Page MenuHomeFreeBSD

openzfs: attach pam_zfs_key to build

Authored by on Jan 7 2021, 11:20 AM.



This PAM module allows unlocking encrypted user home datasets when logging in (and changing passphrase when changing the account password), see

Also supposed to unload the key when the last session for the user is done, but there are EBUSY issues:

Test Plan


auth		optional homes=your-pool-name/home
session		optional homes=your-pool-name/home


password	optional homes=your-pool-name/home
zfs create -o encryption=on -o keyformat=passphrase your-pool-name/home/ztest
pw user add -n ztest -m
passwd ztest # set same as the passphrase given to zfs create
zfs unmount your-pool-name/home/ztest && zfs unload-key your-pool-name/home/ztest
login # login as ztest, type password
mount # check that the home dir is mounted now

Diff Detail

rG FreeBSD src repository
Lint Not Applicable
Tests Not Applicable