[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: autounmountd unload ZFS keys
From: Dirk-Willem van Gulik <dirkx () webweaving ! org>
Date: 2021-08-30 12:06:33
Message-ID: 1AA77CFF-015E-446B-9D8F-72EC1292F73F () webweaving ! org
[Download RAW message or body]
> On 30 Aug 2021, at 14:00, Eric McCorkle <eric@metricspace.net> wrote:
>
> Hello all,
>
> I finally got some free time to hack on FreeBSD again. I have a patch
> that will enable autounmountd to unload ZFS encryption keys whenever it
> unmounts a ZFS dataset:
>
> https://reviews.freebsd.org/D31725
Very useful ! As we're now bending over backwards to accomplish this with custom hacks.
> This is the first of a pair which I'm planning to do, which will enable
> you to have encrypted ZFS home directories managed by autofs, which will
> only have the keys loaded while a given user is logged in. (This is a
> common requirement in standards for high-security systems.) The next
> one I'm planning to work on is a pam module that will load ZFS keys upon
> a successful login.
With kind regards,
Dw
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic