I created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login. sudo # sudo: auth account password session auth include sudo_local auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so auth sufficient pam_smartcard.so auth required pam_opendirectory.so account required pam_permit.so password required pam_deny.so session required pam_permit.so authorization # authorization: auth account auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache auth optional pam_ntlm.so use_first_pass auth sufficient pam_smartcard.so use_first_pass account required pam_opendirectory.so Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ? Is it possible to create a mechanism with custom logic and replace it with<string>builtin:authenticate,privileged</string> in system.login.console authorization right ? Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.

I am trying to learn how PAM works in macOS, in that process I came across one of the apple open source project in git hub. So I downloaded the project and opened it in xcode. When I tried to build the project initially I got base SDK error. I resolved that by changing the value to macOS(initially the value for base SDK is macosx.internal). After that most of the dependency error are resolved but now I am getting some of the header files are not found and also some of '.a' files are also missing. I have explored over the internet for those files but unable to get those. I have attached the missing header files and '.a' files below. Can you please help me in build this project. GitHub link: [https://github.com/apple-oss-distributions/pam_modules/tree/pam_modules-195) Header files: #include <Security/SecKeychainPriv.h> #include <OpenDirectory/OpenDirectoryPriv.h> #include <Heimdal/krb5.h>