I have a task to develope multi-factor authorization for Linux systems with the ability to select an additional factor from the list.
PAM module is implemented. It can show chouce menu in terminal.
I have`t found a mechanism to display a dynamic dropdown menu or list for selecting an authorization factor. Found mentions of extensions for GDM but couldn’t figure out how to use them.
If there is such a mechanism, tell me where to look for documentation on it. And if not, then I can suggest an idea for the implementation of a scripting language to display dynamic authorization scripts. Something similar to using JavaScript in the browser. I can also try to implement this idea.
If it’s just gnome-shell in spesific mod, can I write js extention for it and change pam message field?
Sorry, but I realy don’t understand how does it works.
No, extensions don’t work on the login screen. There have been some discussions around lifting that restriction (with some way of allowing extensions to opt-in, to not break existing extensions that aren’t expecting to be loaded there), but so far it’s only discussions.
That said, login screen extensions are the most likely option to get approval upstream.
That is, I don’t know if it’s a type of “I’m over 18 years old” type “authentication”, or an intermediate step to pick an authentication method (or whether it can at least be used for that purpose).
What I can tell you however is that the necessary UI support in gnome-shell hasn’t been upstreamed yet. (Not sure why, my guess is that it could use some proper design work)