[Bug 263234] Add support for OpenZFS encryption to adduser

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263234

--- Comment #4 from John Grafton <john.grafton@runbox.com> ---
(In reply to Xin LI from comment #3)
The PR has been updated to your specification from comment #3.

For the encryption option, my thought is to default to using a passphrase
that's asked for at the end of the question list in interactive mode.  In batch
mode, the user would need to provide a file with the key?  Haven't decided on
the best way to handle this scenario.  Opinions welcome!

These sound like sane defaults to me keeping in mind that the key can always be
changed later on with 'zfs change-key'.


Interactive session w/ encryption enabled example:

root@freebsd:/usr/src/usr.sbin/adduser # sh adduser.sh
Username: bob
Full name: bob mcbob
Uid [1009]:
Login group [bob]:
Login group is bob. Invite bob into other groups? []:
Login class [default]:
Shell (sh csh tcsh git-shell nologin) [sh]:
Home directory [/home/bob]:
Home directory permissions (Leave empty for default):
Encrypt ZFS home dataset? [no]: yes
Use password-based authentication? [no]:
Lock out the account after creation? [no]:
Username    : bob
Password    : <disabled>
Full Name   : bob mcbob
Uid         : 1009
ZFS dataset : zroot/home/bob
Encrypted   : yes
Class       :
Groups      : bob
Home        : /home/bob
Home Mode   :
Shell       : /bin/sh
Locked      : no
OK? (yes/no) [yes]: yes
Encryption passphrase for dataset (must be at least 8 characters)
Enter new passphrase:
Re-enter new passphrase:
adduser.sh: INFO: Successfully created ZFS dataset (zroot/home/bob).
adduser.sh: INFO: Successfully added (bob) to the user database.
Add another user? (yes/no) [no]:
Goodbye!

-- 
You are receiving this mail because:
You are the assignee for the bug.