Open nuvious opened 3 years ago
Looks like the pam.conf
module arguments are simply passed into the pam_sm_*
functions as argc
and argv
, starting with argv[0]
as the first string -- or at least that seems to be how the builtin pam_access
understands it.
Some admins may not trust their users to create duress scripts and want full control to only have the ones in /etc/duress.d run when duress password is used. Modify the module such that it reads in a configuration file /etc/duress.conf to see if the administrator wants to enable ~/.duress for users and create a group that controls which users have their ~/.duress files parsed during login.