[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-security
Subject:    PAM module for loading ZFS keys on login
From:       Eric McCorkle <eric () metricspace ! net>
Date:       2021-09-05 13:54:26
Message-ID: b4d216da-d4b8-12a6-3873-566e5044678c () metricspace ! net
[Download RAW message or body]

All,

This patch creates a new PAM module that will load a ZFS key upon a
successful login: https://reviews.freebsd.org/D31844.  It will use the
user's auth token as the key argument to loading a ZFS encryption key on
a user-specific ZFS data set.

This is the other side of my changeset to have autounmountd unload ZFS
keys when it unloads a filesystem.  (Here:
https://reviews.freebsd.org/D31725)  With these two changes, it should
be possible to have ZFS encrypted home directories with keys dynamically
loaded when users log in, and unloaded when their home directories are
unmounted.

Please review and comment.
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]