Re: autounmountd unload ZFS keys
- In reply to: Eric McCorkle : "autounmountd unload ZFS keys"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 30 Aug 2021 12:06:33 UTC
> On 30 Aug 2021, at 14:00, Eric McCorkle <eric@metricspace.net> wrote: > > Hello all, > > I finally got some free time to hack on FreeBSD again. I have a patch > that will enable autounmountd to unload ZFS encryption keys whenever it > unmounts a ZFS dataset: > > https://reviews.freebsd.org/D31725 Very useful ! As we're now bending over backwards to accomplish this with custom hacks. > This is the first of a pair which I'm planning to do, which will enable > you to have encrypted ZFS home directories managed by autofs, which will > only have the keys loaded while a given user is logged in. (This is a > common requirement in standards for high-security systems.) The next > one I'm planning to work on is a pam module that will load ZFS keys upon > a successful login. With kind regards, Dw