Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008 Deployment Manual page 778

LOGIN.key
The image key, protected with the user's login password.
On login the home directory automatically gets decrypted. Internally, it is provided by
means of the pam module pam_mount. If you need to add an additional login method
that provides encrypted home directories, you have to add this module to the respective
configuration file in /etc/pam.d/. For more information see also
thentication with PAM
WARNING: Security Restrictions
Encrypting a user's home directory does not provide strong security from other
users. If strong security is required, the system should not be shared physically.
To enhance security, also encrypt the swap partition and the /tmp and /var/
tmp directories, because these may contain temporary images of critical data.
You can encrypt swap, /tmp, and /var/tmp with the YaST partitioner as de-
scribed in
(page 759) or
(page 760).
42.3 Using vi to Encrypt Single ASCII
The disadvantage of using encrypted partitions is that while the partition is mounted,
at least root can access the data. To prevent this, vi can be used in encrypted mode.
Use vi -x filename to edit a new file. vi prompts you to set a password, after
which it encrypts the content of the file. Whenever you access this file, vi requests the
correct password.
For even more security, you can place the encrypted text file in an encrypted partition.
This is recommended because the encryption used in vi is not very strong.
762 Deployment Guide
(page 495) and the man page of pam_mount.
Section 42.1.1, "Creating an Encrypted Partition during Installation"
Section 42.1.3, "Creating an Encrypted File as a Container"
Text Files
Chapter 24, Au-