You are not logged in.

#1 2025-09-25 07:34:45

ender4
Member
Registered: 2011-01-11
Posts: 20

Alternative password or pin for PAM

I would like to set it up so that for polkit and sudo, instead of having to enter my full password every time, or allow access without a password, I can enter a shorter password or pin. This probably requires storing a hash of the password/pin in a separate file from /etc/passwd / /etc/shadow, since that only supports a single password for a user.

However, it doesn't look like there is a great option for this:

the PAM project includes pam_userdb, but That was removed from the archlinux pam package.

There is an AUR package for pam_pwdfile. But the Github project is archived, and it doesn't look like it has been updated in over a decade.

Is there a good way to accomplish something like this without depending on an abandoned project?

Also, I understand not wanting to have to depend on berkely db for the base pam project, but why wasn't pam_userdb just split out into a separate package?

Offline

#2 2025-10-05 19:28:05

ua4000
Member
Registered: 2015-10-14
Posts: 525

Re: Alternative password or pin for PAM

I think you are searching for "Multiple Passwords on One Account" ?
I don't know if this is doable or common...

If you find no solution for this, try a simpler workaround:
create a 2nd user, this one gets the simpler password. Configure only this user for sudo without password.
But don't use user2 on regular basis, only user1.

The question remains, why do you think you need such a special setup ?
What do you want to archive or think you need to protect ? What are your security concerns ?

Offline

Board footer

Powered by FluxBB