42 lines
1.3 KiB
Text
42 lines
1.3 KiB
Text
PAM_FILE="/etc/pam.d/sudo"
|
|
AUTH_LINE="auth sufficient pam_exec.so quiet stdout /usr/bin/z-auth"
|
|
|
|
post_install() {
|
|
echo ":: Configuring PAM for z-auth..."
|
|
|
|
# Check if line already exists
|
|
if grep -q "/usr/bin/z-auth" "$PAM_FILE"; then
|
|
echo " PAM configuration already exists. Skipping."
|
|
else
|
|
# Backup
|
|
cp "$PAM_FILE" "$PAM_FILE.bak_zauth"
|
|
|
|
# Insert after the first line (usually #%PAM-1.0)
|
|
# This places it at the very top of the rules, which is what we want for 'sufficient'
|
|
sed -i "2i$AUTH_LINE" "$PAM_FILE"
|
|
echo " Added z-auth to $PAM_FILE"
|
|
fi
|
|
|
|
# Optional: Warning if the OLD manual line still exists
|
|
if grep -q "/usr/local/bin/z-auth.sh" "$PAM_FILE"; then
|
|
echo " WARNING: You have an old configuration pointing to /usr/local/bin/z-auth.sh."
|
|
echo " You should remove it manually to avoid redundancy."
|
|
fi
|
|
}
|
|
|
|
post_upgrade() {
|
|
post_install
|
|
}
|
|
|
|
post_remove() {
|
|
echo ":: Removing z-auth from PAM configuration..."
|
|
|
|
if grep -q "/usr/bin/z-auth" "$PAM_FILE"; then
|
|
# Create backup before verifying
|
|
cp "$PAM_FILE" "$PAM_FILE.bak_zauth_remove"
|
|
|
|
# Remove the exact line (or lines containing the binary path)
|
|
sed -i "\|/usr/bin/z-auth|d" "$PAM_FILE"
|
|
echo " Removed z-auth configuration."
|
|
fi
|
|
}
|