I created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login.
sudo
# sudo: auth account password session
auth include sudo_local
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth sufficient pam_smartcard.so
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
authorization
# authorization: auth account
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache
auth optional pam_ntlm.so use_first_pass
auth sufficient pam_smartcard.so use_first_pass
account required pam_opendirectory.so
Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ?
Is it possible to create a mechanism with custom logic and replace it with<string>builtin:authenticate,privileged</string> in system.login.console authorization right ?
Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.
Kerberos
RSS for tagUse the Heimdal implementation of Kerberos for secure authentication on Apple devices.
Posts under Kerberos tag
2 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
I am trying to learn how PAM works in macOS, in that process I came across one of the apple open source project in git hub. So I downloaded the project and opened it in xcode. When I tried to build the project initially I got base SDK error. I resolved that by changing the value to macOS(initially the value for base SDK is macosx.internal). After that most of the dependency error are resolved but now I am getting some of the header files are not found and also some of '.a' files are also missing. I have explored over the internet for those files but unable to get those.
I have attached the missing header files and '.a' files below. Can you please help me in build this project.
GitHub link: [https://github.com/apple-oss-distributions/pam_modules/tree/pam_modules-195)
Header files:
#include <Security/SecKeychainPriv.h>
#include <OpenDirectory/OpenDirectoryPriv.h>
#include <Heimdal/krb5.h>