Skip to content

Make PAM optional at runtime #420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Make PAM optional at runtime #420

wants to merge 2 commits into from

Conversation

@WhyNotHugo
Copy link
Contributor

@WhyNotHugo WhyNotHugo commented Aug 5, 2025
edited
Loading

swaylock links to PAM directly, so the same binary cannot be used in scenarios where PAM is not installed.

Load PAM at runtime, to enable using the same binary when PAM is not available. Use shadow as a fallback if PAM is not available.

This allows enabling both the shadow and pam backend at compile-time, but if PAM is not available at runtime, shadow is used as a fallback. This is particularly useful for distribution packages where some users rely on PAM and others do not use PAM.

I've successfully tested this on Alpine. The same binary works with or without PAM.

@emersion
Copy link
Member

emersion commented Aug 5, 2025

Hm, I'm not sure I understand the benefits… Dynamic loading is pretty cumbersome to deal with, and this still needs PAM at compile-time.

@WhyNotHugo
Copy link
Contributor Author

It needs PAM at compile-time, but works without PAM at runtime.

The main benefit is that a single binary can be use both with and without PAM.

@WhyNotHugo
Load PAM at runtime instead of dynamically linking
7682bf3 
swaylock links to PAM directly, so the same binary cannot be used in
scenarios where PAM is not installed.

Load PAM at runtime, to enable using the same binary when PAM is not
available.
@WhyNotHugo WhyNotHugo force-pushed the optional-pam branch 2 times, most recently from fc3e75b to 7f7d84d Compare October 14, 2025 23:53
@WhyNotHugo WhyNotHugo changed the title Draft: Load PAM at runtime instead of dynamically linking Make PAM optional at runtime Oct 14, 2025
@WhyNotHugo WhyNotHugo force-pushed the optional-pam branch 4 times, most recently from 3e1cfad to 8a50d18 Compare October 15, 2025 00:10
@WhyNotHugo
Use shadow as a fallback if PAM is unavailable
caa2ab3 
Allow building with PAM and/or shadow, instead of them build mutually
exclusive. This allows producing a single binary which can be used
on hosts with or without PAM installed.
@WhyNotHugo
Copy link
Contributor Author

I've updated the PR description with the details of the final version. I've both build permutations to CI, and this is ready for review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WhyNotHugo @emersion