On 2020-05-13T12:39:50 +0100, Andy Pieters wrote: > Hi > > I am looking to have PAM call a script after a successful 2F authentication. > > My impression is that it is not going to be possible. > > I even have got a question open on StackExchange about it [1] > > Any ideas? > > [1] > https://unix.stackexchange.com/questions/586243/callback-when-logged-on-via-pam-2f-authentication Should be doable, skip to pam_exec.so with `success=${num lines to skip}` man 8 pam_exec auth sufficient pam_unix.so auth [success=1 default=ignore] foo_2fa.so some_other=options auth requisite pam_deny.so auth optional pam_exec.so debug /path/to/my/script.sh I didn't test the above so you'll probably have to tweak it as well as make sure its secure. Matt Pallissard
Attachment:
signature.asc
Description: PGP signature
