pam_mount stopped working after update #server #mount #pam #activedirectory #kerberos
Welp, #Debian Testing (#Trixie) broke something between #sddm and #PAM, so now I can no longer log in to the #Plasma #Wayland session.
But at least now I know how to launch Plasma (Wayland) directly from the console.
#AuroraLinux is looking good to me right about now.
I might just be ready for immutable, at least for work. 
Just released: #swad 0.5
swad is the "Simple Web Authentication Daemon", meant to add authentication using a #cookie and a #login form to your reverse proxy. It's designed for #nginx' "auth_request" module. It's written in pure #C with very few external dependencies (zlib, and depending on build options OpenSSL/LibreSSL and #PAM).
And with this release, it also allows guest logins using the crypto puzzle you may already know from #Anubis!
Read more in the release notes, grab the .tar.xz and build/install it 
Just released: #swad v0.3!
https://github.com/Zirias/swad/releases/tag/v0.3
swad is the "Simple Web Authentication Daemon", your tiny, efficient and (almost) dependency-free solution to add #cookie + login #form #authentication to whatever your #reverse #proxy offers. It's written in pure #C, portable across #POSIX platforms. It's designed with #nginx' 'auth_request' in mind, example configurations are included.
This release brings a file-based credential checker in addition to the already existing one using #PAM. Also lots of improvements, see details in the release notes.
I finally added complete build instructions to the README.md:
https://github.com/Zirias/swad
And there's more documentation available: manpages as well as a fully commented example configuration file.
Just released: #swad v0.2
SWAD is the "Simple Web Authentication Daemon", meant to add #cookie #authentication with a simple #login form and configurable credential checker modules to a reverse #proxy supporting to delegate authentication to a backend service, like e.g. #nginx' "auth_request". It's a very small piece of software written in pure #C with as little external dependencies as possible. It requires some #POSIX (or "almost POSIX", like #Linux, #FreeBSD, ...) environment, OpenSSL (or LibreSSL) for TLS and zlib for response compression.
Currently, the only credential checker module available offers #PAM authentication, more modules will come in later releases.
swad 0.2 brings a few bugfixes and improvements, especially helping with security by rate-limiting the creation of new sessions as well as failed login attempts. Read details and grab it here:
Trump has been nominating,
and the Senate has been confirming,
one pliant and obsequious instrument of the president’s pleasure after another.
This is nowhere more true than in appointments to the Department of Justice.
To understand Martin’s danger, it is important to understand how the department in which he would serve as a confirmed official has been operating in Trump 2.0.
At Attorney General #Pam #Bondi’s swearing-in ceremony, she pledged to
“not let [Trump] down”
and to “make [him] proud.”
In her introduction of President Trump before his speech in the Great Hall at the Justice Department,
she called Trump
“the greatest president in the history of our country”
and proclaimed that the department was
“so proud to work at [his] directive”
and would “never stop fighting for” Trump.
She has portrayed Justice Department attorneys as the president’s lawyers.
Bondi signaled fierce loyalty to Trump at her confirmation hearing but nonetheless pledged that,
“If confirmed, I will fight every day to restore confidence and integrity to the Department of Justice
and each of its components.
The partisanship, the weaponization, will be gone. America will have one tier of justice for all.”
In office Bondi has done precisely the opposite
—aggressively so.
She has engaged in a range of politicizing actions,
including dropping the Eric Adams prosecution,
withdrawing charges against and pulling back from investigations of other Trump-allied current or former officials, halting prosecution of a Trump family crypto partner,
and firing or demoting career attorneys who worked on cases involving the president.
She established a “Weaponization Working Group”
that is going after the president’s perceived enemies
and must report on its progress to the White House quarterly.
(Martin is a member of the group.)
The weaponization group is implementing the president’s core philosophy:
“If they screw you, screw them back ten times as hard.”
The goal may be to eliminate future weaponization against Trump interests;
but the tactics are weaponization on a scale never before imagined.
At the same time, Bondi, the chief legal officer of the executive branch after Trump,
is stewarding the rule of law in a disastrous fashion.
She has facilitated the elimination of DOJ independence from the White House,
despite pledges to the contrary.
Her lawyers have been unprepared in court and shown courts unprecedented disrespect.
They have sought to defend the president’s plainly lawless extortionate actions against law firms,
among other lawless executive actions.
Bondi and her lawyers are not restoring confidence and integrity in the department
—they are weakening them.
Bondi had signaled a pro-Trump agenda during her confirmation process,
but now we know the scale on which she is using the department to do the president’s political and personal bidding.
The Senate’s enabling of these actions in confirming Bondi is the proper background to assess Martin’s nomination
Released: #swad v0.1 
Looking for a simple way to add #authentication to your #nginx reverse proxy? Then swad *could* be for you!
swad is the "Simple Web Authentication Daemon", written in pure #C (+ #POSIX) with almost no external dependencies. #TLS support requires #OpenSSL (or #LibreSSL). It's designed to work with nginx' "auth_request" module and offers authentication using a #cookie and a login form.
Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: #PAM. But as pam already allows pretty flexible configuration, I already consider this pretty useful 
If you want to know more, read here:
https://github.com/Zirias/swad
First "production test" successful 
... after band-aid "deployment" (IOW, scp binaries to the prod jail).
#swad integrates with #nginx exactly as I planned it. And #PAM authentication using a child process running as root also just works (while the main process dropped privileges).
So, I guess I can say goodbye to #AI #bots hammering my poor DSL connection just to download poudriere build logs.
Still a lot to do for #swad: Make it nicer. So many ideas. Best start would probably be to implement more credentials checking modules besides PAM.
This, btw, was yet another reminder of the horrible can of worms #stdio's #buffering is.
I created a little tool running as a child process to do the *actual* #PAM authentication, so it will be possible to have this run as root while the real service drops all privileges. This little tool uses a simple line-based protocol for communication on stdin/stdout. It worked well when testing directly on the terminal.
On the first real test though, my service just went hanging. 
I suspected a deadlock caused by pthread mutexes. Wasted quite some time looking into that. Then I finally realized communication over the pipes was stalled.
Ok, just set buffering mode to "line buffering" after fdopen'ing the #pipe. Turned out that didn't help either. I *assume* that even in the child process, the stdio streams automatically created on the pipes were somehow fully buffered. But at that point, I was really fed up with trial and error and rewrote the whole mess to do I/O using plain #POSIX APIs (read, write), sidestepping any buffering. Worked like a charm.
Result of today's #C #coding session: I can now authenticate with #PAM
https://github.com/Zirias/swad/commit/8983ae30955a407c4732c6e3e3a4aeba6db77a93
This will soon be "production-ready" at least for me
To bolster his efforts to control elections,
Trump has stacked the Department of Justice ( #DOJ ) with officials who have supported his baseless claims of rampant voter fraud in the 2020 presidential election
and who may have worked to overturn state election results on behalf of his campaign.
These include top officials like Attorney General #Pam #Bondi and FBI Director #Kash #Patel
— both of whom would not say who won the 2020 election during their confirmation hearings.
But it also includes those selected to lead offices that enforce federal laws protecting the right to vote.
Trump nominated #Harmeet #Dhillon, one of his loyal allies who has been involved in dozens of lawsuits challenging voting rights laws, redistricting and election processes,
to lead the Civil Rights Division.
Often referred to as the “crown jewel” of the DOJ, the division is core to protecting civil rights and liberties.
Dhillon has yet to be confirmed,
but the Civil Rights Division has already abruptly shifted away from defending voting rights.
So far, it’s dropped voting rights lawsuits against Texas, Virginia and Alabama.
It also retracted a previous request to participate in a lawsuit over unfair voting maps in Louisiana that’s set to be heard by the Supreme Court.
Weiner, the Brennan Center director, said that the country,
even in Trump’s first term,
never had a DOJ so readily turned into “the president’s personal law firm.”
“Which is just not what the DOJ is.
It’s just not what anyone has understood the DOJ to be,” Weiner said.
“But it is incredibly risky.”
In future elections, such officials may be more willing to not act if voting rights are threatened,
or could oppose efforts to protect voting rights.
They may also be more likely to pursue criminal investigations, and even prosecutions, against voters and election administrators over spurious allegations of fraud.
The US deported more than 250 mainly Venezuelan alleged gang members to El Salvador
despite a US judge’s ruling to halt the flights on Saturday
after Donald Trump controversially invoked the "Alien Enemies Act",
a 1798 law meant only to be used in wartime.
El Salvador’s president, Nayib Bukele, said 238 members of the Venezuelan gang "Tren de Aragua" and 23 members of the Salvadoran gang "MS-13" had arrived and were in custody as part of a deal under which the US will pay the Central American country to hold them in its 40,000-person capacity “terrorism confinement centre”.
The confirmation came hours AFTER a US federal judge expanded his ruling temporarily blocking the Trump administration from invoking the "Alien Enemies Act",
a wartime authority that allows the president broad leeway on policy and executive action to speed up mass deportations.
The US district judge #James #Boasberg had attempted to halt the deportations for all individuals deemed eligible for removal under Trump’s proclamation, which was issued on Friday.
Boasberg also ordered deportation flights already in the air to return to the US.
“Oopsie … Too late,” Bukele posted online, followed by a laughing emoji.
Soon after Bukele’s statement, the US secretary of state, Marco Rubio, thanked El Salvador’s leader.
The Alien Enemies Act has only ever been used three times before,
most recently during the second world war, when it was used to incarcerate Germans and Italians as well as for the mass internment of Japanese-American civilians.
It was originally passed by Congress in preparation for what the US believed would be an impending war with France.
It was also used during the war of 1812 and during the first world war.
The US attorney general, #Pam #Bondi, slammed Judge Boasberg’s stay on deportations.
“This order disregards well-established authority regarding President Trump’s power, and it puts the public and law enforcement at risk,” Bondi said in a statement on Saturday night.
But lawyers for the American Civil Liberties Union contend that the Trump does not have the authority to use the law against a criminal gang, rather than a recognized state.
On Sunday, the Republican senator Mike Rounds questioned 
whether the deportation flights had ignored Judge Boasberg’s order to turn around.
“We’ll find out whether or not that actually occurred or not,” Rounds told CNN.
“I don’t know about the timing on it. I do know that we will follow the law.”
https://www.theguardian.com/us-news/2025/mar/16/deportation-alleged-gang-members-el-salvador?CMP=Share_iOSApp_Other
#KaupanLiitto onnistuu koko ajan näyttämään huonommalta.
#Kryhmä on maailman kannattavin kauppaketju (ruokakaupassa). Myös #Sryhmä ja #Lidl Suomi nousevat maailman kärkeen kannattavuutta mitattaessa.
Niin, koska #ruokakauppa on Suomessa keskittynyt.
Maailman huipun kannattavuudesta huolimatta ovat #PAM:n #palkankorotus, #irtisanomissuoja ja #osaaikaiset aseman parantaminen peräämiset näille ylivoimaista.
HUH!
#Lakko loppuu huomenna klo 05, mutta tänään klo 15 ei ole saavutettu sopua.
Tuleeko uusi lakko?
Jokunen rivi lakoista ja itkijämiehistä. Saa jakaa vaikka kokisit itsesi kuvailluksi itkijämieheksi
#lakko #lakkooikeus #ammattiliitot #pam #tehy #super #akava tuli näin nyt aluksi mieleen
https://arkipaivainen.wordpress.com/2025/02/18/lakko-on-oikeus-ei-vaiva/
#Pam #Bondi has a little list:
The Department of Justice will provide quarterly reports to the White House regarding the progress of the review.
During this review, the Weaponization Working Group will examine, among other things:
Weaponization by Special Counsel Jack Smith and his staff, who spent more than $50 million targeting President Trump, and the prosecutors and law enforcement personnel who participated in the unprecedented raid on President Trump's home.
Federal cooperation with the weaponization by the Manhattan District Attorney Alvin Bragg, New York Attorney General Letitia James, their respective staffs, and other New York officials to target President Trump, his family, and his businesses.
The pursuit of improper investigative tacties and unethical prosecutions relating to events at or near the United States Capitol on January 6, 2021- as distinct from good-faith actions by federal employees simply following orders from superiors which diverted resources from combatting violent and serious crime and thus, were pursued at the expense of the safety of residents of the District of Columbia.
The January 23, 2023, memorandum in which the Federal Bureau of Investigation suggested that certain Catholic religious practices were affiliated with violent extremism and criminal activity.
Prior Justice Department guidance, policy memoranda, and practices concerning the investigation of parents of school children who expressed sincere, good-faith concerns at local government meetings, including the October 4, 2021 memorandum of former Attorney General Merrick Garland regarding these issucs."
Criminal prosecutions under the Freedom of Access to Clinic Entrances Act for non-violent protest activity.
The retaliatory targeting, and in some instances criminal prosecution, of legitimate whistleblowers.
https://bsky.app/profile/gemslawrence.bsky.social/post/3lhjiwvdryk23
GitHub - nuvious/pam-duress: A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password. https://github.com/nuvious/pam-duress #authentication #OpenSource #password #GitHub #script #threat #pam
Trump’s expectation of #total #loyalty has crept from the White House and seeped into another branch of government.
That common denominator carried more weight than practically any other quality as the forty-seventh president selected dozens of nominees to lead different agencies
-- nearly all of whom had previously lent a hand to Trump in his criminal trials, donated money to his political campaign, or helped build out one of his presidential transition playbooks, such as Project 2025.
They have, in turn, consistently yielded to the president’s demands and expectations throughout their confirmation hearings over the last two weeks.
When asked if he would obey the Impoundment Control Act, Trump’s nominee to run the Office of Management and Budget (and Project 2025 architect) #Russell #Vought claimed that the law was unconstitutional and that he would defer to the Trump administration as to whether his office would act in accordance with the law.
U.S. attorney general nominee (and former Trump attorney) #Pam #Bondi weaseled her way out of answering whether Trump lost the 2020 election.
Trump’s confirmed Treasury Secretary #Scott #Bessent wouldn’t commit to not cutting Medicaid.
(Project 2025, the fiscal year 2025 Republican Study Committee budget plan, and the fiscal year 2025 House budget all propose sweeping cuts to the wildly popular program that provides comprehensive health insurance to some 72 million Americans.)
In October, transition team co-chair #Howard #Lutnick promised that a government equipped with total allegiance to the chief Republican was on its way.
While explaining how Trump’s last administration buckled under the weight of staff turnover due to disagreements in “vision,”
Lutnick said that the new agenda was to eradicate any internal hostility to the Republican’s plans.
“They’re all going to be on the same side, and they’re all going to understand the policies, and we’re going to give people the role based on their capacity
—and their fidelity and loyalty to the policy, as well as to the man,” the Wall Street billionaire said at the time.
https://newrepublic.com/post/190916/donald-trump-tom-emmer-reconciliation-loyalty
Trump nominated a MAGA loyalist named #Pam #Bondi to be Attorney General.
The Attorney General, of course, runs the U.S. Department of Justice (DOJ).
Bondi has been a lobbyist for 30 corporations and foreign governments.
Her clients have included companies that are major contractors with or are facing enforcement actions from the DOJ.
She signed on to be part of Trump’s legal team during his first impeachment trial.
And she has echoed Trump’s false claims of voter fraud in the 2020 election.
On Thursday, I testified at a Senate hearing about Bondi’s nomination and urged senators to reject her nomination.
Here’s some of what I said in my testimony:
“If Pam Bondi’s nomination as Attorney General proceeds, we fear she will instead be a driven loyalist to Donald Trump and take actions that reflect the needs of the entities she so recently represented.
The Senate should refuse to confirm Pam Bondi to be Attorney General of the United States.”
https://act.citizen.org/page/78260/petition/1?locale=en-US
#Pam #Bondi, Trump’s attorney general pick, revealed in her confirmation hearing Wednesday that there probably is an #enemies #list after all.
When asked by Senator Mazie Hirono about specific people who have been targeted by Republicans in the past, Bondi refused to say she wouldn’t use the Justice Department against them.
“On Fox News, you said ...
‘The prosecutors will be prosecuted, the bad ones. The investigators will be investigated,’” Hirono said. “Is Jack Smith one of those bad prosecutors that you will prosecute as A.G.?”
Bondi pushed back, stating that she wouldn’t answer “hypotheticals.”
“I’m just asking whether you would consider Jack Smith to be one of the people,” Hirono responded. “How about Liz Cheney? How about Merrick Garland?”
Bondi would not answer—revealing that those individuals are very likely among the top targets of a Trump DOJ.
Earlier in the hearing, Bondi refused to disavow Trump’s FBI pick Kash Patel’s past comments on compiling an “enemies list.”
“Would you have hired someone to the Florida Attorney General’s Office who you knew had an enemies list?” Senator Sheldon Whitehouse asked Bondi.
“Senator, to cut to the chase, you’re clearly talking about Kash Patel,” Bondi said. “I don’t believe he has an enemies list. He made a quote on TV, which I have not heard.… He has great experience in the intel department and Department of Defense. I have known Kash, and I believe that Kash is the right person at this time for this job.
“There will never be an enemies list within the Department of Justice,” she added, a disingenuous comment given the full-throated defense of Patel.
The list comes from Patel’s own 2023 book, "Government Gangsters". While he does not include a literal hit list in the book, he does attach an appendix titled, “Members of the Executive Branch Deep State.”
Patel refers to this “deep state” as “a cabal of unelected tyrants” and “the most dangerous threat to our democracy” in other sections of the book.
The list includes names like Bill Barr, Joe Biden, Lloyd Austin, Sally Yates, Kamala Harris, and 55 other people whom Trump considers political opponents.
https://newrepublic.com/post/190268/bondi-trump-ag-hearing-enemy-list
'/%3e%3cpath%20d='M50.3943%2022.237V39.5876H43.5185V22.7481C43.5185%2019.2029%2042.0411%2017.3949%2039.036%2017.3949C35.7325%2017.3949%2034.0778%2019.5338%2034.0778%2023.7585V32.9759H27.2434V23.7585C27.2434%2019.5338%2025.5857%2017.3949%2022.2822%2017.3949C19.2949%2017.3949%2017.8027%2019.2029%2017.8027%2022.7481V39.5876H10.9298V22.237C10.9298%2018.6918%2011.835%2015.8754%2013.6453%2013.7877C15.5128%2011.7049%2017.9623%2010.6355%2021.0028%2010.6355C24.522%2010.6355%2027.1813%2011.9885%2028.9542%2014.6917L30.665%2017.5633L32.3788%2014.6917C34.1517%2011.9885%2036.811%2010.6355%2040.3243%2010.6355C43.3619%2010.6355%2045.8114%2011.7049%2047.6847%2013.7877C49.4931%2015.8734%2050.3963%2018.6899%2050.3943%2022.237Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_89_8'%20x1='30.5'%20y1='0'%20x2='30.5'%20y2='65'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236364FF'/%3e%3cstop%20offset='1'%20stop-color='%23563ACC'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
