Differential D28018
openzfs: attach pam_zfs_key to build Authored by val_packett.cool on Jan 7 2021, 11:20 AM. Tags Referenced Files
Subscribers None
Details
This PAM module allows unlocking encrypted user home datasets when logging in (and changing passphrase when changing the account password), see https://github.com/openzfs/zfs/pull/9903 Also supposed to unload the key when the last session for the user is done, but there are EBUSY issues: https://github.com/openzfs/zfs/issues/11222#issuecomment-731897858 /etc/pam.d/login: auth optional pam_zfs_key.so homes=your-pool-name/home session optional pam_zfs_key.so homes=your-pool-name/home /etc/pam.d/passwd: password optional pam_zfs_key.so homes=your-pool-name/home zfs create -o encryption=on -o keyformat=passphrase your-pool-name/home/ztest pw user add -n ztest -m passwd ztest # set same as the passphrase given to zfs create zfs unmount your-pool-name/home/ztest && zfs unload-key your-pool-name/home/ztest login # login as ztest, type password mount # check that the home dir is mounted now
Diff Detail
|