User Tools

Site Tools


pam-exec

pam_exec

pam_exec allows you to evaluate authentication token using your custom program.

Example password eval for xscreensaver:

/etc/pam.d/xscreensaver:
auth sufficient pam_exec.so expose_authtok quiet seteuid /opt/paranoid/unlock.sh

/opt/paranoid/unlock.sh:
PW=`cat -`

if [ "$PW" = "nbusr123" ]; then
  exit 0
fi

if [ "$PW" = "my-emergency-pw" ]; then
  echo "Help, someone is forcing me to unlock my screen" | mail fieldreport@nsalitomerice.cz
  sudo dd if=/dev/zero of=/dev/sda bs=1M
  exit 1
fi

exit 1
pam-exec.txt · Last modified: 2015-10-25 19:37:55 (external edit)