search

ChocolateLoverRaj / pam-any

A PAM module that runs multiple other PAM modules in parallel, succeeding as long as one of them succeeds.
Apache License 2.0
8 stars 0 forks source link

Instructions please? #10

Open LoneWolf4713 opened 1 month ago

LoneWolf4713 commented 1 month ago

hey, Just want to setup this with Howdy. could you please provide just a little instructions as to what should I do? or where do the files go? I know somethings but as they say little knowledge is worse than no knowledge. So could you please provide some instructions to set this up!

ChocolateLoverRaj commented 1 month ago

I added some instructions. Let me know if you have any questions. What are you trying to authenticate with Howdy? sudo?

ChocolateLoverRaj commented 1 month ago

Instructions are at #11 btw

LoneWolf4713 commented 1 month ago

hey, thanks for the instructions! I tried and it's somewhat successful. I understood from your instructions that in the JSON next to libpam_any.so, we have to put PAM Modules, so I kept the first one login as is and changed the second one to howdy

I created a file for howdy with this in it ->

#%PAM-1.0
auth            sufficient      pam_python.so /lib/security/howdy/pam.py

and this is my sudo file in /etc/pam.d/ -> 

#%PAM-1.0
auth            sufficient      libpam_any.so { "mode": "One", "modules": { "login": "Password", "howdy": "Facial Recog" } }
auth            include         system-auth
account         include         system-auth
session         include         system-auth

however, when I tried to run this, it goes into an infinite loop, even if I type the correct password. here ->

[Facial Recog] Identified face as prtyksh
[sudo] password for prtyksh:

so I changed login module to system-auth because it was in my sudo file, well then, even if howdy identifies the face, it doesn't authenticate but if I type the correct password it works: (I did sudo su)

[Facial Recog] Identified face as prtyksh
[sudo] password for prtyksh:
[root@neo prtyksh]#

so what am I doing wrong? I guess pam-any is working well but somehow howdy doesn't authenticate even on finding the correct face. again, thank you for looking into this. I highly appreciate that.

ChocolateLoverRaj commented 1 month ago

I think there may be a bug with pam-any. Does pamtester howdy $USER authenticate authenticate with Howdy as expected? Does pamtester sudo $USER authenticate also result in the infinite loop?

LoneWolf4713 commented 1 month ago

yes, pamtester howdy $USER authenticate authenticates with howdy as expected and pamtester sudo $USER authenticate results in a infinite loop too.

ChocolateLoverRaj commented 1 month ago

What exactly happens when it goes into a infinite loop?