not work on Linux Mint 20.2

nuvious / pam-duress

A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.

GNU Lesser General Public License v3.0

1.33k stars 39 forks source link

not work on Linux Mint 20.2 #26

Open bug0000 opened 2 years ago

bug0000 commented 2 years ago

When trying to enter a "password under duress", we return to the password entry window. If you enter a regular password, authentication is normal.

In the same time:

sudo pam_test $ USER
Credentials accepted.
Password:
Account is valid.
Authenticated

Configuration /etc/pam.d/common-auth

auth    [success=2 default=ignore]      pam_unix.so nullok
auth    [success=1 default=ignore]      pam_duress.so nullok
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional        pam_ecryptfs.so unwrap
auth    optional                        pam_cap.so

nuvious commented 1 year ago

Sorry for the belated reply, but is this a password entered into a desktop envrionment password entry? Often times these use different pam configurations. The reproduction you have provided doesn't demonstrate a defect in the module itself.

tsypanovs commented 3 months ago

I'm facing the same issue with one difference: the module doesn't work at first sign-in, however it does for the second one.

Steps to reproduce:

install and configure the module
check with sudo pam_test $USER
power the machine off
power the maching on
try to sign in with duress password
sign-in fails
sign in with the ordinal password
sign out without turning the machine off
sign in with duress password
sign-in works