user will be " "suspended automatically during system suspend; if false it will remain " "active\\&. Automatic suspending of the home directory improves security " "substantially as secret key material is automatically removed from memory " "before the system is put to sleep and must be re-acquired (through user re-" "authentication) when coming back from suspend\\&. It is recommended to set " "this parameter for all PAM applications that have support for automatically " "re-authenticating via PAM on system resume\\&. If multiple sessions of the " "same user are open in parallel the user\\*(Aqs home directory will be left " "unsuspended on system suspend as long as at least one of the sessions does " "not set this parameter to on\\&. Defaults to off\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that TTY logins generally do not support re-authentication on system " "resume\\&. Re-authentication on system resume is primarily a concept " "implementable in graphical environments, in the form of lock screens brought " "up automatically when the system goes to sleep\\&. This means that if a user " "concurrently uses graphical login sessions that implement the required re-" "authentication mechanism and console logins that do not, the home directory " "is not locked during suspend, due to the logic explained above\\&. That " "said, it is possible to set this field for TTY logins too, ignoring the fact " "that TTY logins actually don\\*(Aqt support the re-authentication " "mechanism\\&. In that case the TTY sessions will appear hung until the user " "logs in on another virtual terminal (regardless if via another TTY session " "or graphically) which will resume the home directory and unblock the " "original TTY session\\&. (Do note that lack of screen locking on TTY " "sessions means even though the TTY session appears hung, keypresses can " "still be queued into it, and the existing screen contents be read without re-" "authentication; this limitation is unrelated to the home directory " "management B and systemd-homed\\&.service implement\\&.)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Turning this option on by default is highly recommended for all sessions, " "but only if the service managing these sessions correctly implements the " "aforementioned re-authentication\\&. Note that the re-authentication must " "take place from a component running outside of the user\\*(Aqs context, so " "that it does not require access to the user\\*(Aqs home directory for " "operation\\&. Traditionally, most desktop environments do not implement " "screen locking this way, and need to be updated accordingly\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This setting may also be controlled via the I<$SYSTEMD_HOME_SUSPEND> " "environment variable (see below), which B reads during " "initialization and sets for sessions\\&. If both the environment variable is " "set and the module parameter specified the latter takes precedence\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "Added in version 245\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "I[=]" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Takes an optional boolean argument\\&. If yes or without the argument, the " "module will log debugging information as it operates\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The module implements all four PAM operations: B (to allow " "authentication using the encrypted data), B (because users with " "systemd-homed\\&.service user accounts are described in a \\m[blue]B\\m[]\\&\\s-2\\u[1]\\d\\s+2 and may be configured in more detail " "than in the traditional Linux user database), B (because user " "sessions must be tracked in order to implement automatic release when the " "last session of the user is gone), B (to change the encryption " "password \\(em also used for user authentication \\(em through PAM)\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "ENVIRONMENT" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The following environment variables are initialized by the module and " "available to the processes of the user\\*(Aqs session:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "I<$SYSTEMD_HOME=1>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Indicates that the user\\*(Aqs home directory is managed by systemd-homed\\&." "service\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "I<$SYSTEMD_HOME_SUSPEND=>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Indicates whether the session has been registered with the suspend mechanism " "enabled or disabled (see above)\\&. The variable\\*(Aqs value is either " "\"0\" or \"1\"\\&. Note that the module both reads the variable when " "initializing, and sets it for sessions\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "Added in version 246\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "EXAMPLE" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Here\\*(Aqs an example PAM configuration fragment that permits users managed " "by systemd-homed\\&.service to log in:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "" "#%PAM-1\\&.0\n" "auth sufficient pam_unix\\&.so\n" "B<-auth sufficient pam_systemd_home\\&.so>\n" "auth required pam_deny\\&.so\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "" "account required pam_nologin\\&.so\n" "B<-account sufficient pam_systemd_home\\&.so>\n" "account sufficient pam_unix\\&.so\n" "account required pam_permit\\&.so\n" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed #, no-wrap msgid "" "B<-password sufficient pam_systemd_home\\&.so>\n" "password sufficient pam_unix\\&.so sha512 shadow try_first_pass\n" "password required pam_deny\\&.so\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "" "-session optional pam_keyinit\\&.so revoke\n" "-session optional pam_loginuid\\&.so\n" "B<-session optional pam_systemd_home\\&.so>\n" "-session optional pam_systemd\\&.so\n" "session required pam_unix\\&.so\n" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "B(1), B(8), B(5), B(1), " "B(8), B(5), B(5), B(8)" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "NOTES" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid " 1." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "JSON user record" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "\\%https://systemd.io/USER_RECORD/" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "systemd 254" msgstr "" #. type: Plain text #: debian-bookworm #, no-wrap msgid "" "B<-password sufficient pam_systemd_home\\&.so>\n" "password sufficient pam_unix\\&.so sha512 shadow try_first_pass use_authtok\n" "password required pam_deny\\&.so\n" msgstr "" #. type: TH #: debian-unstable fedora-rawhide #, no-wrap msgid "systemd 256~rc3" msgstr ""