Open Xiretza opened 3 years ago
Hi @1wilkens,
Not sure if this error is still relevant, but I wrote a very similar module definition . It was originally separate but now works with your version 0.7.0 (I discovered your crate yesterday) if you would like to have a look before cutting a new release.
Kind regards Felix Lechner
@Xiretza Hey I'm sorry I haven't gotten around to making a new release. I was planning to merge or address the pending PRs before doing that, but haven't had much time recently.
I'll try to review pending changes and push a new release next week!
@lechner I am also not sure if this is still relevant :sweat_smile: The module part hasn't gotten enough love, as I personally don't have a use-case for it yet. I'll gladly take a look at your approach :)
@1wilkens Hi, that's are a good match. I only work on modules.
As a first step, could you perhaps update pam-sys (and make any changes needed here)?
I found an incongruence (PR coming) that is possibly related to this pending change over there. You may also need this. Credit for both changes goes to SpaceManiac on ##rust
.
I would then submit my other changes to this repo over time, or I could create a new crate pam-modules
(your choice). Besides the module code, I would like to suggest a few modest changes to the "Rustified" function bindings.
Hi,
please excuse my ignorance, but do I get the idea of modules right as it would allow to use configs in /etc/pam.d/
?
One of my projects is a screenlocker for x11 seesions. At the moment it is basically a refactored and extended fork of SilverSoldier/rlock and I'd love to have PAM supporting biometric authentication.
So I would be quite excited for the service module support, as my Rust abilities are yet to novice to get it done by foot at this point, I guess.
@VuiMuich Programs seeking authentication—like your screen locker—can always be configured to use installed service modules. You would use the module
feature here to support a new authentication method or session facilities that can then be used by programs.
Hope that helps!
Ok, thanks.
So I would I just nee pam-sys? Or would I still use pam
but implement my on conversation handler? Sorry for asking stupid questions..
Edit: in order to keep this issue clean, I opened my issue No.1 . If you would be so kind to help me figuring this one out, would be greatly appreciated!
I am not sure what you would like to achieve, but any Rust program would benefit from the Rustified API in pam
(vs. pam-sys
). Your system's authentication methods, on the other hand, are configured in /etc/pam.d
(or in Debian, also in /usr/share/pam-configs
). They have little to do with this Git repo. You can read up on everything here.
Well my final goal is to use whatever the "default" authentication method of the system is, to unlock the screen. Be it a password (and by entering a password I actually can unlock the screen), be it a fingerprint reader (which e.g. can unlock i3lock but in my case does not work), or be it anything else like a chipcard or whatever.
And I believe slowly I start to get what the problem might be: the fingerprint-service needs to either return PAM_SUCCESS
or the decrypted password, I guess.
You won't be writing any modules.
Fingerprint setups vary, but PAM is often configured as (password OR fingerprint)
. The fingerprint may or may not yield the token needed to decrypt a drive, or similar.
Sorry for the late reply, I am finally getting around to review some more changes (yay for vacation time).
@1wilkens Hi, that's are a good match. I only work on modules.
Great, some more eyes (and hands) are always appreciated!
As a first step, could you perhaps update pam-sys (and make any changes needed here)?
For pam-sys
the 1.0.0
alphas are published and we are just sorting out some issues related to correctly handling non-Linux platforms.
I found an incongruence (PR coming) that is possibly related to this pending change over there. You may also need this. Credit for both changes goes to SpaceManiac on
##rust
.
Yeah that should be related to the changed in pam-sys
you mentioned. However, the changes for FreeBSD and other OS might also affect signedness so I am slightly hesitant to merge the change right away before pam-sys
settles. Please do open the PR, so we can merge when this is done.
I would then submit my other changes to this repo over time, or I could create a new crate
pam-modules
(your choice). Besides the module code, I would like to suggest a few modest changes to the "Rustified" function bindings.
I appreciate any ideas regarding the API design in general as well as module-specific changes. Regarding the client API there is already some discussion in #14 that are quite stale (I should get around to change that). Regarding the module API I looked at some other crates that also but didn't get to a satisfying solution, so any ideas (and PRs!) are welcome!
Tl;dr: I'd like for pam
to be the one-stop-shop for all things PAM so I'd happily include your changes!
Also @Xiretza sorry for another delay, but I'd like to wait for the pending changes in pam-sys
before cutting a new release, so it'll take some more time. In the meantime you could probably use a git dependency to use the current state?
No worries, I just opened the issue to get a discussion going, I'm not in a hurry.
@1wilkens any update on a new version? There hasn't been one in 4 years so the crate appears dead, but it looks like there is still work going on in this repo.
0.7.0 on crate do not have features "client", seems need a new version
@1wilkens I'm also wondering whether this crate is dead or if you're planning on maintaining it.
I've emailed him so nobody else in the thread has to.
Hey there, sorry for the complete radio silence. Daylife got the better of me! I finished my degree and changed jobs.
Anyway, I want to come back to this crate (and pam-sys
which I've just release a small patch release) but might add a co-maintainer to prevent such a situation in the future.
Regarding the new release I was always hesitant as pam-sys
was (and still is to some degree) in-flux. However, the situation is obviously not great right now with the last release from 4(!) years ago..
I'll cut a release right now (as current master
is building with the bumped pam-sys
) and try to catch up on the list of open PRs and discussions.
Ideally, I'd like to bring pam-sys
to a 1.0
release this year and figure our a sensible path forward with this crate.
Sorry again for the huge delay!
Hi! Please create a new release tag and push it to crates.io. The latest version at this time, 0.7.0, is ancient and bears little resemblance to git master, which has received a ton of improvements and new features over the last 2.5 years.