WSL-Hello-sudo
pam_reattach
WSL-Hello-sudo | pam_reattach | |
---|---|---|
7 | 1 | |
1,155 | 545 | |
- | - | |
0.0 | 0.0 | |
12 months ago | about 1 year ago | |
Rust | C | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
WSL-Hello-sudo
-
Quick Tip: Enable Touch ID for Sudo
Well, `sudo` is a *nix binary, so Linux and macOS are your most popular options here.
Fingerprint authentication for sudo was enabled by default on my Manjaro install after I enrolled a fingerprint so I guess popular Linux distributions configure it automatically. If yours doesn't, try the configuration methods on this page: https://wiki.archlinux.org/title/fprint or here: https://askubuntu.com/questions/1015416/use-fingerprint-auth... or consult your operating system's documentation.
The big difference is that you need "pam_fprintd.so" instead of "pam_tid". On Ubuntu (or derived, probably), running "sudo pam-auth-update" will allow you to configure fingerprint authentication without needing to manually edit system files.
Do note that if you use a more exotic window manager, any fancy visual sudo prompts may not know how to deal with such a system.
If you're on Windows and want WSL with Windows Hello, there's this tool: https://github.com/nullpo-head/WSL-Hello-sudo which is a PAM library that will call into Windows Hello from WSL. Windows Hello should in turn support your fingerprint reader or other biometric authentication system configured for your PC.
-
WSL Hello Sudo: Face Recognition of Windows Hello on Windows Subsystem for Linux
What kind of prompt is this? It looks like Windows Terminal running Bash, but are the icons PNGs (windows + home), or a specific type-face rendering emoji?
https://github.com/nullpo-head/WSL-Hello-sudo/blob/master/de...
-
Use Touch ID for Sudo on Mac
Similarly for WSL2 using Windows Hello:
https://github.com/nullpo-head/WSL-Hello-sudo
- WSL-Hello-sudo - sudo by face recognition of Windows Hello on WSL
pam_reattach
-
Use Touch ID for Sudo on Mac
If you run things under tmux, you'll also need this: https://github.com/fabianishere/pam_reattach
What are some alternatives?
pam-watchid - PAM plugin module that allows the Apple Watch to be used for authentication
Fedora-KDE-Yubikey-U2F-2FA-Logins-Guide - Guide to setup a Yubikey for Fedora KDE as 2FA using U2F for the SDDM login screen, lock screen, sudo and su.
sekey - Use Touch ID / Secure Enclave for SSH Authentication!
sudo-touchid - A fork of `sudo` with Touch ID support.
rdpwrap - RDP Wrapper Library
please - Really tiny sudo replacement
wsl-distrod - Distrod is a meta-distro for WSL 2 which installs Ubuntu, Arch, Debian, Gentoo, etc. with systemd in a minute for you. Distrod also has built-in auto-start feature on Windows startup and port forwarding ability.
pam-onelogin - pam-onelogin is a pretty complete pam/nss stack for using OneLogin as authentication source (with MFA) and user/group lookups. Primarily used for SSH.
pam-duress - A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.