Re: 15.1-BETA1, encrypted homedir is of user root

In reply to: Ronald Klop : "Re: 15.1-BETA1, encrypted homedir is of user root"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Marek Zarychta <zarychtam_at_plan-b.pwste.edu.pl>
Date: Sat, 02 May 2026 17:55:29 UTC
On 2.05.2026 at 18:48, Ronald Klop wrote:
> Op zaterdag 2 mei 2026 17:03:01 (+02:00) schreef Lars Tunkrans:
>
>> hi ,
>>
>>      I  experienced  the  same  issue     with   freebsd 15.0
>>
>> regards
>>
>>     //Lars
>>
>> On 5/2/26 16:46, Ronald Klop wrote:
>>> Hi,
>>>
>>> I just installed 15.1-BETA1 in a VirtualBox on Aach64.
>>> I choose an encrypted homedir when adding a user via the installer.
>>> The homedir of the user is owned by 'root:wheel' which is not the user:group of my user.
>>>
>>> Regards,
>>> Ronald.
>>>
>
> Ok, I now understand more of what went wrong. The encrypted homedir is not mounted.
>
> # zfs get mounted zroot/home/ronald
> NAME               PROPERTY  VALUE    SOURCE
> zroot/home/ronald  mounted   no       -
>
> I guess I need to put the passphrase somewhere.
>
> Oh, in 2022 people had the same problems.
> https://forums.freebsd.org/threads/zfs-for-encrypted-home-directory-decrypted-at-login.86819/
>
> Apparently I need to do something with pam_zfs_key in /etc/pam.d/*.
> Maybe a nice project for the Foundation Laptop Project [1].
>
> Regards,
> Ronald.
>
> [1]https://github.com/FreeBSDFoundation/proj-laptop/
>
>
Hi Ronald !

Please let me share my config until the problem gets resolved by the 
Foundation.

This config below works for me, but I have not consulted it with FreeBSD 
documentation, so it's sub-optimal,  please use it at your own risk.

/etc/pam.d/login-auth        sufficient    pam_self.so no_warn
/etc/pam.d/login:auth        optional    pam_zfs_key.so 
homes=zhgst/usr/Home mount_recursively
/etc/pam.d/login-auth        include        system
--
/etc/pam.d/login-# session
/etc/pam.d/login:session        optional    pam_zfs_key.so 
homes=zhgst/usr/Home mount_recursively
/etc/pam.d/login-session        include        system
--
/etc/pam.d/passwd-password    required    pam_unix.so no_warn 
try_first_pass nullok
/etc/pam.d/passwd:password    optional    pam_zfs_key.so 
  homes=zhgst/usr/Home
--
/usr/local/etc/pam.d/slim-auth        optional 
/usr/local/lib/pam_gnome_keyring.so
/usr/local/etc/pam.d/slim:auth        optional    pam_zfs_key.so 
homes=zhgst/usr/Home mount_recursively
/usr/local/etc/pam.d/slim-auth        include        system
--
/usr/local/etc/pam.d/slim-session           required pam_xdg.so  
runtime_dir_prefix=/var/run/user uiddir
/usr/local/etc/pam.d/slim:session        optional pam_zfs_key.so 
homes=zhgst/usr/Home mount_recursively
/usr/local/etc/pam.d/slim-session        optional 
/usr/local/lib/pam_gnome_keyring.so auto_start

I have also to add one note  regarding the desktop environment and the 
Foundation. There is still an unresolved bug regarding pam_gnome_keyring 
(PR 282005). This bug significantly degrades the overall experience of 
using FreeBSD as a desktop system.

BTW, the upcoming FreeBSD 15.1-RELEASE looks very promising, thanks for 
all the improvements to everyone involved !

Cheers



-- 
Marek Zarychta