Novell LINUX ENTERPRISE SERVER 11 - DEPLOYMENT Deployment Manual page 181

5 To enforce password rotation, set a Maximum Number of Days for the Same
Password and a Minimum Number of Days for the Same Password.
6 To remind the user to change his password before it expires, set a number of
Days before Password Expiration to Issue Warning.
7 To restrict the period of time the user can log in after his password has expired,
change the value in Days after Password Expires with Usable Login.
8 You can also specify a certain expiration date for a password. Enter the Expi-
ration Date in YYYY-MM-DD format.
9 For more information about the options and about the default values, click
Help.
10 Apply your changes with OK.
12.3.3 Managing Encrypted Home
Directories
To protect data in home directories against theft and hard disk removal, you can create
encrypted home directories for users. These are encrypted with LUKS (Linux Unified
Key Setup), which results in an image and an image key generated for the user. The
image key is protected with the user's login password. When the user logs in to the
system, the encrypted home directory is mounted and the contents are made available
to the user.
NOTE: Fingerprint Reader Devices and Encrypted Home Directories
If you want to use a fingerprint reader device, you must not use encrypted
home directories. Otherwise logging in will fail, because decrypting during login
is not possible in combination with an active fingerprint reader device.
With YaST, you can create encrypted home directories for new or existing users. To
encrypt or modify encrypted home directories of already existing users, you need to
know the user's current login password. By default, all existing user data is copied to
the new encrypted home directory, but it is not deleted from the unencrypted directory.
Managing Users with YaST 169