I looked at the upstream one too. Mine is simple because I modified libzfs to be able to take the key directly in the key location override argument.
If you look at my patch, it adds a "direct" key location, which basically works like "direct:keydata", where "keydata" is your key. In the case of the PAM module, this ends up being "direct:password". It looks like they essentially pull in all the libzfs logic for preparing keys. If you notice, they go directly to lzc_load_key (that is basically a thin wrapper around the ioctl). It's worth noting that apparently they change the key to the dataset when the user changes their password. Anyway, I've seen enough. I'm going to abandon the review for my PAM module and use the upstream one. I'm going to keep the review for the autounmountd patch live, though. On 9/6/21 2:53 PM, Steffen Nurpmeso wrote: > Eric McCorkle wrote in > <e4a853db-f73b-a53d-c18a-22acb22b3...@metricspace.net>: > ... > >> This patch creates a new PAM module that will load a ZFS key upon a > >> successful login: https://reviews.freebsd.org/D31844. It will use the > >> user's auth token as the key argument to loading a ZFS encryption key on > >> a user-specific ZFS data set. > ... > > Without knowing about libzfs i personally was stunned about the > simplicity of your patch, having read the upstream one. > > --steffen > | > |Der Kragenbaer, The moon bear, > |der holt sich munter he cheerfully and one by one > |einen nach dem anderen runter wa.ks himself off > |(By Robert Gernhardt) >