This presentation explores the novel extension of the PAM conversation through JSON messages, enabling richer communication between PAM applications and SSSD. This extension was driven by the need to support passwordless authentication mechanisms, such as displaying QR codes for external identity verification, within graphical environments like GDM (GNOME Display Manager).

The talk delves into the technical details of this JSON-based interface between SSSD and GDM, providing insights into its design and implementation. Furthermore, a simple PAM application will be presented as a practical example, serving as a reference for developers seeking to integrate this protocol into their own PAM applications. This opens up a wide range of possibilities for enhanced authentication flows, including:

• Contextual Information: Sharing user-specific data or authentication challenges.
• Adaptive Authentication: Dynamically adjusting authentication steps.
• Multi-Factor Authentication: Orchestrating complex authentication sequences.

The presentation will conclude with live demonstrations showcasing the capabilities of this extended PAM conversation and its potential for innovation in authentication systems.