[arch-general] PAM CAllback

Matt Pallissard matt at pallissard.net
Wed May 13 13:52:33 UTC 2020

On 2020-05-13T12:39:50 +0100, Andy Pieters wrote:
> Hi
> I am looking to have PAM call a script after a successful 2F authentication.
> My impression is that it is not going to be possible.
> I even have got a question open on StackExchange about it [1]
> Any ideas?
> [1]
> https://unix.stackexchange.com/questions/586243/callback-when-logged-on-via-pam-2f-authentication

Should be doable, skip to pam_exec.so with `success=${num lines to skip}`

man 8 pam_exec

auth sufficient                  pam_unix.so
auth [success=1 default=ignore]  foo_2fa.so some_other=options
auth requisite                   pam_deny.so
auth optional                    pam_exec.so debug /path/to/my/script.sh

I didn't test the above so you'll probably have to tweak it as well as make sure its secure.

Matt Pallissard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200513/b6e23d4d/attachment.sig>

More information about the arch-general mailing list