Jean-Marc Valin wrote:
I'm looking into PAM right now and there's something I'm not sure. It looks like you can ask PAM to authenticate a certain user X. However, what I'd like to do is to ask: is it X, Y or Z trying to login? In other words, the user should just say something (not typing its username or anything) and the system shoud identify him and log him in. Is that possible with PAM?As I understand it, no. But it would be possible in the split plugin method I proposed in my previous mail.The whole point of PAM is that you can change authentication without changing the client. But if you need to modify the client anyway, then what's the point of writing a PAM module *also*? So in this case it would be better to just modify gdm.
Correct, however each piece of the puzzle would do different things. PAM takes a username and authenticates it. The PAM plugin would do just that. It could be used on it's own, say at a getty login, type your username, speak your name. The GDM plugin provides for a GUI, perhaps a nifty graphical wave modulation, and in the future, can recognize the speaker's voice and send it to PAM, eliminating the need to type in a login. You could use this on its own as well. Speak your name, then type your password when prompted.
Each part can be used separately, and can be changed out without changing the other part.
-b --Number of restrictions placed on "Alice in Wonderland" (public domain) eBook: 5
Maximum penalty for reading "Alice in Wonderland" aloud (possible DMCA violation): 5 years jail
Average sentence for commiting Rape: 5 years