[arch-general] PAM CAllback
Matt Pallissard
matt at pallissard.net
Wed May 13 13:52:33 UTC 2020
On 2020-05-13T12:39:50 +0100, Andy Pieters wrote:
> Hi
>
> I am looking to have PAM call a script after a successful 2F authentication.
>
> My impression is that it is not going to be possible.
>
> I even have got a question open on StackExchange about it [1]
>
> Any ideas?
>
> [1]
> https://unix.stackexchange.com/questions/586243/callback-when-logged-on-via-pam-2f-authentication
Should be doable, skip to pam_exec.so with `success=${num lines to skip}`
man 8 pam_exec
auth sufficient pam_unix.so
auth [success=1 default=ignore] foo_2fa.so some_other=options
auth requisite pam_deny.so
auth optional pam_exec.so debug /path/to/my/script.sh
I didn't test the above so you'll probably have to tweak it as well as make sure its secure.
Matt Pallissard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200513/b6e23d4d/attachment.sig>
More information about the arch-general
mailing list