From nobody Sun Sep 05 17:24:16 2021
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 78DF017A45C7;
	Sun,  5 Sep 2021 17:24:08 +0000 (UTC)
	(envelope-from eric@metricspace.net)
Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107])
	by mx1.freebsd.org (Postfix) with ESMTP id 4H2dgD2rBhz4jP9;
	Sun,  5 Sep 2021 17:24:08 +0000 (UTC)
	(envelope-from eric@metricspace.net)
Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:becd])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: eric)
	by mail.metricspace.net (Postfix) with ESMTPSA id 4765C10B6;
	Sun,  5 Sep 2021 17:24:02 +0000 (UTC)
Subject: Re: PAM module for loading ZFS keys on login
To: Greg <greg@unrelenting.technology>, freebsd-current@freebsd.org,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>
References: <b4d216da-d4b8-12a6-3873-566e5044678c@metricspace.net>
 <67F44CFE-2496-4B13-8583-8A80D9ED3A4A@unrelenting.technology>
From: Eric McCorkle <eric@metricspace.net>
Message-ID: <b265fa82-53f2-59f4-65c2-b07a9412bf83@metricspace.net>
Date: Sun, 5 Sep 2021 13:24:16 -0400
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Thunderbird/78.12.0
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
In-Reply-To: <67F44CFE-2496-4B13-8583-8A80D9ED3A4A@unrelenting.technology>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4H2dgD2rBhz4jP9
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N

Interesting, I wasn't aware of the upstream module.  I'd say that's
preferable to the one I wrote.

I think you would need to wire that into the 'modules' directory under
libpam.  I can look into doing that.

On 9/5/21 11:27 AM, Greg wrote:
> 
> 
> On September 5, 2021 4:54:26 PM GMT+03:00, Eric McCorkle <eric@metricspace.net> wrote:
>> All,
>>
>> This patch creates a new PAM module that will load a ZFS key upon a
>> successful login: https://reviews.freebsd.org/D31844.  It will use the
>> user's auth token as the key argument to loading a ZFS encryption key on
>> a user-specific ZFS data set.
> 
> There's already an upstream module which I've attached to the build in https://reviews.freebsd.org/D28018
> 
> Any particular reason to write a custom one?
>