I would like to create a new user with an encrypted home via homectl. I would like to be able to authenticate with this user via PKCS#11 using my Yubikey and also decrypt the home directory with it.
I can’t get to the end. I enter my PIV PIN, get to the point where I define the password for the new user and then I confirm the whole thing and get:
🔐 Please enter new password for user user: (press TAB•••••••••••••••
🔐 Please enter new password for user user (repeat): (•••••••••••••••
Password incorrect or not sufficient, and configured security token not inserted, please try again.
Can anyone help me? I would really appreciate it.
Another quick question. Which PIV slot do I need for homectl, is it 9a or 9d?
Edit: I edited the homectl command because I had made a few mistakes before.
I have tried a simple homectl command and still can’t get any further:
$ sudo homectl create user --pkcs11-token-uri=auto
🔐 Please enter PIN for security token 'user-9d' in order to unlock home directory operation: ••••••••
Successfully logged into security token 'user-9d'.
Object field 'perMachine' has wrong type null, expected array.
JSON field 'perMachine' is not an array.
I just tried to create the user normally and add the PIV afterwards, but that doesn’t work either, even though the Yubikey is in the computer all the time.
$ sudo homectl update user --pkcs11-token-uri=auto
🔐 Please enter PIN for security token 'user-9d' in order to unlock home directory operation: ••••••••
Successfully logged into security token 'user-9d'.
Updating home directory.
Security token not inserted, refusing.
Edit: I have also deleted the PIV and tried only 9a and 9d slots, but it makes no difference.