NixOS-WSL icon indicating copy to clipboard operation
NixOS-WSL copied to clipboard

Published 20 hours ago verified publisher icon nix-community

WIP: Windows Hello Authentication

Open nzbr opened this issue 3 years ago • 7 comments

This adds an option to approve sudo and other login prompts through Windows Hello (Fingerprint/Face/PIN/etc.) instead of a password or not at all (as is the default)

nzbr avatar Apr 21 '22 14:04 nzbr

This seems to stop working sometimes (exit code 255 from the .exe). That can be fixed by opening a new shell - it's probably related to the WSL_INTEROP socket

nzbr avatar Apr 25 '22 00:04 nzbr

Also https://github.com/nzbr/PAM-WindowsHello#--%EF%B8%8F-you-probably-do-not-want-to-use-this-for-anything-security-critical-%EF%B8%8F---i-am-not-responsible-for-anyone-bypassing-the-login-on-a-system-you-install-this-to

SuperSandro2000 avatar Apr 25 '22 09:04 SuperSandro2000

What needs to be done to this be merged?

aikooo7 avatar Feb 11 '24 23:02 aikooo7

The Nix code in this PR is pretty outdated and would probably need to be adjusted to the current state of the main branch. Also the windows binary this uses can't be cross-compiled on linux and therefore needs to be pulled in as a binary blob. If that's possible the windows part should be rewritten in something like rust where that's possible, so that it can be built in a derivation

nzbr avatar Feb 12 '24 02:02 nzbr

I actually did a rewrite of both the PAM module and the Windows side (in Rust) for this roughly two years ago. It also doesn't use any unsupported APIs anymore and should cross-compile. It worked, but I have a feeling it wasn't fully done. It's currently rotting in a private repo, but I'll see about cleaning it up.

Cu3PO42 avatar Mar 17 '24 14:03 Cu3PO42

That'd be really cool, tbh

nzbr avatar Mar 17 '24 22:03 nzbr