> On Wed, 2017-11-22 at 09:11 +0000, thilo cestonaro ts fujitsu com > wrote: > > Hi all! > > > > Is there a mechanism/api which I can use to have two authentication > > modes in > > parallel. > > > > E.g. the user can either login via password or via usb token. > > One way would be to look for the usb token for 10 sec. and then start > > over to > > password authentication. But IMHO would it be a better way if the > > wait for the > > usb token is running in the background and if the token is plugged > > in, the user > > is logged in automatically regardless if he is typing in a password > > or not. > > However the user is able to type in the password anyway to login via > > password, > > altought the usb token pam module is looking for the token. > > > > Hope I could explain what I want to do :). > > > > Is there already such API and what would be the key functions for > > this way? > > > > Thanks for any advice! > > You should be able to run two different PAM authentication stacks in > two threads in parallel. Of course once one of the stacks succeeds, > only one session call should be done and the other unfinished > authentication stack should be aborted. You have to provide the > synchronization mechanisms on your own though. The example of > application that does this is GDM. With PAM authentication stacks you mean, /etc/pam.d/*.conf, each conf is one stack right? That means, to get the parallelism, one would need to implement an authenication app, right? Pity! Thanks for the answer! Cheers, Thilo
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
