User Tools

Site Tools


pam-exec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

pam-exec [2015-10-25 19:37:55] (current)
Line 1: Line 1:
 +====== pam_exec ======
 +
 +pam_exec allows you to evaluate authentication token using your custom program.
 +
 +Example password eval for xscreensaver:​
 +
 +<​code>​
 +/​etc/​pam.d/​xscreensaver:​
 +auth sufficient pam_exec.so expose_authtok quiet seteuid /​opt/​paranoid/​unlock.sh
 +
 +/​opt/​paranoid/​unlock.sh:​
 +PW=`cat -`
 +
 +if [ "​$PW"​ = "​nbusr123"​ ]; then
 +  exit 0
 +fi
 +
 +if [ "​$PW"​ = "​my-emergency-pw"​ ]; then
 +  echo "Help, someone is forcing me to unlock my screen"​ | mail fieldreport@nsalitomerice.cz
 +  sudo dd if=/​dev/​zero of=/dev/sda bs=1M
 +  exit 1
 +fi
 +
 +exit 1
 +
 +</​code>​
  
pam-exec.txt ยท Last modified: 2015-10-25 19:37:55 (external edit)