From nobody Sat May  2 17:55:29 2026
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g7Fv54Zjgz6bB0V
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Sat, 02 May 2026 17:55:45 +0000 (UTC)
	(envelope-from zarychtam@plan-b.pwste.edu.pl)
Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (prime256v1) client-digest SHA256)
	(Client CN "plan-b.pwste.edu.pl", Issuer "GEANT TLS ECC 1" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4g7Fv50Dt5z3kw4
	for <freebsd-current@freebsd.org>; Sat, 02 May 2026 17:55:44 +0000 (UTC)
	(envelope-from zarychtam@plan-b.pwste.edu.pl)
Authentication-Results: mx1.freebsd.org;
	none
Received: from [192.168.7.70] (dom.potoki.eu [62.133.140.50])
	(authenticated bits=0)
	by plan-b.pwste.edu.pl (8.18.2/8.17.2) with ESMTPSA id 642HtTHu012987
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Sat, 2 May 2026 19:55:30 +0200 (CEST)
	(envelope-from zarychtam@plan-b.pwste.edu.pl)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl;
	s=plan-b-mailer; t=1777744530;
	bh=kwaGRgkDvtzRdrG3aVyFwdwtABPjCdsRNhAEzC+W0I4=;
	h=Date:Subject:To:References:From:In-Reply-To;
	b=wTgv75w5rxqY52OSI0+Ng/Rq/ojq2CX/2ylMTgamCq7m7k8wOjasK0AkcnTTN52V6
	 NjGQm/zwKoAj/gNBl3aO4V43AYOfcaF+RSXTH2QQ33D9sn336QhWI2Hlz+vmnfmV+D
	 UJsgwiTjdkW8OJp5rlOv7piEjNcQm2Niv7YqxVC4yIFuo70+Fs6fxBGReNwPad+OrG
	 s9khqv67X1cOXsD+w105JYRoEi8bkcJZffL/nQwimlwrih8IIHOmjmbr3/SJWuEP01
	 P3ZaHsbWDDZyghkbW2M1gkeJom2WM+/BMmF66oKJeSpOzkw+pJ0OeA23GIMRHFAZLc
	 U3uqbLcbFU+kg==
X-Authentication-Warning: plan-b.pwste.edu.pl: Host dom.potoki.eu [62.133.140.50] claimed to be [192.168.7.70]
Content-Type: multipart/alternative;
 boundary="------------cMJQ4yVY9Bz9qu4I0g6XO6bt"
Message-ID: <fdcc565e-0c29-434f-877a-28e8cfdc2b40@plan-b.pwste.edu.pl>
Date: Sat, 2 May 2026 19:55:29 +0200
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: 15.1-BETA1, encrypted homedir is of user root
To: Ronald Klop <ronald-lists@klop.ws>, freebsd-current@freebsd.org
References: <fb0d65e6-04af-4af1-8e38-e45b78293752@gmail.com>
 <1777739501060.3999527212.873143717@klop.ws>
Content-Language: en-US
From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Autocrypt: addr=zarychtam@plan-b.pwste.edu.pl; keydata=
 xsBNBFfi3cMBCADLecMTFXad4uDXqv3eRuB4qJJ8G9tzzFezeRnnwxOsPdytW5ES2z1ibSrR
 IsiImx6+PTqrAmXpTInxAi7yiZGdSiONRI4CCxKY9d1YFiNYT/2WyNXCekm9x29YeIU7x0JB
 Llbz0f/9HC+styBIu2H+PY/X98Clzm110CS+n/b9l1AtiGxTiVFj7/uavYAKxH6LNWnbkuc5
 v8EVNc7NkEcl5h7Z9X5NEtzDxTOiBIFQ/kOT7LAtkYUPo1lqLeOM2DtWSXTXQgXl0zJI4iP1
 OAu4qQYm2nXwq4b2AH9peknelvnt1mpfgDCGSKnhc26q6ibTfMwydp+tvUtQIQYpA6b9ABEB
 AAHNN01hcmVrIFphcnljaHRhIChQbGFuLWIpIDx6YXJ5Y2h0YW1AcGxhbi1iLnB3c3RlLmVk
 dS5wbD7CwHcEEwEIACEFAlfi4LkCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQHZW8
 vIFppoJXdgf8D9X3VRFSNaR9lthSx/+uqas17J3FJKBo1xMQsC2a+44vzNvYJSuPGLLJ+LW2
 HPVazjP/BWZJbxOYpliY4zxNRU0YCp0BLIVLibc//yax+mE42FND/+NiIZhqJscl6MLPrSwo
 sIwXec4XYkldkyqW/xBbBYXoIkBqdKB9j5j42Npy1IV/RizOSdmvTWY27ir8e/yGMR1RLr4F
 8P5K3OWTdlGy2H2F/3J8bIPBLG6FpaIyLQw4dHSx8V02PYqDxK1cNo2kAOnU8PnZL/AGuMOH
 iv3MN1VYL8ehcmpBBsrZGebQJxrjY2/5IaTSgp9xHYT70kshuU6Qb97vk1mOjNZxgc7ATQRX
 4t3DAQgA10h6RCXuBLMHxq5B8X/ZIlj9sgLoeyfRdDZEc9rT2KUeUJVHDsbvOFf4/7F1ovWY
 hJbA6GK/LUZeHHTjnbZcH1uDYQeHly4UOLxeEvhGoz4JhS2C7JzN/uRnwbdOAUbJr8rUj/IY
 a7gk906rktsc/Ldrxrxh7O6WO0JCh2XO/p4pDfEwwB37g4xHprSab28ECYJ9JMbtA8Sy4M55
 g3+GQ28FvSlGnx48OoGXU2BZdc1vZKSQmNOlikB+9/hDX8zdYWVfDaX1TLQ8Ib4+xTUmapza
 mV/bxIsaZRBw+jFjLQHhTbIMfPEU+4mxFDvTdbKPruKPqVf1ydgMnPZWngowdwARAQABwsBf
 BBgBCAAJBQJX4t3DAhsMAAoJEB2VvLyBaaaC6qkIAJs9sDPqrqW0bYoRfzY6XjDWQ59p9tJi
 v8aogxacQNCfAu+WkJ8PNVUtC1dlVcG5NnZ80gXzd1rc8ueIvXlvdanUt/jZd8jbb3gaDbK3
 wh1yMCGBl/1fOJTyEGYv1CRojv97KK89KP5+r8x1P1iHcSrunlDNqGxTMydNCwBH23QcOM+m
 u4spKnJ/s0VRBkw3xoKBZfZza6fTQ4gTpAipjyk7ldOGBV+PvkKATdhK2yLwuWXhKbg/GRlD
 1r5P0gxzSqfV4My+KJuc2EDcrqp1y0wOpE1m9iZqCcd0fup5f7HDsYlLWshr7NQl28f6+fQb
 sylq/j672BHXsdeqf/Ip9V4=
In-Reply-To: <1777739501060.3999527212.873143717@klop.ws>
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL]
X-Rspamd-Queue-Id: 4g7Fv50Dt5z3kw4
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated

This is a multi-part message in MIME format.
--------------cMJQ4yVY9Bz9qu4I0g6XO6bt
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 2.05.2026 at 18:48, Ronald Klop wrote:
> Op zaterdag 2 mei 2026 17:03:01 (+02:00) schreef Lars Tunkrans:
>
>> hi ,
>>
>>      I  experienced  the  same  issue     with   freebsd 15.0
>>
>> regards
>>
>>     //Lars
>>
>> On 5/2/26 16:46, Ronald Klop wrote:
>>> Hi,
>>>
>>> I just installed 15.1-BETA1 in a VirtualBox on Aach64.
>>> I choose an encrypted homedir when adding a user via the installer.
>>> The homedir of the user is owned by 'root:wheel' which is not the user:group of my user.
>>>
>>> Regards,
>>> Ronald.
>>>
>
> Ok, I now understand more of what went wrong. The encrypted homedir is not mounted.
>
> # zfs get mounted zroot/home/ronald
> NAME               PROPERTY  VALUE    SOURCE
> zroot/home/ronald  mounted   no       -
>
> I guess I need to put the passphrase somewhere.
>
> Oh, in 2022 people had the same problems.
> https://forums.freebsd.org/threads/zfs-for-encrypted-home-directory-decrypted-at-login.86819/
>
> Apparently I need to do something with pam_zfs_key in /etc/pam.d/*.
> Maybe a nice project for the Foundation Laptop Project [1].
>
> Regards,
> Ronald.
>
> [1]https://github.com/FreeBSDFoundation/proj-laptop/
>
>
Hi Ronald !

Please let me share my config until the problem gets resolved by the 
Foundation.

This config below works for me, but I have not consulted it with FreeBSD 
documentation, so it's sub-optimal,  please use it at your own risk.

/etc/pam.d/login-auth        sufficient    pam_self.so no_warn
/etc/pam.d/login:auth        optional    pam_zfs_key.so 
homes=zhgst/usr/Home mount_recursively
/etc/pam.d/login-auth        include        system
--
/etc/pam.d/login-# session
/etc/pam.d/login:session        optional    pam_zfs_key.so 
homes=zhgst/usr/Home mount_recursively
/etc/pam.d/login-session        include        system
--
/etc/pam.d/passwd-password    required    pam_unix.so no_warn 
try_first_pass nullok
/etc/pam.d/passwd:password    optional    pam_zfs_key.so 
  homes=zhgst/usr/Home
--
/usr/local/etc/pam.d/slim-auth        optional 
/usr/local/lib/pam_gnome_keyring.so
/usr/local/etc/pam.d/slim:auth        optional    pam_zfs_key.so 
homes=zhgst/usr/Home mount_recursively
/usr/local/etc/pam.d/slim-auth        include        system
--
/usr/local/etc/pam.d/slim-session           required pam_xdg.so  
runtime_dir_prefix=/var/run/user uiddir
/usr/local/etc/pam.d/slim:session        optional pam_zfs_key.so 
homes=zhgst/usr/Home mount_recursively
/usr/local/etc/pam.d/slim-session        optional 
/usr/local/lib/pam_gnome_keyring.so auto_start

I have also to add one note  regarding the desktop environment and the 
Foundation. There is still an unresolved bug regarding pam_gnome_keyring 
(PR 282005). This bug significantly degrades the overall experience of 
using FreeBSD as a desktop system.

BTW, the upcoming FreeBSD 15.1-RELEASE looks very promising, thanks for 
all the improvements to everyone involved !

Cheers



-- 
Marek Zarychta

--------------cMJQ4yVY9Bz9qu4I0g6XO6bt
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">On 2.05.2026 at 18:48, Ronald Klop
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:1777739501060.3999527212.873143717@klop.ws">
      <pre wrap="" class="moz-quote-pre">
Op zaterdag 2 mei 2026 17:03:01 (+02:00) schreef Lars Tunkrans:

</pre>
      <blockquote type="cite">
        <pre wrap="" class="moz-quote-pre">hi ,

    I  experienced  the  same  issue     with   freebsd 15.0

regards

   //Lars

On 5/2/26 16:46, Ronald Klop wrote:
</pre>
        <blockquote type="cite">
          <pre wrap="" class="moz-quote-pre">Hi,

I just installed 15.1-BETA1 in a VirtualBox on Aach64.
I choose an encrypted homedir when adding a user via the installer.
The homedir of the user is owned by 'root:wheel' which is not the user:group of my user.

Regards,
Ronald.

</pre>
        </blockquote>
      </blockquote>
      <pre wrap="" class="moz-quote-pre">

Ok, I now understand more of what went wrong. The encrypted homedir is not mounted.

# zfs get mounted zroot/home/ronald
NAME               PROPERTY  VALUE    SOURCE
zroot/home/ronald  mounted   no       -

I guess I need to put the passphrase somewhere.

Oh, in 2022 people had the same problems.
<a class="moz-txt-link-freetext" href="https://forums.freebsd.org/threads/zfs-for-encrypted-home-directory-decrypted-at-login.86819/">https://forums.freebsd.org/threads/zfs-for-encrypted-home-directory-decrypted-at-login.86819/</a>

Apparently I need to do something with pam_zfs_key in /etc/pam.d/*.
Maybe a nice project for the Foundation Laptop Project [1].

Regards,
Ronald.

[1] <a class="moz-txt-link-freetext" href="https://github.com/FreeBSDFoundation/proj-laptop/">https://github.com/FreeBSDFoundation/proj-laptop/</a>


</pre>
    </blockquote>
    <p>Hi Ronald !</p>
    <p>Please let me share my config until the problem gets resolved by
      the Foundation.</p>
    <p>This config below works for me, but I have not consulted it with
      FreeBSD documentation, so it's sub-optimal,  please use it at your
      own risk.</p>
    <p>/etc/pam.d/login-auth        sufficient    pam_self.so       
      no_warn<br>
      /etc/pam.d/login:auth        optional    pam_zfs_key.so       
      homes=zhgst/usr/Home mount_recursively<br>
      /etc/pam.d/login-auth        include        system<br>
      --<br>
      /etc/pam.d/login-# session<br>
      /etc/pam.d/login:session        optional    pam_zfs_key.so       
      homes=zhgst/usr/Home mount_recursively<br>
      /etc/pam.d/login-session        include        system<br>
      --<br>
      /etc/pam.d/passwd-password    required    pam_unix.so       
      no_warn try_first_pass nullok<br>
      /etc/pam.d/passwd:password    optional    pam_zfs_key.so       
       homes=zhgst/usr/Home<br>
      --<br>
      /usr/local/etc/pam.d/slim-auth        optional   
      /usr/local/lib/pam_gnome_keyring.so<br>
      /usr/local/etc/pam.d/slim:auth        optional    pam_zfs_key.so
      homes=zhgst/usr/Home mount_recursively<br>
      /usr/local/etc/pam.d/slim-auth        include        system<br>
      --<br>
      /usr/local/etc/pam.d/slim-session           required       
      pam_xdg.so  runtime_dir_prefix=/var/run/user uiddir<br>
      /usr/local/etc/pam.d/slim:session        optional   
      pam_zfs_key.so homes=zhgst/usr/Home mount_recursively<br>
      /usr/local/etc/pam.d/slim-session        optional   
      /usr/local/lib/pam_gnome_keyring.so auto_start <br>
      <br>
      I have also to add one note  regarding the desktop environment and
      the Foundation. There is still an unresolved bug regarding <span
        id="summary_container"><span id="short_desc_nonedit_display">pam_gnome_keyring
          (PR</span></span> 282005). <span class="HwtZe" lang="en"> <span
          class="jCAhz ChMk0b"><span class="ryNqvb">This bug
            significantly degrades the overall experience of using
            FreeBSD as a desktop system.</span></span></span></p>
    <p>BTW, the upcoming FreeBSD 15.1-RELEASE looks very promising,
      thanks for all the improvements to everyone involved !</p>
    <p>Cheers </p>
    <pre class="moz-signature" cols="72">


-- 
Marek Zarychta</pre>
  </body>
</html>

--------------cMJQ4yVY9Bz9qu4I0g6XO6bt--