[How] Can I do multi-factor authentication with factor type selection on login screen

Hi, guys!

I have a task to develope multi-factor authorization for Linux systems with the ability to select an additional factor from the list.

PAM module is implemented. It can show chouce menu in terminal.

I have`t found a mechanism to display a dynamic dropdown menu or list for selecting an authorization factor. Found mentions of extensions for GDM but couldn’t figure out how to use them.

If there is such a mechanism, tell me where to look for documentation on it. And if not, then I can suggest an idea for the implementation of a scripting language to display dynamic authorization scripts. Something similar to using JavaScript in the browser. I can also try to implement this idea.

I think you’re indeed going to have to implement it yourself. The code is here. Good luck…

Wait, does gdm support js scripts for drawing login screeen?

No. The login screen UI is implemented in JS, but there is no system for loading arbitrary or additional scripts.

The login screen is just GNOME Shell in a specific mode, talking through GDM to the account database(s).

If it’s just gnome-shell in spesific mod, can I write js extention for it and change pam message field?
Sorry, but I realy don’t understand how does it works.

Maybe there is another way to dynamically change the login screen?

No, extensions don’t work on the login screen. There have been some discussions around lifting that restriction (with some way of allowing extensions to opt-in, to not break existing extensions that aren’t expecting to be loaded there), but so far it’s only discussions.

That said, login screen extensions are the most likely option to get approval upstream.

Ok. Thank you for your reply.

Sorry, Do you know some about this extentions and how can I use it?
pam-extentions

Not really I’m afraid.

That is, I don’t know if it’s a type of “I’m over 18 years old” type “authentication”, or an intermediate step to pick an authentication method (or whether it can at least be used for that purpose).

What I can tell you however is that the necessary UI support in gnome-shell hasn’t been upstreamed yet. (Not sure why, my guess is that it could use some proper design work)

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.