linux密码登陆时加入自己登陆验证模块(pam)
摘自:http://blog.chinaunix.net/uid-31542012-id-5790273.html
操作系统环境:RHEL7.1
1、编译动态库pam_mylogin.so
2、将该动态库拷贝至/lib64/security/
3、如需修改本机的登陆方式,请按如下红框方式修改/etc/pma.d/login 文件:
4、如需修改ssh的登陆方式,请按如下红框方式修改/etc/pma.d/sshd 文件:
4.修改/etc/pma.d/lightdm文件增加如下红色内容:
#%PAM-1.0
auth requisite pam_mylogin.so
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
5、编写文件:pam_mylogin.c
#include <stdio.h> #include <stdlib.h> #include <string.h> #include <time.h> #include <security/pam_appl.h> #include <security/pam_modules.h> #include <security/pam_ext.h> int myloginVerify(pam_handle_t *pamh) { int retval; char* pPw; char * p = "Password===========:"; retval = pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&pPw,"%s",p); printf(">>>>>>>>>pPw=%s\n",pPw); if (retval != PAM_SUCCESS) { printf("pam_prompt failed!\n"); return 0; } char pw[7]="asdfgh"; printf(">>>>>>>>>pw=%s\n",pw); int i = 0; for(i=0;i<6;i++) { printf("%d>>>pw[%d]=%c pPw[%d]=%c\n",i,i,pw[i],i,pPw[i]); if(pw[i]!=pPw[i]) { return 0; } return 1; } } int Verify(pam_handle_t *pamh) { if(!myloginVerify(pamh)) return PAM_CONV_ERR; return PAM_SUCCESS; } // Authentication API's PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) { printf("pam_sm_setcred>>>>>>>\n"); return PAM_SUCCESS; } PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) { printf("pam_sm_authenticate>>>>>>>>\n"); int retval; const char* pUsername; retval = pam_get_user(pamh, &pUsername, NULL); printf("begin call hotdoorpam %s\n", pUsername); if (retval != PAM_SUCCESS) { printf("pam_get_user failed\n"); return retval; } if(!strcasecmp("root",pUsername)) { printf("root user!\n"); } else { printf("normal user!\n"); } return Verify(pamh); } /* Account Management API's */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { printf("pam_sm_acct_mgmt>>>>>>>>\n"); return PAM_SUCCESS; } /* Session Management API's */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,int argc, const char **argv){ printf("pam_sm_open_session>>>>>>>>\n"); return PAM_SUCCESS; } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags,int argc, const char **argv){ printf("pam_sm_close_session>>>>>>>>\n"); return PAM_SUCCESS; } /* Password Management API's */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,int argc, const char **argv){ printf("pam_sm_chauthtok>>>>>>>>\n"); return PAM_SUCCESS; }
6、编写Makefile
SOURCE = pam_mylogin.c all: gcc $(SOURCE) -fPIC -shared -o pam_mylogin.so clean: rm -f pam_mylogin.so pam_mylogin.o copy: cp -f pam_mylogin.so /lib64/security/
7、验证:Ctrl + Alt + F2