[Feature Request] Action after a failed login attempt

[sivizius]

Add a command line parameter --action <command> with an command that should be executed every time after a failed attempt. This could be used e.g. to capture a picture with fswebcam. The command should be called with the number of failed attempts so e.g. a bash-script could start taking pictures only after n failed attempts.

[emersion]

Sounds like a task for PAM, not swaylock.

[savchenko]

Sounds like a grand idea! see below.

@emersion , are you referring to pam_tally?..

[kennylevinsen]

There's also pam_faillock for inspiration, and expand with a fork/exec after the fail count is hit.

This will then work for any PAM-based authenticator (GDM, SDDM, lightdm, login, greetd, swaylock, i3lock, you name it), and is much better than stuffing it into swaylock.

[ghost]

What you could do is create a system service that sees the number of entries in faillock if its equal to 3 or greater than 3 it can run a command.

Here is an example:

#!/bin/sh
while true
do
    attempts=$(expr $(faillock --user user | wc -l ) - 2)
    if [ $attempts -eq 3 ]
    then
        poweroff
    else
        sleep 1
    fi
done

Sure this isn't the best and you can make more efficient and better programs for your use case. But this is a lot easier than playing around with pam directly.