To protect data in home directories against theft and hard disk removal, create encrypted home directories for users. These are encrypted with LUKS, which results in an image and an image key generated for the user. The image key is protected with the user's login password. By default, the image and the image key are located in the respective user's home directory. The key can also be located anywhere in the file system—for example, on a removable device that can be mounted manually. To make use of this, specify a persistent device name in the Fstab Options when setting up the device with the YaST expert partitioner.

Use the YaST user management module or the cryptconfig command line tool to enable encryption of home directories. You can create encrypted home directories for new or existing users. To encrypt or modify encrypted home directories of already existing users, enter the user's current login password.

	Security Restrictions
Encrypting a user's home directory does not provide strong security from other users. If strong security is required, the system should not be physically shared. To enhance security, also encrypt the swap partition, /tmp, and /var/tmp, because these can contain temporary images of critical data.

You can encrypt swap, /tmp, and /var/tmp with the YaST partitioner as described in Section 47.1.1, “Creating an Encrypted Partition during Installation” and Section 47.1.3, “Creating an Encrypted File as a Container”. In addition to the options YaST offers, you can use the cryptconfig command line tool for some special tasks.

For more information about the command line tool, run cryptconfig --help to view a list of options available.