Open gdevenyi opened 5 years ago
It looks like a simple matter of dropping a configuration-file beneath /usr/share/pam-configs/
.
I guess if I need to install the module, and a config-file, I'll need to rework the instructions. Such that there is:
make
make test
make install
Rather than just copying the .so
file into place.
Good suggestion though, thank-you. I'll take care of it over the next few days.
I didn't find time to look at this yet, but will do over the coming weekend I hope!
In no rush, I can handle the "old" way, just a suggestion to streamline usage :)
I spent an hour or two experimenting with this over the weekend.
Taking the example file from the repository you linked to, with the minimum required edits (mostly changing the name of the module, and the options) then running pam-auth-update
did stuff. But it didn't do what I wanted - instead of enabling the module only for sudo
it enabled/disabled it globally. And when it was enabled globally it actually stopped working. syslog
would log "password leaked" but logins would still be permitted.
So I looked at the modules code - and they use pam_sm_chauthtok
rather than the PAM function I use pam_sm_authenticate
. That's because their module only works on password-change events. It could be that I need to use a different (PAM) callback though.
So this bug now becomes:
Now I'm invested and see the difference I should be able to manage it more promptly..
This implementation has it setup: https://github.com/nonamed01/pam_havebeenpwned