Portable home directory with state-of-the-art security

Home, Sweet Home

Retroactive User Changes

Regularly, not all the parameters you need are configured when a user is first created in Homed. For example, if you don't have a YubiKey or smartcard when you create a user, you won't be able to use them. The good news is that Homed lets you add details such as decryption devices and modify the details of an account after the event with the homectl update command.

If you want to enable PKCS#11-based or FIDO2-based authentication for an account, you can use either of:

homectl update martin --pkcs11-token-uri=auto
homectl update martin --fido2-device=auto

Because the commands and parameters are the same as when setting up the user, you avoid the need to learn new parameters.

Limits

Homed takes the promise of the mobile home directory quite seriously and implements it sensibly. Despite all the euphoria about the technology, users and admins should not forget that the principle is subject to technical limitations that even Homed cannot define away.

The most relevant limitation here is by no means on the Homed level but relates to the applications you use with your portable directory. The home directory will fill up with garbage relatively quickly if you use it on different systems with different distributions because the configuration files will then contain competing entries. For example, if you use Ubuntu 18.04 on one system and Ubuntu 21.04 on the other, you will find different KDE versions on the two distributions. If you plug the home directory of the KDE version from Ubuntu 18.04 into the computer with Ubuntu 21.04, KDE will find the old configuration files and convert them accordingly. However, the return route is blocked: KDE on Ubuntu 18.04 cannot understand the new configuration and, in the worst case, will create a completely new one.

The problems become even more obvious when you imagine different systems or distributions. A home directory from openSUSE Leap is unlikely to harmonize with Raspbian as used on a Raspberry Pi.

If you want to avoid compatibility problems, you need to take manual steps to prevent some files ending up in your home directory, which has the unpleasant side effect that you then have to configure your own desktop again on every system you use. Alternatively, you can take care to use the shared home directory only on systems that are mutually compatible in the broadest sense.

The Author

Freelance journalist Martin Gerhard Loschwitz focuses primarily on topics such as OpenStack, Kubernetes, and Ceph.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus