Manualshelf

Quick Start Guide

ManualsBrandsSuse ManualsSoftwareopenSUSE 12.2
141142143144145146147148149150
10.3.2 Enforcing Password Policies
On any system with multiple users, it is a good idea to enforce at least basic password
security policies. Users should change their passwords regularly and use strong
passwords that cannot easily be exploited. For local users, proceed as follows:
Procedure 10.3: Conguring Password Settings
1 Open the YaST User and Group Administration dialog and select the Users
tab.
2 Select the user for which to change the password options and click Edit.
3 Switch to the Password Settings tab. The user's last password change is
displayed on the tab.
4 To make the user change his password at next login, activate Force Pass-
word Change.
5 To enforce password rotation, set a Maximum Number of Days for the
Same Password and a Minimum Number of Days for the Same Password.
6 To remind the user to change his password before it expires, set a number
of Days before Password Expiration to Issue Warning.
7 To restrict the period of time the user can log in after his password has
expired, change the value in Days after Password Expires with Usable Login.
8 You can also specify a certain expiration date for a password. Enter the
Expiration Date in
YYYY-MM-DD
format.
9 For more information about the options and about the default values, click
Help.
10 Apply your changes with OK.
10.3.3 Managing Encrypted Home Directories
To protect data in home directories against theft and hard disk removal, you can
create encrypted home directories for users. These are encrypted with LUKS (Linux
Unied Key Setup), which results in an image and an image key being generated for
the user. The image key is protected with the user's login password. When the user
logs into the system, the encrypted home directory is mounted and the contents are
made available to the user.
NOTE: Fingerprint Reader Devices and Encrypted Home Directories
If you want to use a ngerprint reader device, you must not use encrypted home
directories. Otherwise logging in will fail, because decrypting during login is not
possible in combination with an active ngerprint reader device.
Managing Users with YaST 137