47 lines
1.6 KiB
Plaintext
47 lines
1.6 KiB
Plaintext
# Linux Hello PAM Configuration Template
|
|
#
|
|
# WARNING: Incorrect PAM configuration may lock you out of your system!
|
|
# Always keep a root terminal open when testing PAM changes.
|
|
#
|
|
# This file is a TEMPLATE - it is NOT automatically installed.
|
|
# You must manually configure PAM after careful consideration.
|
|
#
|
|
# BACKUP YOUR PAM CONFIGURATION BEFORE MAKING CHANGES:
|
|
# sudo cp -r /etc/pam.d /etc/pam.d.backup
|
|
#
|
|
# To enable Linux Hello for sudo, add this line to /etc/pam.d/sudo:
|
|
# auth sufficient pam_linux_hello.so
|
|
#
|
|
# Example /etc/pam.d/sudo with Linux Hello:
|
|
# -------------------------------------------
|
|
# #%PAM-1.0
|
|
#
|
|
# # Try face authentication first
|
|
# auth sufficient pam_linux_hello.so
|
|
#
|
|
# # Fall back to normal authentication
|
|
# @include common-auth
|
|
# @include common-account
|
|
# @include common-session-noninteractive
|
|
# -------------------------------------------
|
|
#
|
|
# For login/gdm/lightdm, similar configuration applies.
|
|
# Be extremely careful with display manager PAM files!
|
|
#
|
|
# Module options:
|
|
# debug - Enable debug logging to syslog
|
|
# timeout=N - Authentication timeout in seconds (default: 5)
|
|
# try_first_pass - Use password from previous module if available
|
|
#
|
|
# Example with options:
|
|
# auth sufficient pam_linux_hello.so debug timeout=10
|
|
#
|
|
# Testing:
|
|
# 1. Keep a root shell open: sudo -i
|
|
# 2. In another terminal, test: sudo -k && sudo echo "success"
|
|
# 3. If face auth fails, password prompt should appear
|
|
# 4. If completely locked out, use root shell to restore backup
|
|
#
|
|
# For more information, see:
|
|
# https://github.com/linux-hello/linux-hello
|