Ever felt the need to do something with PAM, like implementing 2FA in SSH? You are left with a few bad choices, among others you’ll need to write something (complex) in C. I rather not do that, so I’ve created pam-unixsock.

This is a tiny, the most trouble I had with concatenating strings with a space in between, because, you know, C. Anyway tiny.

github.com/AlDanial/cloc v 2.02  T=0.01 s (711.7 files/s, 48601.9 lines/s)
----------------------------------------------------------------
Language      files          blank        comment           code
----------------------------------------------------------------
C                 1             22              0            144

This PAM module writes a few lines (username, 2fa token, …) in a word\n fashion to the Unix socket (yes, the ordering matters, maybe that will change in the future). You can write a server that listens on that socket and does the complex thing you want. It should write back 1\n for success or 0\n for failure to authenticate.

This is opening up many features on the Linux platform at $work, like integrating the normal user utilities (chsh, passwd, etc.) to interface with the central user DB, instead of just idling.

Of course I’ll be writing the server in Go, but you can even use Rust. An example Go server is included in the source.