pinpam: PAM module and credential utility to enable system-wide authentication with a secure TPM2-backed pin.

[RazeLighter777]

Hey all, just wanted to say thank you as I used this library as a foundation for my open source hobby project!!! Your library made it easy to navigate the (sometimes quite poor) tpm2 documentation.

I made a program using rust-tss-esapi as the foundation of my project, called pinpam, which is software that lets you use a TPM2-backed pin to authenticate yourself on linux. This could be for logging in, sudo, or any other service supported by PAM (pluggable authentication modules).

It uses PINFAIL indexes and has hardware backed lockout and policies preventing pins from being brute forced. It uses some tss-esapi features that weren't documented in any examples (PinFail, nv_policywritten), so I think it may be helpful for newcomers.

Anyway just wanted to give my thanks and kudos to all the developers of rust-tss-esapi project for the help and give credit where it is due because the amount of work put into this library dwarfs my efforts and wouldn't be possible without this project. Let me know if ya'll take donations or message me and i'll buy ya'll a beer 🍺