Our great sponsors
-
pam-watchid
PAM plugin module that allows the Apple Watch to be used for authentication (by insidegui)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
pam_reattach
Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)
-
WSL-Hello-sudo
Let's sudo by face recognition of Windows Hello on Windows Subsystem for Linux (WSL). It runs on both WSL 1 and WSL 2. This is a PAM module for Linux on WSL.
Very handy. But you can use your Apple Watch for sudo which is even better: [0]
[0] https://github.com/insidegui/pam-watchid
Interesting, I hacked a small pam module together 4 years ago for the first generation of touch id enabled macbooks[0] and I wonder if pam_tid.so was always present and I just missed it. D'oh!
[0] https://github.com/spaghetti-/pam-touchid
If you run things under tmux, you'll also need this: https://github.com/fabianishere/pam_reattach
I just have a setuid root sudo binary (compiled from sudo-touchid: https://github.com/mattrajca/sudo-touchid) in my home folder ~/bin. This has worked a treat across OS updates, without hacking PAM stuff. It’s extremely convenient and has probably saved me cumulative hours in typing out my long password :)
Similarly for WSL2 using Windows Hello:
https://github.com/nullpo-head/WSL-Hello-sudo