Date: Mon, 30 Aug 2021 14:06:33 +0200 From: Dirk-Willem van Gulik <dirkx@webweaving.org> To: Eric McCorkle <eric@metricspace.net> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: autounmountd unload ZFS keys Message-ID: <1AA77CFF-015E-446B-9D8F-72EC1292F73F@webweaving.org> In-Reply-To: <79ba78a2-7125-144a-cff9-41dde28d0599@metricspace.net> References: <79ba78a2-7125-144a-cff9-41dde28d0599@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 30 Aug 2021, at 14:00, Eric McCorkle <eric@metricspace.net> wrote: >=20 > Hello all, >=20 > I finally got some free time to hack on FreeBSD again. I have a patch > that will enable autounmountd to unload ZFS encryption keys whenever = it > unmounts a ZFS dataset: >=20 > https://reviews.freebsd.org/D31725 Very useful ! As we're now bending over backwards to accomplish this = with custom hacks. > This is the first of a pair which I'm planning to do, which will = enable > you to have encrypted ZFS home directories managed by autofs, which = will > only have the keys loaded while a given user is logged in. (This is a > common requirement in standards for high-security systems.) The next > one I'm planning to work on is a pam module that will load ZFS keys = upon > a successful login. With kind regards, Dw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1AA77CFF-015E-446B-9D8F-72EC1292F73F>