问题
I'm back again with the never ending saga of writing a PAM module for OSX. I have the module written. It works when using ssh or starting a new terminal window or su. What I really, really, really want is just ssh and the loginwindow.
My PAM module works in "session" mode. It either returns PAM_SUCCESS or PAM_IGNORE. Again, it works with other PAM aware systems like ssh and su. I really want to hook into the loginwindow. Any idea how to do this with OSX and openPAM?
I have seen a couple potential answers that suggest using the "pam.d/authenticate" file. This has not worked yet. Setting my session line in there seems to cause the system's connection to Active Directory to fail.
I have also tried creating a "pam.d/loginwindow" file just in case there was a provision for it -- no joy.
ideas?
回答1:
I know this is too late. I have been working out with PAM modules lately. For adding the module to the login window, you need to add your .so file to the authorisation configuration file in mac located in /etc/pam.d/authorisation. You should place your .so file under /usr/lib/pam/ directory.
Also before the PAM module if you want to fiddle around with the Mac Login Window view, you need to do it using the SFAuthorizationPluginView Class. There is a sample plugin code at Apple developer. https://developer.apple.com/library/mac/samplecode/NameAndPassword/Introduction/Intro.html
There is also some documentation by Apple over Login processes. You can take reference here!
Hope that helps. Cheers!!
来源:https://stackoverflow.com/questions/17842945/osx-loginwindow-pam-config-file