Re: pam and parallelism

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Wed, 2017-11-22 at 09:11 +0000, thilo cestonaro ts fujitsu com
> wrote:
> > Hi all!
> > 
> > Is there a mechanism/api which I can use to have two authentication
> > modes in
> > parallel. 
> > 
> > E.g. the user can either login via password or via usb token.
> > One way would be to look for the usb token for 10 sec. and then start
> > over to
> > password authentication. But IMHO would it be a better way if the
> > wait for the
> > usb token is running in the background and if the token is plugged
> > in, the user
> > is logged in automatically regardless if he is typing in a password
> > or not.
> > However the user is able to type in the password anyway to login via
> > password,
> > altought the usb token pam module is looking for the token.
> > 
> > Hope I could explain what I want to do :).
> > 
> > Is there already such API and what would be the key functions for
> > this way?
> > 
> > Thanks for any advice!
> 
> You should be able to run two different PAM authentication stacks in
> two threads in parallel. Of course once one of the stacks succeeds,
> only one session call should be done and the other unfinished
> authentication stack should be aborted. You have to provide the
> synchronization mechanisms on your own though. The example of
> application that does this is GDM.

With PAM authentication stacks you mean, /etc/pam.d/*.conf, each conf is one
stack right? That means, to get the parallelism, one would need to implement
an authenication app, right?

Pity!

Thanks for the answer!

Cheers,
Thilo

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux