編輯 /etc/pam.d/common-auth
auth [success=2 default=ignore] pam_exec.so quiet debug expose_authtok log=/tmp/pam_exec.log /etc/libnss_shim/auth.sh
auth [success=1 default=ignore] pam_unix.so nullok try_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
編輯 /etc/libnss_shim/auth.sh
#!/bin/bash
set >/tmp/a
read pwd
echo pwd=$pwd PAM_USER=$PAM_USER >>/tmp/a
getent passwd -s files ${PAM_USER}>/dev/null && { echo local:${PAM_USER};exit 1; }
echo $PAM_USER login ok
exit 0;
沒有留言:
張貼留言