pam and parallelism
thilo.cestonaro at ts.fujitsu.com
thilo.cestonaro at ts.fujitsu.com
Thu Nov 23 09:20:33 UTC 2017
> On Wed, 2017-11-22 at 09:11 +0000, thilo cestonaro ts fujitsu com
> wrote:
> > Hi all!
> >
> > Is there a mechanism/api which I can use to have two authentication
> > modes in
> > parallel.
> >
> > E.g. the user can either login via password or via usb token.
> > One way would be to look for the usb token for 10 sec. and then start
> > over to
> > password authentication. But IMHO would it be a better way if the
> > wait for the
> > usb token is running in the background and if the token is plugged
> > in, the user
> > is logged in automatically regardless if he is typing in a password
> > or not.
> > However the user is able to type in the password anyway to login via
> > password,
> > altought the usb token pam module is looking for the token.
> >
> > Hope I could explain what I want to do :).
> >
> > Is there already such API and what would be the key functions for
> > this way?
> >
> > Thanks for any advice!
>
> You should be able to run two different PAM authentication stacks in
> two threads in parallel. Of course once one of the stacks succeeds,
> only one session call should be done and the other unfinished
> authentication stack should be aborted. You have to provide the
> synchronization mechanisms on your own though. The example of
> application that does this is GDM.
With PAM authentication stacks you mean, /etc/pam.d/*.conf, each conf is one
stack right? That means, to get the parallelism, one would need to implement
an authenication app, right?
Pity!
Thanks for the answer!
Cheers,
Thilo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4001 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20171123/ffad531c/attachment.bin>
More information about the Pam-list
mailing list