Session management using Android

Hey guys,
It's partially a project presentation and partially a question.

I've added some security exceptions to my system allowing me to login in several ways with my mobile device:

  1. Unlock/Lock script in KDE Connect (Which turns the monitor on with xset and logging me in using loginctl and vice versa).
  2. udev rule that does the same when specifically my phone is connected via USB (Verified using ATTRS{manufacturer/product/serial}).

I really wanted to do this with the device fingerprint instead of just connecting but there's a single project for that and it's not very stable, there's another one for Windows that looks fantastic but it's not open source and there's no Linux integration currently.

I've tried blue-proximity, the BT connectivity is very unstable so this whole mechanism became very unreliable (even when the phone was figuratively on the laptop itself the phone wasn't recognized and both their BT adapters were on and connected).

BTW pam-usb is only for storage devices, not just any USB device.

The next planned step is to have either one of these:

  1. As long as the phone is connected PAM will not ask for password (sudo\gksudo).
  2. When the phone is connected I'll be able to bypass the PAM password prompt (regardless) using the fingerprint reader on the mobile device.

I thought about implementing this using python-pam but so far I wasn't able to understand what are the conditions and what the script does when password is required, is there a way to check if a specific mobile device is connected and just bypass the password prompt (or ask for a fingerprint on an Android device using ADB)?

I'd love to share any files and script I created it's just too messy right now and there are many small things I've patched and hardcoded so I won't have to deal with multiple seats and sessions etc.

Thanks!

2 Likes

Cool project, but reminds me of this:

XKCD-538

In your case: they just have to get your (locked) phone within WiFi distance to unlock your computer... :scream: :wink:

1 Like

LOL, it's a good one, the phone is locked with a fingerprint/PIN and when it's unlocked you can tap the relevant KDE Connect action, the computer doesn't unlock automatically when the phone is within distance or the same wifi.

That's exactly why I want to use the fingerprint reader or do some action on my phone to make sure my phone is not automagically eliminating the need for password while being completely passive.

Also, the trick I was talking about with pam requires connecting the phone to the computer directly, I want an additional factor such as fingerprint (either when the phone is connected directly or via WiFi).

1 Like

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by