Ryan Moeller wrote in <202103021227.122crudh011...@gitrepo.freebsd.org>: ... |URL: https://cgit.FreeBSD.org/src/commit/?id=ee21ee1572d40a3b74f18638dae\ |38c1a9ad1e9e3 | |commit ee21ee1572d40a3b74f18638dae38c1a9ad1e9e3 |Author: Greg V <greg_unrelenting.technology> |AuthorDate: 2021-03-02 11:01:14 +0000 |Commit: Ryan Moeller <freql...@freebsd.org> |CommitDate: 2021-03-02 12:26:59 +0000 | | openzfs: attach pam_zfs_key to build | | This PAM module allows unlocking encrypted user home datasets when | logging in (and changing passphrase when changing the account password)\ | , | see https://github.com/openzfs/zfs/pull/9903 | | Also supposed to unload the key when the last session for the user is | done, but there are EBUSY issues: | https://github.com/openzfs/zfs/issues/11222#issuecomment-731897858
Very interesting. This is "cool" per se. (Especially on encrypted block devices where a resume requires a password anyhow. I would not do it like this for myself, but don't mind this.) As i could not figure it out, how do you manage a session without having a supervisor like (please let me say the greedy monster) systemd? I wrote a pam_xdg module [1] to create the /run/user/PID of the XDG spec of FreeDesktop (as well as inject the other XDG path environment variables, optionally), but in the end i had to strip it down to the absolute core because session handling seemed impossible. (As in, daemonized scripts and important things like tmux, they keep on living even after the "session" has ended.) (In my superficial opinion PAM is a terrible and under-documented mess, and each and every module is left alone fiddling around with effective-[gu]id flags, for example, in order to work gracefully under all circumstances.) [1] https://git.sdaoden.eu/browse?p=s-toolbox.git;a=blob;f=pam_xdg.c;h=4c121e93ca76d2f53a9de67aa9bc100f639f6a05;hb=HEAD --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ dev-commits-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"
