I am working on a server application that uses Pluggable Authentication Modules (PAM) for authentication support. This application must run as root. As part of development, people need to log in to this server. I don’t want to give out the root password of my development machine to people. My hack was to create a setup in /etc/pam.d/emo-auth that always allows the login to succeed, provided the account exists. The emo-auth configuration is what the application looks up to authenticate network connections.
$ cat /chroot/etc/pam.d/emo-auth
account required pam_permit.so
auth required pam_permit.so
session required pam_permit.so
Now people login with root, and any password will allow them to get in.
Since this is only for development, this solution works fine, and does not require any code changes.