On 09/02/2013 04:42 PM, Bill Oliver wrote:
My wife turned to me and said, "If I were the bad guy, I'd just have the computer delete everything if someone entered the boat name, or at least send me a text. The boat was an obvious guess, and I would never accidentally type it in."
This is pretty close to the concept of a duress code or panic password - a special signal that you only give when under duress to covertly indicate that fact:
http://en.wikipedia.org/wiki/Duress_code
There's a problem with this idea though: anyone who knows or suspects that you are using such a booby trap and has access to the system just has to guess the right term and they can hose your data.
My answer was "That makes sense, but I have no clue about how to do it."
PAM (pluggable authentication modules for Linux) is generally how you slip some new check into the existing login (or other) auth process:
For e.g. there are PAM modules for LDAP directories and fingerprint scanners.
Someone created a pam_confused module a few years back that will check passwords against a duress list and execute some pre-configured script when one is entered. It's not been updated lately but it shows roughly how you might do it:
https://confused.googlecode.com/svn/trunk/pam_confused/readme.txt
- What happens at a process level when one hits return after typing in
a password? Is everything handled by the kernel? Where is this described?
Check out the PAM faq and other documentation.
Regards, Bryn.