pam_panic/pam-panic README

* what???
* building pam-panic
* configuration
* known issues
* author, credits
==============================================================================

* what???

There are situations when your laptop, your desktop system or whatever is
locked or you are not logged on already, and you are forced to unlock the
display or log on. For this particular case, a method may be useful to not
use the login password, but a different password, to trigger a script to
be executed. The script then does whatever you require to make you feel at
ease with strange people now having access to what's left.

------------------------------------------------------------------------------

* building pam-panic

The header files of the pam subsystem must be installed. Usually, you would
want to install the pam-devel package.
Unpack the tar archive, then run "make".
"make install" installs the module in /lib/security, and the sample config
file as /etc/security/pam_panic.conf .

------------------------------------------------------------------------------

* configuration

/etc/security/pam_panic.conf has a very simple format:
password:/script/with/absolute/path

Lines starting with "#" are considered a comment. As a side-effect,
the password for pam_panic cannot start with a "#", either.

CAUTION: Be aware that the module grants access if the panic password is 
entered. Therefore, especially on systems with many users, the file modes of
/etc/security/pam_panic.conf are crucial for the password security of your
system.
The script must be configured with its absolute path, it must be executable
for root, and no arguments can be passed.

Now, the only thing remaining is to activate the module by entering its
presence into the corresponding pam.d config file; recommended is
/etc/pam.d/common-auth
Enter a line like the following before the other non-comment lines:

auth    sufficient      pam_panic.so

------------------------------------------------------------------------------

* known issues

- pam_panic.so requires entering the password twice if pam is configured to
  use pam_thinkfinger.so, too. This is annoying, yes.

------------------------------------------------------------------------------

* author, credits

pam-panic was written by Roman Drahtmueller <draht@suse.de> as an afternoon
Novell-hackweek project in June 2010. The idea was strongly inspired by
Mads Martin Jrgensen, who will have to appreciate this honorable mention.

The module builds on the ingenious PAM stack and its documentation, written
by Thorsten Kukuk.
