search

SUSE / pam-config

Tool to modify common PAM configuration files
GNU General Public License v2.0
8 stars 16 forks source link

Support for changing stack order or module priority #28

Open bjoern-tantau opened 4 months ago

bjoern-tantau commented 4 months ago

I want to add the fprintd module so that I can authenticate with a fingerprint. But I still want password to be the first module asked for and only if that is empty to ask for the fingerprint.

When I do pam-config --add --fprintd and pam-config --add --unix --nullok the resulting /etc/pam.d/common-auth looks like:

auth    sufficient      pam_fprintd.so
auth    required        pam_unix.so     nullok try_first_pass

But I would need it to look like

auth    sufficient      pam_unix.so     nullok try_first_pass
auth    sufficient      pam_fprintd.so

As far as I can see this can currently not be achieved with pam-config.

thkukuk commented 4 months ago

Correct, this is not possible with the current pam-config design. All you can do is to disable pam-config and maintain the configuration file manual.