Skip to content

README: add note about ordering pam_fscrypt before pam_systemd #280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ramcq wants to merge 1 commit into from
Closed

README: add note about ordering pam_fscrypt before pam_systemd #280

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,15 @@ locked data is inaccessible; this only needed for v1 encryption policies. All
the types also support the `debug` option which prints additional debug
information to the syslog.

Note that in order for encrypted home directories to work correctly,
`pam_fscrypt.so` must be placed _before_ any other PAM Session modules which
rely on access to the home directory, or start processes which access your
home directory during the duration of your session. Particularly, systems
which use `systemd-logind` for managing jobs and cgroups in user sessions
should order `pam_fscrypt.so` ahead of `pam_systemd.so` to avoid disrupting
user jobs that need access to directories protected with your login
passphrase.

### Allowing `fscrypt` to check your login passphrase

This step is only needed if you installed `fscrypt` from source code.
Expand Down