Different actions on different passwords?
Daniel J Walsh
dwalsh at redhat.com
Thu Jan 2 16:18:42 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/30/2013 08:09 PM, Robert Moskowitz wrote:
>
> On 12/30/2013 08:03 PM, Bill Oliver wrote:
>> On Tue, 31 Dec 2013, Patrick O'Callaghan wrote:
>>
>>>
>>> On Mon, Dec 30, 2013 at 11:25 PM, Bill Oliver <vendor at billoblog.com>
>>> wrote:
>>>
>>> In linux, is it possible to dictate two different actions upon login
>>> with different passwords?
>>>
>>>
>>>
>>> Short answer: no.
>>>
>>> Longer answer: in computing almost anything is possible if you really
>>> want to achieve it. Given that on Unix-style systems, including Linux,
>>> the login program can be changed, you can modify the source to do what
>>> you want. Of course you'll need to have superuser privileges to install
>>> it in place of the system standard. Note that doing this may well open
>>> a can of worms, e.g. you might have to modify the format of the
>>> password file (and hence the library routines that access it), possibly
>>> fiddle with SElinux settings, etc. etc.
>>>
>>> If the conditions are relaxed slightly you can get a partial solution
>>> using the standard login: write a Shell startup script (.profile or
>>> whatever) that allows the user to discriminate between the two modes,
>>> e.g. by using a timeout, detecting the initial state of the Shift (or
>>> Control or whatever) key etc., in a way that is hopefully non-obvious
>>> to an observer. Probably not reliable enough for serious use.
>>>
>>> Conclusion: better look for some other way to cover your tracks, and
>>> note that a forensic investigation can be carried out without having
>>> you log in at all.
>>>
>>> poc
>>>
>>>
>
You could setup a pam module that would work with the login shell to do
different things based on the password.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLFkWIACgkQrlYvE4MpobNKdgCgsHU+cA1GPVOWe7UVgVAeImE6
YZ4AnAixcwOhNrKpR6Fw8PfpBx4lfph8
=tjXd
-----END PGP SIGNATURE-----
More information about the users
mailing list