Description
TPM-backed PIN authentication for PAM helps systems verify a local login factor using TPM2 hardware. It is useful for managed workstations, kiosks, and security setups that need hardware-bound authentication behavior.
This is an authentication module, not a complete login policy. TPM ownership, recovery methods, PIN handling, and fallback access should be tested before enabling it on important systems.