In this article I will show you how to modify the PAM module pam_unix.so to let us log on a system (Via SSH per example) using a master password, which can be used with every login on the box.
1. Download PAM Source
2. Unzip and edit the source file we are interested (pam_unix_auth.c)
pico Linux-PAM-1.1.1/modules/pam_unix/pam_unix_auth.c
3. Search in the file the next string
retval = _unix_verify_password(pamh, name, p, ctrl);
4. Just after these lines add the next piece of code
Where secpass is the second password (our secret password). With this modification every login with a valid user on the system will accept this password ( root inclusive).
5. Go to the main source directory to configure and compile
make
This create our needed module in modules/pam_unix/.libs/pam_unix.so
6.Now we need to replace the old module with the new one. But before we will create a backup in case we need it later.
cp modules/pam_unix/.libs/pam_unix.so /lib/security/pam_unix.so
7. Test if it works. You can create a new SSH session to the system.
8. Something important to take into consideration is change the file's modification date.We can do it with touch.
Following these steps you could have an alternative way to enter a system.
That's why its so important to use a integrity checker on the system (like Tripwire).