Diffusion FreeBSD src repository ae0d0f0e047e

PAM: support the authentication facility
ae0d0f0e047e
Actions

Description

PAM: support the authentication facility

Implement the pam_sm_authenticate method, using the noop argument of
lzc_load_key to do a passphrase check without actually loading the key.

This allows using ZFS as the source of truth for user passwords,
without storing any password hashes in /etc or using other PAM modules.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Felix Dörre <felix@dogcraft.de>
Signed-off-by: Val Packett <val@packett.cool>
Closes #14789

Details

Provenance

val_packett.cool	Authored on Apr 27 2023, 4:49 PM
GitHub <noreply@github.com>	Committed on Apr 27 2023, 4:49 PM

Parents

rGee728008a427: Fix BLAKE3 aarch64 assembly for FreeBSD and macOS

Branches

Unknown

Tags

Unknown

Event Timeline

GitHub <noreply@github.com> committed rGae0d0f0e047e: PAM: support the authentication facility (authored by val_packett.cool).Apr 27 2023, 4:49 PM

Changes (1)

Path

Size

contrib/

pam_zfs_key/

pam_zfs_key.c

rGae0d0f0e047e

View Options

contrib/pam_zfs_key/pam_zfs_key.c