2

I have a custom PAM setting for sudo, to use Howdy, an application using face recognition for authentication. My current /etc/pam.d/sudo looks like this:

#%PAM-1.0

auth      sufficient    pam_unix.so   try_first_pass nullok
auth      sufficient    pam_python.so /lib/security/howdy/pam.py

auth        include     system-auth
account     include     system-auth
session     include     system-auth

(Most lines were inherited from original file, IIRC. I'm using archlinux.)

It works in general -- it asks for sudo password first, and if fails, tries face recognition.

But I notice that when I break from the command with ctrl+c while sudo is asking for password, the face recognition (Howdy) is triggered anyway. This face recognition will not lead to "success" of authentication, and the command execution is indeed cancelled. However, it will waste a few seconds before the face recognition finishes (either succeeds or fails).

In fact, what I want is: do not trigger face recognition in the first place when hitting ctrl+c, simply because it makes no sense.

Did I misconfigure PAM? What would be the correct way? Or, if this is not a configuration file issue, what could be done to achieve what I want to do?

(Originally posted on Super User. Then realized that's not the optimal site for this question.)

Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.