Added support for user based placeholder values in pam_oath usersfile string (v2).
These changes introduce the ${USER}
and ${HOME}
placeholder values for the usersfile
string in the pam_oath
configuration file. The placeholder values allow the user credentials file to be stored in a file path that is relative to the user, and mimics similar behavior found in google-authenticator-libpam.
The motivation for these changes is to allow for non-privileged processes to use pam_oath
(e.g., for 2FA with xscreensaver). Non-privileged and non-suid programs are unable to use pam_oath. These changes are a proposed alternative to a suid helper
binary as well.
The original user credential file ownership is preserved when the new user credential file is created in update_usersfile()
.
Edited by Jason Graham