vaxerski
commented
8 months ago dafoq is a pam entry file
Also on other note would it be possible to have path acceptance of ~/?
for backgrounds? yeah planned alongside jpegs and webms
Closed niksingh710 closed 8 months ago
vaxerski
commented
8 months ago dafoq is a pam entry file
Also on other note would it be possible to have path acceptance of ~/?
for backgrounds? yeah planned alongside jpegs and webms
niksingh710
commented
8 months ago dafoq is a pam entry file
/etc/pam.d/ (Pluggable Authentication Modules)
I also don't know in depth but in short they perform authentication.
So swaylock has one and if I specify some other .so file it can authenticate.
#
# PAM configuration file for the swaylock screen locker. By default, it includes
# the 'login' configuration file (see /etc/pam.d/login)
#
auth sufficient pam_fprintd.so
auth include logini am not a good explainer but here as I added pam_fprintd.so then it allows swaylock to get authenticated using fingerprint.
vaxerski
commented
8 months ago I'll see, alr
bvr-yr
commented
8 months ago btw its better to set
auth include system-authi don't remember exactly what's the reason, probably related to autologin or absence of stuff like sddm or greetd. swaylock doesn't work without changing it, while waylock ships system-auth by default
EDIT:
i think #2 is related, because on my setup (no login managers, pure autologin from tty) locked me as well without
/etc/pam.d/hyprlock containing auth include system-auth
kragebein
commented
8 months ago My setup might have been fucked by IPA. But for some reason hyprlock wanted to authenticate as "su". And my "su" is 100% local and my normal setup is using system-auth.
so had to add auth include system-auth into /etc/pam.d/su
Now it works.
alba4k
commented
8 months ago @bvr-yr wait does that mean creating that file will work? or what exactly are you referring to
bvr-yr
commented
8 months ago yes just as root
echo "auth include system-auth" > /etc/pam.d/hyprlockyes just as root
echo "auth include system-auth" > /etc/pam.d/hyprlock
added this tried to also add fprintd entry with gross hack seems like hyrlock does not support blank password input so it failed to log me in using fingerprint. :(
bvr-yr
commented
8 months ago i was talking about login vs system-auth, as former doesn't work in some cases
i don't use fingerprints so can't tell
kragebein
commented
8 months ago Hyprlock doesnt use "hyprlock" as name, it uses "su" as name.
This should probably be changed to 'hyprlock'.
Successful:
2024-02-23T09:18:45.155080+01:00 some_computer pamtester: pam_sss(hyprlock:auth): authentication success; logname= uid=1649209753 euid=1649209753 tty= ruser= rhost= user=krageUnsuccessful:
2024-02-23T09:18:53.694909+01:00 some_computer pamtester: pam_unix(su:auth): authentication failure; logname= uid=1649209753 euid=1649209753 tty= ruser= rhost= user=kragePam will look for /etc/pam.d/$name -- which in this case is /etc/pam.d/su right now.
alba4k
commented
8 months ago @vaxerski is there any reason why that was initially set to su and not hyprlock?
vaxerski
commented
8 months ago yeah
alba4k
commented
8 months ago ...which is..?
vaxerski
commented
8 months ago a random snippet of pam online used su.
vaxerski
commented
8 months ago fwiw, changing it to hyprlock makes pam never auth
alba4k
commented
8 months ago You need to package a /etc/pam.d/hyprlock file with hyprlock, which is what this issue is asking for
this is what mine looks like (asks for password, if I press enter on an empty password, asks for fingerprint)
#
# PAM configuration file for the swaylock screen locker. By default, it includes
# the 'login' configuration file (see /etc/pam.d/login)
#
auth sufficient pam_unix.so try_first_pass likeauth nullok
auth sufficient pam_fprintd.so
auth include loginA decent default could just be (slightly based on swaylock's default
# PAM configuration file for hyprlock
# the 'login' configuration file (see /etc/pam.d/login)
auth include loginAlso I believe having hyprlock handle this by itself could help manage issues like #95 and #106 more easily
I can open a PR with such a change so you can review it, if you want
vaxerski
commented
8 months ago sure
alba4k
commented
8 months ago I think this can finally be closed
bvr-yr
commented
8 months ago i'v discovered what was wrong with auth include login and not auth include system-auth
it was pam_autologin module, as per ArchWiki
just in case anyone else using it u should:
auth include system-authauth sufficient pam_autologin.so instead of auth required pam_autologin.so in /etc/pam.d/loginalba4k
commented
8 months ago Sounds like a specific usecase tho, right?
bvr-yr
commented
8 months ago yeah, but i don't think autologin is that rare also, update AUR package to not overwrite existing /etc/pam.d/hyprlock
alba4k
commented
8 months ago Yeah, sorry, doing that right now.
alba4k
commented
8 months ago @niksingh710 can this be closed?
niksingh710
commented
8 months ago @niksingh710 can this be closed?
yes, as now pam file is created after hyprlock installation this issue is completed.
littleblack111
commented
1 month ago for howdy. it doesnt seem to work. tried auth sufficient pam_python.so /lib/security/howdy/pam.py(from wiki). or system-auth(which i added auth sufficient pam_python.so /lib/security/howdy/pam.py)
Hyprlock does not seem to create a pam entry file. In compare to swaylock as it does with the contents
was planning to test if it will work with fingerprint (using fprint-grosshack)
Also on other note would it be possible to have path acceptance of
~/?