A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.
Issu #29 uncovered an issue with Arch where pam_test would return authentication failures while ssh localhost and sudo su - USER was triggering the appropriate scripts. Determine if/why the pam_test isn't function in Arch and/or determine if it's worth trying to maintain that tester vs advising users to use ssh localhost or sudo su - USER to test properly.
nuvious
commented
2 years ago
Issu #29 uncovered an issue with Arch where pam_test would return authentication failures while
ssh localhostandsudo su - USERwas triggering the appropriate scripts. Determine if/why the pam_test isn't function in Arch and/or determine if it's worth trying to maintain that tester vs advising users to usessh localhostorsudo su - USERto test properly.