Development over

2026-01-15 22:40:51 +01:00
parent 2f6b16d946
commit 1e7f296635
63 changed files with 12945 additions and 331 deletions
--- a/debian/pam-config.example
+++ b/debian/pam-config.example
@@ -0,0 +1,46 @@
+# Linux Hello PAM Configuration Template
+#
+# WARNING: Incorrect PAM configuration may lock you out of your system!
+# Always keep a root terminal open when testing PAM changes.
+#
+# This file is a TEMPLATE - it is NOT automatically installed.
+# You must manually configure PAM after careful consideration.
+#
+# BACKUP YOUR PAM CONFIGURATION BEFORE MAKING CHANGES:
+#   sudo cp -r /etc/pam.d /etc/pam.d.backup
+#
+# To enable Linux Hello for sudo, add this line to /etc/pam.d/sudo:
+#   auth    sufficient    pam_linux_hello.so
+#
+# Example /etc/pam.d/sudo with Linux Hello:
+# -------------------------------------------
+# #%PAM-1.0
+#
+# # Try face authentication first
+# auth    sufficient    pam_linux_hello.so
+#
+# # Fall back to normal authentication
+# @include common-auth
+# @include common-account
+# @include common-session-noninteractive
+# -------------------------------------------
+#
+# For login/gdm/lightdm, similar configuration applies.
+# Be extremely careful with display manager PAM files!
+#
+# Module options:
+#   debug           - Enable debug logging to syslog
+#   timeout=N       - Authentication timeout in seconds (default: 5)
+#   try_first_pass  - Use password from previous module if available
+#
+# Example with options:
+#   auth sufficient pam_linux_hello.so debug timeout=10
+#
+# Testing:
+# 1. Keep a root shell open: sudo -i
+# 2. In another terminal, test: sudo -k && sudo echo "success"
+# 3. If face auth fails, password prompt should appear
+# 4. If completely locked out, use root shell to restore backup
+#
+# For more information, see:
+# https://github.com/linux-hello/linux-hello