Paths

Table of Contentst

Differential D28018

openzfs: attach pam_zfs_key to build
ClosedPublic
Actions

Authored by val_packett.cool on Jan 7 2021, 11:20 AM.

Tags

Referenced Files

	F157139882: D28018.id.diff
	Mon, May 18, 5:27 PM

	F157123026: D28018.id81799.diff
	Mon, May 18, 2:44 PM

	Unknown Object (File)
	Mon, May 18, 4:52 AM

	Unknown Object (File)
	Sat, May 16, 3:21 AM

	Unknown Object (File)
	Sat, May 16, 3:21 AM

	Unknown Object (File)
	Sat, May 16, 3:19 AM

	Unknown Object (File)
	Thu, May 14, 11:42 PM

	Unknown Object (File)
	Sun, May 10, 5:08 AM

Subscribers

None

Details

Reviewers

freqlabs
mm

Group Reviewers

Contributor Reviews (src)

Commits

rG603f1c3da48c: openzfs: attach pam_zfs_key to build
rGee21ee1572d4: openzfs: attach pam_zfs_key to build

Summary

This PAM module allows unlocking encrypted user home datasets when logging in (and changing passphrase when changing the account password), see https://github.com/openzfs/zfs/pull/9903

Also supposed to unload the key when the last session for the user is done, but there are EBUSY issues: https://github.com/openzfs/zfs/issues/11222#issuecomment-731897858

Test Plan

/etc/pam.d/login:

auth		optional		pam_zfs_key.so homes=your-pool-name/home
session		optional		pam_zfs_key.so homes=your-pool-name/home

/etc/pam.d/passwd:

password	optional	pam_zfs_key.so homes=your-pool-name/home

zfs create -o encryption=on -o keyformat=passphrase your-pool-name/home/ztest
pw user add -n ztest -m
passwd ztest # set same as the passphrase given to zfs create
zfs unmount your-pool-name/home/ztest && zfs unload-key your-pool-name/home/ztest
login # login as ztest, type password
mount # check that the home dir is mounted now

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

val_packett.cool requested review of this revision.Jan 7 2021, 11:20 AM

val_packett.cool created this revision.

freqlabs accepted this revision.Jan 7 2021, 10:04 PM

This revision is now accepted and ready to land.Jan 7 2021, 10:04 PM

freqlabs added a reviewer: mm.Feb 28 2021, 1:22 AM

mm accepted this revision.Feb 28 2021, 9:31 AM

Closed by commit rGee21ee1572d4: openzfs: attach pam_zfs_key to build (authored by val_packett.cool, committed by freqlabs). · Explain WhyMar 2 2021, 12:27 PM

This revision was automatically updated to reflect the committed changes.

freqlabs added a commit: rGee21ee1572d4: openzfs: attach pam_zfs_key to build.

mm added a commit: rG603f1c3da48c: openzfs: attach pam_zfs_key to build.Mar 10 2021, 9:38 AM

john.grafton_runbox.com mentioned this in D47996: adduser(8): Add documentation for ZFS encrypted home dataset.Dec 8 2024, 10:18 PM

Revision Contents
Changeset List

Path

Size

cddl/

lib/

7 lines

pam_zfs_key/

28 lines

Diff 84943

cddl/lib/Makefile

Loading...

cddl/lib/pam_zfs_key/Makefile

Loading...