- C 94.9%
- Makefile 5.1%
| inc | Final minor bugfixes | |
| src | Fixed crash and lockout | |
| .clangd | Initial version | |
| .gitignore | Initial version | |
| LICENSE | Initial commit | |
| makefile | Initial version | |
| README.MD | Initial version | |
drawuth
PAM auth, but by drawing on the touchpad.
⚠️ WARNING: Using this may be less secure than a password. It may be more likely to be bypassed than a strong password. Use at your own risk!
Prerequisites
- A Linux system with PAM support
- A touchpad exposed as an evdev input device (e.g.
/dev/input/eventX) - Read access to the relevant
/dev/input/device (you may need to be in theinputgroup)
Building
make
sudo make install
This will build pam_drawuth.so and drawuthctl and install them to /lib/security/ and /usr/local/bin/ respectively.
Installing
Add the following line to the desired files in /etc/pam.d/ (e.g. sudo, login):
auth sufficient pam_drawuth.so
Place this line before any auth required pam_unix.so lines. This will first attempt authentication via gesture; if it fails, PAM will fall through to your password.
Example /etc/pam.d/sudo:
auth sufficient pam_drawuth.so
auth required pam_unix.so
Usage
i️ NOTE: If not specifying --file, you'll need to run the command as root (using sudo).
Registering a gesture
Before you can authenticate, you need to register your gesture:
drawuthctl --register
This collects 5 samples by default and estimates a suitable tolerance. You can collect more samples for a tighter fit:
drawuthctl --register --samples 8
Testing a gesture
To verify your gesture works:
drawuthctl --test
CLI Reference
| Short | Long | Required | Default |
|---|---|---|---|
-d |
--device |
No | Auto-detected (best scoring device) |
-r |
--register |
Yes (unless --test is passed) |
- |
-s |
--samples |
No | 5 |
-t |
--test |
Yes (unless --register is passed) |
- |
-f |
--file |
No | /etc/security/drawuth/${USER} |
-h |
--help |
No | - |
-v |
--version |
No | - |
--register and --test are mutually exclusive.
Exit codes
| Code | Meaning |
|---|---|
| -1 | Internal error |
| 0 | Authentication with --test passed (also returned for -h & -v) |
| 1 | Authentication with --test failed |
| 2 | Invalid arguments |
| 3 | Could not automatically find suitable device |
| 4 | Device error |
| 5 | IO error |
| 6 | Gesture collection failed |