Haskell bindings for PAM. Note that this does not currently include the required bindings to write PAM modules
To authenticate a user test using the system-local-login PAM configuration:
authenticate "system-local-login" "test" "PASSWORD"To check if a user test exists using the system-auth PAM configuration:
checkAccount "system-auth" "test"If the operation was successful then PamSuccess will be returned, otherwise PamCode a, where a represents the reason for the failure.
pamCodeToMessage, pamCodeToCDefine and pamCodeDetails can be used to get further details about the response, and isSuccess can be used to check if the operation was successful. See the Haddock documentation for more details on these functions.
The documentation is available on Hackage
authenticatefunction now returnsMonadIO m => m PamRetCoderather thanIO (Either Int ())authSuccess :: PamRetCode -> Booladded which checks if the givenPamRetCodeisPamSuccessor notwhenSuccess :: MonadIO m => PamRetCode -> m PamRetCode -> m PamRetCodeadded, which returns the second argument if the given response code isPamSuccess, otherwise it returns the given response code (useful for continuing only if the PAM action succeeded).pamCodeToMessage,pamCodeToCDefineandpamCodeDetailsnow take aPamRetCoderather than anIntcheckAccountfunction has now been implemented
- Document and refactoring the code (started)
- Add ability to give multiple passwords (for 2FA systems) (see #2)
- Add functions that do the prompting rather than being given details - useful as if a program using the library is intended to be distributed the number of prompts will not be known (see #3)
- Add functions to allow writing PAM modules in Haskell (see #8)
See here for more information