Konstantin Belousov wrote in
:
|On Mon, Sep 06, 2021 at 04:01:37PM +0200, Steffen Nurpmeso wrote:
|> Eric McCorkle wrote in
|> :
|>|Interesting, I wasn't aware of the upstream module. I'd say that's
|>
|> It's existence was the reason i have readded (now optional, and
|> a tad different)
On Mon, Sep 06, 2021 at 04:01:37PM +0200, Steffen Nurpmeso wrote:
> Eric McCorkle wrote in
> :
> |Interesting, I wasn't aware of the upstream module. I'd say that's
>
> It's existence was the reason i have readded (now optional, and
> a tad different) session support for my pam_xdg PAM module,
Eric McCorkle wrote in
:
|Interesting, I wasn't aware of the upstream module. I'd say that's
It's existence was the reason i have readded (now optional, and
a tad different) session support for my pam_xdg PAM module,
because i was thinking that, if such a many-eyes-seen thing of
a software proj
Eric McCorkle wrote in
:
...
>> This patch creates a new PAM module that will load a ZFS key upon a
>> successful login: https://reviews.freebsd.org/D31844. It will use the
>> user's auth token as the key argument to loading a ZFS encryption key on
>> a user-specific ZFS data set.
...
I looked at the upstream one too.
Mine is simple because I modified libzfs to be able to take the key
directly in the key location override argument.
If you look at my patch, it adds a "direct" key location, which
basically works like "direct:keydata", where "keydata" is your key.
In the case of
Honestly, I think the best approach to this is the autounmountd unload
keys thing. There's just too many ways the sessions thing can go wrong.
The autounmountd solution gets the job done, and it tolerates possible
failures better than anything else I can think of, barring some kind of
major kerne
Interesting, I wasn't aware of the upstream module. I'd say that's
preferable to the one I wrote.
I think you would need to wire that into the 'modules' directory under
libpam. I can look into doing that.
On 9/5/21 11:27 AM, Greg wrote:
>
>
> On September 5, 2021 4:54:26 PM GMT+03:00, Eric Mc
On September 5, 2021 4:54:26 PM GMT+03:00, Eric McCorkle
wrote:
>All,
>
>This patch creates a new PAM module that will load a ZFS key upon a
>successful login: https://reviews.freebsd.org/D31844. It will use the
>user's auth token as the key argument to loading a ZFS encryption key on
>a user
All,
This patch creates a new PAM module that will load a ZFS key upon a
successful login: https://reviews.freebsd.org/D31844. It will use the
user's auth token as the key argument to loading a ZFS encryption key on
a user-specific ZFS data set.
This is the other side of my changeset to have aut
