-
-
Notifications
You must be signed in to change notification settings - Fork 308
Only using howdy for specific authentication types
By default Howdy is called anywhere the system tries to authenticate. This isn't behavior everyone wants, and it's possible to only use Howdy in certain places. This requires a little more configuration.
First, disable Howdy in the PAM:
sudo pam-auth-update
Press space to unselect Howdy, then use tab to move to the "Ok" button and press enter.
Now we need to manually add Howdy to the type of authentication where we want to use it. There are a lot of different types and they are all stored as files in /etc/pam.d/
. Run an ls there to list them:
sudo ls /etc/pam.d/
For this example, we're only going to enable Howdy in the sudo
command. For this, edit the /etc/pam.d/sudo
file:
sudo nano /etc/pam.d/sudo
Here we add the following line just before the first @include
statement.
auth sufficient /lib/pam_howdy.so
This tells the PAM that howdy is an authentication module, and that Howdy recognizing you is enough to login. You can swap sufficient
with other PAM keywords if you want to setup Howdy as 2FA.
When you've inserted the new line you can save your file by pressing Ctrl+X and answering Y to the overwrite question. Howdy should now work with sudo and nowhere else.