Joachim Breitner's Homepage
Imagine you have a device, such as a linux phone, that allows login via ssh, e.g. when on a wireless network. You don’t want to set a password with the (limited) phone UI. On the other hand, you don’t want to allow passwordless root logins into your phone. But you do want the ability to login via ssh, after all that’s why you have bought a linux smartphone. This led me to the idea of a pam module and corresponding UI piece that asks the currently logged in user: „Hey, someone tries to login. Is that ok or not?“ This might also be useful for guest accounts on regular laptops. For more on that, see my last blog post.
So I hacked it together (actually twice, due to some unfortunate use of
rm at some point), invested most of the time in learning more about the python garbage collector vs. callbacks, explicitly marked global variables and proper automake stuff. In the end I got, well, just what I wanted. A simple pam module, dubbed
pam-dbus that sends a request via the dbus system bus and an autostart program (written in python for now, but I might re-implement it in C) that uses notification-daemon to get confirmation from the user.
You are welcome to try the sources and binary debian packages or have a look at the darcs repository for pam-dbus (with debian/ directory, repository browser). This will end up in Debian later, I guess.
Update: Erik Johansson pointed out that if you want to use this with ssh, you need to set
UsePAM yes in