PAM module for loading ZFS keys on login
- Reply: Greg via freebsd-current : "Re: PAM module for loading ZFS keys on login"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 05 Sep 2021 13:54:26 UTC
All, This patch creates a new PAM module that will load a ZFS key upon a successful login: https://reviews.freebsd.org/D31844. It will use the user's auth token as the key argument to loading a ZFS encryption key on a user-specific ZFS data set. This is the other side of my changeset to have autounmountd unload ZFS keys when it unloads a filesystem. (Here: https://reviews.freebsd.org/D31725) With these two changes, it should be possible to have ZFS encrypted home directories with keys dynamically loaded when users log in, and unloaded when their home directories are unmounted. Please review and comment.