36.2 Using Encrypted Home Directories
To protect data in home directories against theft and hard disk removal,
use the YaST user management module to enable encryption of home
directories. You can create encrypted home directories for new or
existing users. To encrypt or decrypt home directories of already
existing users, you need to know their login password. See
Managing Users with YaST, (↑ Start-Up ) for instructions.
Encrypted home partitions are created within a file container as
described in Section 36.1.3, Creating an Encrypted File as a Container. Two files are
created under /home for each encrypted home
The image holding the directory
The image key, protected with the user's login password.
On login the home directory automatically gets decrypted. Internally, it
is provided by means of the pam module pam_mount. If you need to add an
additional login method that provides encrypted home directories, you
have to add this module to the respective configuration file in
/etc/pam.d/. For more information see also
Section 19.0, Authentication with PAM and the man page of pam_mount.