The idea of home swapping considered failed due to one significant reason.
Below I try to explain it and save as parting words for FABO users.  The
home swapping idea appeared because you cannot substitute fake user when
you authenticate with PAM, so first thought that comes to mind is simply
swap homes.  Heh, not really.  The swapping may be successful only in one
case when no-one have access to shared resources in this case to the
homedir.  In other words, if you are logged in then there's at least one
process which works with older configurations because nobody tell to it
re-read new.  There may be less obvious situations but all of them caused
by incorrect access to shared resources.

Remaining text only for history.  It has some thoughts but doesn't work as
I mentioned eairlier.
##########################################################################

Sometimes you need to unlock your device but you don't want to expose
content on it regardless of the reason. In this case you can swap your
home directory by copying clean /etc/skel/ or specially prepared fake
homedir.

WARNING: Remember that additional passwords decrease security of your
account.

Firstly, you need create place where your homedir will hide.

# mkdir -p /home/.fabouser_hide
# chown -R fabouser /home/.fabouser_hide/

If you want special homedir you must create it before using FABO. It
may be convenient to create additional user, make necessary changes
and save its homedir in this state. Remember to change ownership for it.

# cp -r /home/fakeuser/ /home/saved_fakeuser/
# chown fabouser:fabouser -R /home/saved_fakeuser/

NOTE: authentication process should have enough privilleges to read
FABO file and execute commands in it. For high privilleged tasks
(e.g. nuke LUKS) you should write specific SUID/SGID programs.

Now you should write swap_home script. Don't forget make it executable.
Example swap_home.sh:
==========================================================================
#!/bin/sh

mv /home/fabouser/* /home/fabouser/.* /home/.fabouser_hide/

# if clean user account needed
cp -r /etc/skel/* /etc/skel/.* /home/fabouser/

# or earlier prepared home
# cp -r /home/saved_fakeuser/* /home/saved_fakeuser/.* /home/fabouser/
==========================================================================

After it you need to create a FABO file. Place it where your authentication
program can read it.

You can use mkpasswd(1) for hash generation.

Use fabo_syntax_checker util before real usage:

# fabo_syntax_checker < /etc/fabo_file

Example fabo_file:
==========================================================================
user fabouser
# password 1234
hash $y$j9T$mYXWJt5A.nMc5ik.K075y0$p3dWhANUqcbfJ2ouk12UMtzjLXJx5j0XumdIMf8vfz1
command /bin/swap_home.sh
access depends
==========================================================================

Set ownership to root and drop(!!!) write permissions for non-owners!

# chown root:root /etc/fabo_file
# chmod 644 /etc/fabo_file

Add FABO module to the PAM configuration file for a needed service. Only
'auth' type supported. If you need granted access by FABO declare
'sufficient' control regime, NOTE that after this FABO take absolute power
over other authentication mechanisms i.e. two-step auth can be bypassed.

Example:
auth    sufficient  pam_fabo.so /etc/fabo_file

After it you can swap your home and show it to your home gendarme;)

To restore homedir:

$ rm -rf /home/fabouser/* /home/fabouser/.*
$ mv /home/.fabouser_hide/* /home/.fabouser_hide/*. /home/fabouser/
