2 files changed, 63 insertions, 0 deletions

diff --git a/example/.gitignore b/example/.gitignore
new file mode 100644
index 0000000..6f30a3a
--- /dev/null
+++ b/example/.gitignore
@@ -0,0 +1 @@
+/example
diff --git a/example/example.go b/example/example.go
new file mode 100644
index 0000000..efe0d79
--- /dev/null
+++ b/example/example.go
@@ -0,0 +1,62 @@
+// This is a fake login implementation. It uses whatever default
+// PAM service configuration is available on the system, and tries
+// to authenticate any user. This should cause PAM to ask its
+// conversation handler for a username and password, in sequence.
+//
+// This application will handle those requests by displaying the
+// PAM-provided prompt and sending back the first line of stdin input
+// it can read for each.
+//
+// Keep in mind that unless run as root (or setuid root), the only
+// user's authentication that can succeed is that of the process owner.
+//
+// It's not a real login for several reasons:
+//
+// It doesn't switch users.
+// It's not a real login.
+//
+// It does however demonstrate a simple but powerful use of PAM.
+
+package main
+
+import (
+	"bufio"
+	"code.google.com/p/gopass"
+	"errors"
+	"fmt"
+	"github.com/msteinert/pam"
+	"log"
+	"os"
+)
+
+func main() {
+	t, err := pam.StartFunc("", "", func(s pam.Style, msg string) (string, error) {
+		switch s {
+		case pam.PromptEchoOff:
+			return gopass.GetPass(msg)
+		case pam.PromptEchoOn:
+			fmt.Print(msg)
+			bio := bufio.NewReader(os.Stdin)
+			input, err := bio.ReadString('\n')
+			if err != nil {
+				return "", err
+			}
+			return input[:len(input)-1], nil
+		case pam.ErrorMsg:
+			log.Print(msg)
+			return "", nil
+		case pam.TextInfo:
+			fmt.Println(msg)
+			return "", nil
+		}
+		return "", errors.New("Unrecognized message style")
+	})
+	if err != nil {
+		log.Fatalf("Start: %s", err.Error())
+	}
+	err = t.Authenticate(0)
+	if err != nil {
+		log.Fatalf("Authenticate: %s", err.Error())
+	}
+	log.Print("Authentication succeeded!")
+}