Skip to main content

detect_pam_fingerprint

pacsea::logic::privilege

Function detect_pam_fingerprint 

Source 
pub fn detect_pam_fingerprint(tool: PrivilegeTool) -> bool
Expand description

What: Detect whether the active privilege tool’s PAM configuration includes pam_fprintd.

Inputs:

  • tool: Resolved privilege tool (sudo or doas).

Output:

  • true if /etc/pam.d/{tool} exists and contains a reference to pam_fprintd.

Details:

  • Reads /etc/pam.d/sudo or /etc/pam.d/doas and checks for pam_fprintd.so.
  • Also checks /etc/pam.d/system-auth and /etc/pam.d/system-local-login as common include targets where pam_fprintd may be configured instead of the tool-specific file.
  • Informational only — never blocks execution.
  • Returns false on any I/O error (missing file, permission denied).