]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.system-credentials.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
man: update version information
[thirdparty/systemd.git] / man / systemd.system-credentials.xml
CommitLineData
0bbc5a56
LP		 1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
5
4623eecb 6<refentry id="systemd.system-credentials" xmlns:xi="http://www.w3.org/2001/XInclude">
0bbc5a56
LP		 7
8 <refentryinfo>
9 <title>systemd.system-credentials</title>
10 <productname>systemd</productname>
11 </refentryinfo>
12
13 <refmeta>
14 <refentrytitle>systemd.system-credentials</refentrytitle>
15 <manvolnum>7</manvolnum>
16 </refmeta>
17
18 <refnamediv>
19 <refname>systemd.system-credentials</refname>
20 <refpurpose>System Credentials</refpurpose>
21 </refnamediv>
22
23 <refsect1>
24 <title>Description</title>
25
26 <para><ulink url="https://systemd.io/CREDENTIALS">System and Service Credentials</ulink> are data objects
27 that may be passed into booted systems or system services as they are invoked. They can be acquired from
28 various external sources, and propagated into the system and from there into system services. Credentials
29 may optionally be encrypted with a machine-specific key and/or locked to the local TPM2 device, and are
30 only decrypted when the consuming service is invoked.</para>
31
32 <para>System credentials may be used to provision and configure various aspects of the system. Depending
33 on the consuming component credentials are only used on initial invocations or are needed for all
34 invocations.</para>
35
36 <para>Credentials may be used for any kind of data, binary or text, and may carry passwords, secrets,
37 certificates, cryptographic key material, identity information, configuration, and more.</para>
38 </refsect1>
39
40 <refsect1>
41 <title>Well known system credentials</title>
42
8914f7e8 43 <variablelist class='system-credentials'>
0bbc5a56
LP		 44 <varlistentry>
45 <term><varname>firstboot.keymap</varname></term>
46 <listitem>
47 <para>The console key mapping to set (e.g. <literal>de</literal>). Read by
48 <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
49 and only honoured if no console keymap has been configured before.</para>
ec07c3c8
AK		 50
51 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 52 </listitem>
53 </varlistentry>
54
55 <varlistentry>
56 <term><varname>firstboot.locale</varname></term>
8914f7e8 57 <term><varname>firstboot.locale-messages</varname></term>
0bbc5a56
LP		 58 <listitem>
59 <para>The system locale to set (e.g. <literal>de_DE.UTF-8</literal>). Read by
60 <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
61 and only honoured if no locale has been configured before. <varname>firstboot.locale</varname> sets
62 <literal>LANG</literal>, while <varname>firstboot.locale-message</varname> sets
63 <literal>LC_MESSAGES</literal>.</para>
aefdc112
AK		 64
65 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 66 </listitem>
67 </varlistentry>
68
69 <varlistentry>
70 <term><varname>firstboot.timezone</varname></term>
71 <listitem>
72 <para>The system timezone to set (e.g. <literal>Europe/Berlin</literal>). Read by
73 <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
74 and only honoured if no system timezone has been configured before.</para>
ec07c3c8
AK		 75
76 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 77 </listitem>
78 </varlistentry>
79
80 <varlistentry>
81 <term><varname>login.issue</varname></term>
82 <listitem>
83 <para>The data of this credential is written to
f37f0f35
ZJS		 84 <filename>/etc/issue.d/50-provision.conf</filename>, if the file doesn't exist yet.
85 <citerefentry project='man-pages'><refentrytitle>agetty</refentrytitle><manvolnum>8</manvolnum></citerefentry>
86 reads this file and shows its contents at the login prompt of terminal logins. See
87 <citerefentry project='man-pages'><refentrytitle>issue</refentrytitle><manvolnum>5</manvolnum></citerefentry>
88 for details.</para>
0bbc5a56
LP		 89
90 <para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
91 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
ec07c3c8
AK		 92
93 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 94 </listitem>
95 </varlistentry>
96
97 <varlistentry>
98 <term><varname>login.motd</varname></term>
99 <listitem>
100 <para>The data of this credential is written to <filename>/etc/motd.d/50-provision.conf</filename>,
f37f0f35
ZJS		 101 if the file doesn't exist yet.
102 <citerefentry project='man-pages'><refentrytitle>pam_motd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
0bbc5a56 103 reads this file and shows its contents as "message of the day" during terminal logins. See
f37f0f35
ZJS		 104 <citerefentry project='man-pages'><refentrytitle>motd</refentrytitle><manvolnum>5</manvolnum></citerefentry>
105 for details.</para>
0bbc5a56
LP		 106
107 <para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
108 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
ec07c3c8
AK		 109
110 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 111 </listitem>
112 </varlistentry>
113
114 <varlistentry>
115 <term><varname>network.hosts</varname></term>
116 <listitem>
117 <para>The data of this credential is written to <filename>/etc/hosts</filename>, if the file
f37f0f35
ZJS		 118 doesn't exist yet. See
119 <citerefentry project='man-pages'><refentrytitle>hosts</refentrytitle><manvolnum>5</manvolnum></citerefentry>
120 for details.</para>
0bbc5a56
LP		 121
122 <para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
123 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
ec07c3c8
AK		 124
125 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 126 </listitem>
127 </varlistentry>
128
116687f2
LP		 129 <varlistentry>
130 <term><varname>network.dns</varname></term>
131 <term><varname>network.search_domains</varname></term>
132 <listitem>
133 <para>DNS server information and search domains. Read by
134 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
ec07c3c8
AK		 135
136 <xi:include href="version-info.xml" xpointer="v253"/>
116687f2
LP		 137 </listitem>
138 </varlistentry>
139
0bbc5a56
LP		 140 <varlistentry>
141 <term><varname>passwd.hashed-password.root</varname></term>
142 <term><varname>passwd.plaintext-password.root</varname></term>
143 <listitem>
144 <para>May contain the password (either in UNIX hashed format, or in plaintext) for the root users.
145 Read by both
146 <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
147 and
148 <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
149 and only honoured if no root password has been configured before.</para>
ec07c3c8
AK		 150
151 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 152 </listitem>
153 </varlistentry>
154
155 <varlistentry>
156 <term><varname>passwd.shell.root</varname></term>
157 <listitem>
158 <para>The path to the shell program (e.g. <literal>/bin/bash</literal>) for the root user. Read by
159 both
160 <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
161 and
162 <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
163 and only honoured if no root shell has been configured before.</para>
ec07c3c8
AK		 164
165 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 166 </listitem>
167 </varlistentry>
168
169 <varlistentry>
170 <term><varname>ssh.authorized_keys.root</varname></term>
171 <listitem>
172 <para>The data of this credential is written to <filename>/root/.ssh/authorized_keys</filename>, if
173 the file doesn't exist yet. This allows provisioning SSH access for the system's root user.</para>
174
175 <para>Consumed by <filename>/usr/lib/tmpfiles.d/provision.conf</filename>, see
176 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
ec07c3c8
AK		 177
178 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 179 </listitem>
180 </varlistentry>
181
182 <varlistentry>
183 <term><varname>sysusers.extra</varname></term>
184 <listitem>
185 <para>Additional
186 <citerefentry><refentrytitle>sysusers.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
187 lines to process during boot.</para>
ec07c3c8
AK		 188
189 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 190 </listitem>
191 </varlistentry>
192
193 <varlistentry>
194 <term><varname>sysctl.extra</varname></term>
195 <listitem>
196 <para>Additional
197 <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> lines
198 to process during boot.</para>
ec07c3c8
AK		 199
200 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 201 </listitem>
202 </varlistentry>
203
204 <varlistentry>
205 <term><varname>tmpfiles.extra</varname></term>
206 <listitem>
207 <para>Additional
208 <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
209 lines to process during boot.</para>
ec07c3c8
AK		 210
211 <xi:include href="version-info.xml" xpointer="v252"/>
0bbc5a56
LP		 212 </listitem>
213 </varlistentry>
214
6ac62485
LP		 215 <varlistentry>
216 <term><varname>fstab.extra</varname></term>
217
218 <listitem>
219 <para>Additional mounts to establish at boot. For details, see
220 <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
ec07c3c8
AK		 221
222 <xi:include href="version-info.xml" xpointer="v254"/>
6ac62485
LP		 223 </listitem>
224 </varlistentry>
225
ea575e17
LP		 226 <varlistentry>
227 <term><varname>vconsole.keymap</varname></term>
228 <term><varname>vconsole.keymap_toggle</varname></term>
229 <term><varname>vconsole.font</varname></term>
230 <term><varname>vconsole.font_map</varname></term>
231 <term><varname>vconsole.font_unimap</varname></term>
232 <listitem>
233 <para>Console settings to apply, see
234 <citerefentry><refentrytitle>systemd-vconsole-setup.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details.</para>
ec07c3c8
AK		 235
236 <xi:include href="version-info.xml" xpointer="v253"/>
ea575e17
LP		 237 </listitem>
238 </varlistentry>
239
cdd133b3
LP		 240 <varlistentry>
241 <term><varname>getty.ttys.serial</varname></term>
242 <term><varname>getty.ttys.container</varname></term>
243
244 <listitem><para>Used for spawning additional login prompts, see
ec07c3c8
AK		 245 <citerefentry><refentrytitle>systemd-getty-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details.</para>
246
247 <xi:include href="version-info.xml" xpointer="v254"/></listitem>
cdd133b3
LP		 248 </varlistentry>
249
4a91ace5
LB		 250 <varlistentry>
251 <term><varname>vmm.notify_socket</varname></term>
252 <listitem>
452cfd98
LP		 253 <para>Configures an
254 <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
255 compatible <constant>AF_VSOCK</constant> socket the service manager will report status information,
256 ready notification and exit status on. For details see
257 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
ec07c3c8
AK		 258
259 <xi:include href="version-info.xml" xpointer="v253"/>
4a91ace5
LB		 260 </listitem>
261 </varlistentry>
deb0d489
LP		 262
263 <varlistentry>
264 <term><varname>system.machine_id</varname></term>
265 <listitem>
266 <para>Takes a 128bit ID to initialize the machine ID from (if it is not set yet). Interpreted by
267 the service manager (PID 1). For details see
268 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
ec07c3c8
AK		 269
270 <xi:include href="version-info.xml" xpointer="v254"/>
deb0d489
LP		 271 </listitem>
272 </varlistentry>
0bbc5a56
LP		 273 </variablelist>
274 </refsect1>
275
276 <refsect1>
277 <title>See Also</title>
278 <para>
279 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
eb99c459
LP		 280 <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
281 <citerefentry><refentrytitle>smbios-type-11</refentrytitle><manvolnum>7</manvolnum></citerefentry>
0bbc5a56
LP		 282 </para>
283 </refsect1>
284
285</refentry>
Unnamed repository; edit this file 'description' to name the repository.