Implements the ability to add recovery keys to existing user accounts
via homectl update --recovery-key=yes. Previously, recovery keys could
only be configured during initial user creation, requiring users to
recreate their entire home directory to add recovery keys later.
Fixes: #23602
systemd System and Service Manager
+CHANGES WITH 259 in spe:
+
+ * homectl's --recovery-key= option may now be used with the "update"
+ command to add recovery keys to existing user accounts. Previously,
+ recovery keys could only be configured during initial user creation.
+
CHANGES WITH 258:
Incompatible changes:
<programlisting># Allow a FIDO2 security token to unlock the account of user 'nihilbaxter'.
homectl update nihilbaxter --fido2-device=auto</programlisting>
</example>
+
+ <example>
+ <title>Add a recovery key to an existing user account:</title>
+
+ <programlisting># Generate and add a recovery key for user 'emily'.
+homectl update emily --recovery-key=yes</programlisting>
+ </example>
</refsect1>
<refsect1>
return r;
}
+ if (arg_recovery_key) {
+ r = identity_add_recovery_key(&json);
+ if (r < 0)
+ return r;
+ }
+
/* If the user supplied a full record, then add in lastChange, but do not override. Otherwise always
* override. */
- r = update_last_change(&json, arg_pkcs11_token_uri || arg_fido2_device, !arg_identity);
+ r = update_last_change(&json, arg_pkcs11_token_uri || arg_fido2_device || arg_recovery_key, !arg_identity);
if (r < 0)
return r;
projects / thirdparty / systemd.git / commitdiff
