Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement pam_zfs_key #9886

Closed
felixdoerre opened this issue Jan 25, 2020 · 3 comments
Closed

implement pam_zfs_key #9886

felixdoerre opened this issue Jan 25, 2020 · 3 comments
Labels
Component: Encryption "native encryption" feature Type: Feature Feature request or new feature

Comments

@felixdoerre
Copy link
Contributor

felixdoerre commented Jan 25, 2020
edited
Loading

I might be missing something, but it seems there is no mechanism like https://docs.oracle.com/cd/E88353_01/html/E37853/pam-zfs-key-7.html implemented for zfsonlinux. If this is already implemented, I'd be nice if you can point me to any code/documentation.

Otherwise, I'd like to help and implement such a pam module, but I have some questions, that maybe someone could answer:

  • Where would I implement such a module? Somewhere in this repository?
  • Should I name it identically to the version from Oracle?
  • Are there any license/IP-rights issues, if I would make the zfsonlinux-pam-module behave identical to (the documentation of) the version from Oracle?
  • Should I name any "additional configuration feature" identical as in the pam_zfs_key from oracle?
  • For now, I would like to start with a bare minimum implementation, which would ignore all additional options to the pam module and just implement the "default"-behavior. Is that ok?
@behlendorf behlendorf added Component: Encryption "native encryption" feature Type: Feature Feature request or new feature labels Jan 27, 2020
@behlendorf
Copy link
Contributor

We currently don't provide a pam module as part of this repository. And to the best of my knowledge this hasn't yet been implemented by anyone for OpenZFS. That said, it sounds like a reasonable idea.

Where would I implement such a module? Somewhere in this repository?

Good question. My understanding is that it's not uncommon for packages to provide pam modules which can be optionally enabled. Though, I'm not familiar with exactly what's involved in writing one.

Should I name it identically to the version from Oracle?

The name should probably be consistent with whatever the existing naming conventions are for the Linux Pam package. Additionally, since the encryption implementation used by OpenZFS is entirely different than what's in Oracle ZFS I'd expect your Linux version would invariably be different. Providing the same functionality for the Linux PAM stack isn't an issue.

For now, I would like to start with a bare minimum implementation,

Starting with a bare bones implementation to determine how everything needs to fit together sounds like exactly the right place to start. I'm not sure how much the PAM interfaces differ across platforms, but ideally we like to be able to use the same module for FreeBSD.

Thanks for taking a look in to this missing bit of functionality.

felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jan 28, 2020
@felixdoerre
pam: implement a zfs_key pam module
db4ff02 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jan 28, 2020
@felixdoerre
pam: implement a zfs_key pam module
695790f 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
@felixdoerre felixdoerre mentioned this issue Jan 28, 2020
Merged
12 tasks
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jan 30, 2020
@felixdoerre
pam: implement a zfs_key pam module
969b790 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jan 30, 2020
@felixdoerre
pam: implement a zfs_key pam module
ea435a0 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jan 31, 2020
@felixdoerre
pam: implement a zfs_key pam module
6cec28a 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
@zdykstra
Copy link
Contributor

zdykstra commented Feb 1, 2020

https://github.com/BenKerry/zfscrypt is a relatively new project, but it does seem to cover some of the same bases as the feature request here.

felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 2, 2020
@felixdoerre
pam: implement a zfs_key pam module
f44bdfe 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 8, 2020
@felixdoerre
pam: implement a zfs_key pam module
7e4099a 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 8, 2020
@felixdoerre
pam: implement a zfs_key pam module
5c65ac4 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 8, 2020
@felixdoerre
pam: implement a zfs_key pam module
00ba991 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 8, 2020
@felixdoerre
pam: implement a zfs_key pam module
7c05a38 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
@baryluk
Copy link

baryluk commented Feb 10, 2020

The one by BenKerry is nice but could be a scalability issue (aka slow), when one has a lot of datasets, as it scans for what to mount.

The one by felix looks to be a bit simpler, and reasonable, and scale well too. It should also mount sub-datasets, which will essentially cover all bases, unless one have some complex setup with some sub-datasets residing on a different pool, but that probably can be solve by some scripts.

felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 15, 2020
@felixdoerre
pam: implement a zfs_key pam module
d3c5f7e 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 20, 2020
@felixdoerre
pam: implement a zfs_key pam module
1a5a61a 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 20, 2020
@felixdoerre
pam: implement a zfs_key pam module
b097c33 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 20, 2020
@felixdoerre
pam: implement a zfs_key pam module
765440f 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Feb 20, 2020
@felixdoerre
pam: implement a zfs_key pam module
85b5f20 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Mar 5, 2020
@felixdoerre
pam: implement a zfs_key pam module
bcadf82 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Mar 8, 2020
@felixdoerre
pam: implement a zfs_key pam module
56487ff 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Apr 26, 2020
@felixdoerre
pam: implement a zfs_key pam module
9629bd0 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Apr 26, 2020
@felixdoerre
pam: implement a zfs_key pam module
0b0e902 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 21, 2020
@felixdoerre
pam: implement a zfs_key pam module
ac2a6bc 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 25, 2020
@felixdoerre
pam: implement a zfs_key pam module
f2f71c2 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 25, 2020
@felixdoerre
pam: implement a zfs_key pam module
814ffdb 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 27, 2020
@felixdoerre
pam: implement a zfs_key pam module
efae46e 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 27, 2020
@felixdoerre
pam: implement a zfs_key pam module
5a21077 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 27, 2020
@felixdoerre
pam: implement a zfs_key pam module
a509d4a 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 27, 2020
@felixdoerre
pam: implement a zfs_key pam module
f0a1b3b 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 28, 2020
@felixdoerre
pam: implement a zfs_key pam module
7743cf4 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 28, 2020
@felixdoerre
pam: implement a zfs_key pam module
552b16a 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 28, 2020
@felixdoerre
pam: implement a zfs_key pam module
b0bb86d 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 29, 2020
@felixdoerre
pam: implement a zfs_key pam module
23abde6 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 29, 2020
@felixdoerre
pam: implement a zfs_key pam module
5149d29 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 29, 2020
@felixdoerre
pam: implement a zfs_key pam module
60f4c5e 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 29, 2020
@felixdoerre
pam: implement a zfs_key pam module
a69bb37 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 29, 2020
@felixdoerre
pam: implement a zfs_key pam module
64f3f71 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 29, 2020
@felixdoerre
pam: implement a zfs_key pam module
753a3eb 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 30, 2020
@felixdoerre
pam: implement a zfs_key pam module
6976a76 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 30, 2020
@felixdoerre
pam: implement a zfs_key pam module
b6f98c7 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 30, 2020
@felixdoerre
pam: implement a zfs_key pam module
bdd7508 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 30, 2020
@felixdoerre
pam: implement a zfs_key pam module
49dbd27 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue May 31, 2020
@felixdoerre
pam: implement a zfs_key pam module
23c6da0 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jun 1, 2020
@felixdoerre
pam: implement a zfs_key pam module
44c47d6 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jun 2, 2020
@felixdoerre
pam: implement a zfs_key pam module
78dc01b 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jun 7, 2020
@felixdoerre
pam: implement a zfs_key pam module
37f0579 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jun 7, 2020
@felixdoerre
pam: implement a zfs_key pam module
1def8e0 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jun 20, 2020
@felixdoerre
pam: implement a zfs_key pam module
fda154e 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jun 20, 2020
@felixdoerre
pam: implement a zfs_key pam module
a4b30e0 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
felixdoerre added a commit to felixdoerre/zfs that referenced this issue Jun 22, 2020
@felixdoerre
pam: implement a zfs_key pam module
e871f3d 
currently the pam module does:
 * load a zfs key and mounts the dataset when a session opens
 * unmounts the dataset and unloads the key when the session closes
 * when the user is logged on and changes the password, the modules
   changes the encryption key.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
jsai20 pushed a commit to jsai20/zfs that referenced this issue Mar 30, 2021
@felixdoerre @jsai20
pam: implement a zfs_key pam module
e4f16de 
Implements a pam module for automatically loading zfs encryption keys 
for home datasets. The pam module:

  - loads a zfs key and mounts the dataset when a session opens.
  - unmounts the dataset and unloads the key when the session closes.
  - when the user is logged on and changes the password, the module
    changes the encryption key.

Reviewed-by: Richard Laager <rlaager@wiktel.com>
Reviewed-by: @jengelh <jengelh@inai.de>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
Closes openzfs#9903
sempervictus pushed a commit to sempervictus/zfs that referenced this issue May 31, 2021
@felixdoerre
pam: implement a zfs_key pam module
caa4e93 
Implements a pam module for automatically loading zfs encryption keys 
for home datasets. The pam module:

  - loads a zfs key and mounts the dataset when a session opens.
  - unmounts the dataset and unloads the key when the session closes.
  - when the user is logged on and changes the password, the module
    changes the encryption key.

Reviewed-by: Richard Laager <rlaager@wiktel.com>
Reviewed-by: @jengelh <jengelh@inai.de>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Felix Dörre <felix@dogcraft.de>
Closes openzfs#9886
Closes openzfs#9903
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Encryption "native encryption" feature Type: Feature Feature request or new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@baryluk @behlendorf @felixdoerre @zdykstra