created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login.
sudo
# sudo: auth account password session
auth include sudo_local
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth sufficient pam_smartcard.so
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
authorization
# authorization: auth account
auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so
auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache
auth optional pam_ntlm.so use_first_pass
auth sufficient pam_smartcard.so use_first_pass
account required pam_opendirectory.so
Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ?
Is it possible to create a mechanism with custom logic and replace it withbuiltin:authenticate,privileged in system.login.console authorization right ?
Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.
Post
Replies
Boosts
Views
Activity
Hi Team,
I have developed a smartcard driver which is working fine when inserting USB mouse, So here is the process I followed for smartcard driver:
Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes
Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/
Once Inserting USB mouse I am getting smart card pairing notification on Mac
This scenario is working fine and able to achieve following changes on Mac device -
Getting Smart card notification for pairing on Mac device
After Pairing , Password field on Login Screen changes to PIN field
But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB
Is there any way to achieve This?
Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c
Hi Team, I have developed a smartcard driver which is working fine when inserting USB mouse,
So here is the process I followed for smartcard driver
Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes
Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/
Once Inserting USB mouse I am getting smart card pairing notification on Mac
This scenario is working fine and able to achieve following changes on Mac device -
Getting Smart card notification for pairing on Mac device
After Pairing , Password field on Login Screen changes to PIN field
But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB
Is there any way to achieve This?
Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c
Hi Team,
I am developing a sample authPluggin which should connect to a mobile app via bluetooth connection,
So here are the scenario
Authplugin with Bluetooth connection shoould work on lockscreen+login
I have created mechanism- prepared:privillaged, main, clean:Privilaged
Calling corebluetoothmanager initiation at the time of prepared:privilaged mechanism
I have to add my auth plugin’s mechanism before loginwindow:success mechanism
But I always gets unauthorized = 3, from power state of bluetooth
Note: With App, bluetooth connection is working fine, Its giving error with authPlugin
How to achieve my ultimate goal, is this the right way?