Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 884

WARNING: Security Restrictions
Encrypting a user's home directory does not provide strong security from other
users. If strong security is required, the system should not be physically shared.
To enhance security, also encrypt the swap partition, /tmp, and /var/tmp,
because these can contain temporary images of critical data.
You can encrypt swap, /tmp, and /var/tmp with the YaST partitioner as described
in Section 47.1.1, "Creating an Encrypted Partition during Installation"
Section 47.1.3, "Creating an Encrypted File as a Container"
the options YaST offers, you can use the cryptconfig command line tool for some
special tasks.
For example, as a safety for users that may lose their key files, you can create and
add an additional key to the image.
1 Log in to a shell as root.
2 Run
3 To create an encrypted home directory for user tux and to add the administration
4 To change the size of the home directory at any time, use
For more information about the command line tool, run cryptconfig --help to
view a list of options available.
866 Installation and Administration
cryptconfig create-key admin.key
to create a key for administrators.
key to it, enter
cryptconfig make-ehd –extra-key-file=admin.key tux 200
This creates a home directory with the initial size of 200 MB.
cryptconfig enlarge-size image size_to_add_in_MB
(page 863) and
(page 864). In addition to