A module for using pins different from /etc/shadow.
Even though it uses the much stronger Argon2d password hashing function by default, short pins1 shouldn't be used without MFA2.
Pin Gen can be used to generate the database.
Please use the recommendations of pin-gen --help.
This module can be used to make PAM statefull. If you want to have an easy authentication path with e. g. pin, Howdy and a FIDO2 USB security key and a hard path with your password, then this will make sure that the easy path can only be triggered once. After a successful login the user-state will be resetted.
The Rust compiler has to be installed.
$ cargo build --releaseThe binary of pin-gen and the PAM modules are now in the target/release folder.
To install pin-gen in $PATH:
$ cargo install --path pin-genThe modules have to be copied to the PAM modules folder (e.g. /lib/security).
For testing the configuration, the pamtester utility is advisable.