2

How would I need to alter the kernel to do the following.

Login:User
Password:<enter passwd 1>
Password incorrect
Password:<enter passwd 2>
Password incorrect
Password:<enter passwd 3>
User is logged in

The examples shows the user using 3 passwords sequentially (the first to returning incorrect) to login.

Mark Hall
  • 53,938
  • 9
  • 94
  • 111
November
  • 224
  • 2
  • 11

1 Answers1

1

The simplest approach would be to write a PAM which asked for multiple passwords. No need to touch the kernel.

I suggest asking three questions per login would be cleaner than trying to maintain state of how many previously-correct passwords were entered. Otherwise you have potential interactions where logins happen concurrently or tools attempt to login using a saved (last) password... also lockout policy would need consideration in the face of right-but-wrong passwords. You would also have to ensure that the module gave no external sign of part-passwords being correct.

Three passwords is logically equivalent to one long password, with the additional element of a measure of obscurity. It might be simpler to strengthen password length/complexity requirements.

bobince
  • 528,062
  • 107
  • 651
  • 834
  • Are you suggesting I edit the config files in /etc/pam.d/ or creating an application using the pam framework? – November Jul 30 '12 at 16:01
  • I'm suggesting [writing a PAM module](http://stackoverflow.com/questions/4841203/how-to-create-a-pam-module). The OS login and any other apps that used authentication could then make user of it. I'm assuming that would work on Mac as Darwin is supposed to support it, though I've never tried it. – bobince Jul 30 '12 at 19:45