« Previous 1 2 3 4
Portable home directory with state-of-the-art security
Home, Sweet Home
Retroactive User Changes
Regularly, not all the parameters you need are configured when a user is first created in Homed. For example, if you don't have a YubiKey or smartcard when you create a user, you won't be able to use them. The good news is that Homed lets you add details such as decryption devices and modify the details of an account after the event with the homectl update command.
If you want to enable PKCS#11-based or FIDO2-based authentication for an account, you can use either of:
homectl update martin --pkcs11-token-uri=auto homectl update martin --fido2-device=auto
Because the commands and parameters are the same as when setting up the user, you avoid the need to learn new parameters.
Limits
Homed takes the promise of the mobile home directory quite seriously and implements it sensibly. Despite all the euphoria about the technology, users and admins should not forget that the principle is subject to technical limitations that even Homed cannot define away.
The most relevant limitation here is by no means on the Homed level but relates to the applications you use with your portable directory. The home directory will fill up with garbage relatively quickly if you use it on different systems with different distributions because the configuration files will then contain competing entries. For example, if you use Ubuntu 18.04 on one system and Ubuntu 21.04 on the other, you will find different KDE versions on the two distributions. If you plug the home directory of the KDE version from Ubuntu 18.04 into the computer with Ubuntu 21.04, KDE will find the old configuration files and convert them accordingly. However, the return route is blocked: KDE on Ubuntu 18.04 cannot understand the new configuration and, in the worst case, will create a completely new one.
The problems become even more obvious when you imagine different systems or distributions. A home directory from openSUSE Leap is unlikely to harmonize with Raspbian as used on a Raspberry Pi.
If you want to avoid compatibility problems, you need to take manual steps to prevent some files ending up in your home directory, which has the unpleasant side effect that you then have to configure your own desktop again on every system you use. Alternatively, you can take care to use the shared home directory only on systems that are mutually compatible in the broadest sense.
The Author
Freelance journalist Martin Gerhard Loschwitz focuses primarily on topics such as OpenStack, Kubernetes, and Ceph.
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Systemd-homed is Coming to a Linux Distribution Near You
-
The achievements of and plans for systemd
We talked to systemd maintainer Lennart Poettering about the sense and purpose of some systemd features. -
Cryptographic key access in the cloud
Cryptographic keys, usually available locally but not on remote computers, can be accessed for use in cloud environments. -
News for Admins
In the news: Open source software dominates the enterprise; Linux systems vulnerable to attack; Nine-year-old bug found and fixed in sudo; and systemd-homed is coming to a Linux distribution near you.
-
Secure passwordless logins with FIDO2 and LDAP
Log in to your account securely without a password with LDAP and a schema to establish the objects and attributes required for FIDO2 authentication.