Re: autounmountd unload ZFS keys

In reply to: Eric McCorkle : "autounmountd unload ZFS keys"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dirk-Willem van Gulik <dirkx_at_webweaving.org>
Date: Mon, 30 Aug 2021 12:06:33 UTC

> On 30 Aug 2021, at 14:00, Eric McCorkle <eric@metricspace.net> wrote:
> 
> Hello all,
> 
> I finally got some free time to hack on FreeBSD again.  I have a patch
> that will enable autounmountd to unload ZFS encryption keys whenever it
> unmounts a ZFS dataset:
> 
> https://reviews.freebsd.org/D31725

Very useful ! As we're now bending over backwards to accomplish this with custom hacks.

> This is the first of a pair which I'm planning to do, which will enable
> you to have encrypted ZFS home directories managed by autofs, which will
> only have the keys loaded while a given user is logged in.  (This is a
> common requirement in standards for high-security systems.)  The next
> one I'm planning to work on is a pam module that will load ZFS keys upon
> a successful login.

With kind regards,

Dw