Reply
 
Thread Tools Display Modes
  #1  
Old 08-26-2013, 08:34 PM
sysfu sysfu is offline
Senior Member
 
Join Date: Feb 2011
Posts: 318
Thanks: 22
Thanked 34 Times in 27 Posts
Default Add change password to user accounts using PEFS homedir encryption
At this point it time it appears that users with PEFS home directory encryption enabled are not able to change their account passwords.

Please allow users to do this if it's not too much of a nightmare to program.
Reply With Quote
  #2  
Old 08-27-2013, 06:52 PM
kmoore134's Avatar
kmoore134 kmoore134 is offline
Administrator
 
Join Date: May 2005
Location: Knoxville, TN
Posts: 2,568
Thanks: 0
Thanked 163 Times in 127 Posts
Default
It's on my list to look into. Its not a single-command thing, because once encrypted, we would have to decrypt / copy all data into a new directory with a new encryption key. I'm thinking I will write a script to do it as "root" only, when the user isn't logged in, since moving all of your home-directory data while logged in will probably cause lots of things to go haywire.
__________________
----
Kris Moore
PC-BSD Founder
Reply With Quote
  #3  
Old 08-28-2013, 08:55 PM
sysfu sysfu is offline
Senior Member
 
Join Date: Feb 2011
Posts: 318
Thanks: 22
Thanked 34 Times in 27 Posts
Default
I figured something like this was the case.

With regards to performing this operation as the root user, I'm running PCDM in place of GDM. Does PCDM offer the ability the login as the root user?

Or would the PEFS user account password change be better performed by using CTRL-ALT-Function1-12 to switch to a virtual console, logging in as root, and then running the command at the prompt?

Last edited by sysfu; 11-05-2013 at 01:07 AM. Reason: sp
Reply With Quote
  #4  
Old 08-30-2013, 06:09 PM
kmoore134's Avatar
kmoore134 kmoore134 is offline
Administrator
 
Join Date: May 2005
Location: Knoxville, TN
Posts: 2,568
Thanks: 0
Thanked 163 Times in 127 Posts
Default
PCDM has been differed until 10 sometime, so just a FYI it may not work fully with everything.

Changing passwords would be best done as root via a virtual-console. This would be the steps necessary.

(Get a ZFS snapshot first, always a good idea)

1. Login as your user and copy data out of the home-directory that you want to save.
2. Umount PEFS on the users directory /usr/home/<userdir>
3. Remove all the files in /usr/home/<userdir>
4. Change the user password with "passwd"
5. Run "enable_user_pefs <username> <newpassword>"
6. Run "pefs addkey -c /usr/home/<userdir>"
7. Copy your data back to /usr/home/<userdir>
8. Run "pefs flushkeys /usr/home/<userdir>"

Now you can try to re-login again.
__________________
----
Kris Moore
PC-BSD Founder
Reply With Quote
  #5  
Old 05-17-2014, 09:15 PM
sysfu sysfu is offline
Senior Member
 
Join Date: Feb 2011
Posts: 318
Thanks: 22
Thanked 34 Times in 27 Posts
Default
Looks like the script to add this capability was added in February 2014, but it does not appear to be exposed to the User Manager control panel as of PC-BSD 10.0.2-PRE Edge.

Begin design of a script to change a PEFS user / home password.

Last edited by sysfu; 05-17-2014 at 09:17 PM.
Reply With Quote
Reply

Tags
account, password, pefs

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:57 AM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Copyright 2005-2010, The PC-BSD Project. PC-BSD and the PC-BSD logo are registered trademarks of iXsystems.
All other content is freely available for sharing under the terms of the Creative Commons Attribution License.