pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives.
It works with any application supporting PAM, such as su and login managers (GDM, KDM).
Password-less authentication.
Use your USB stick for authentication, don't type passwords anymore.Device auto probing.
You don't need to mount the device, or even to configure the device location (sda1, sdb1, etc). pam_usb.so will automatically locate the device usingUDisks
and access its data by itself.Two-factor authentication.
Achieve greater security by requiring both the USB stick and the password to authenticate the user.Non-intrusive.
pam_usb doesn't require any modifications of the USB storage device to work (no additional partitions required).- USB Serial number, model and vendor verification.
- Support for One Time Pads authentication.
- You can use the same device across multiple machines.
- Support for all kind of removable devices (SD, MMC, etc).
- Can optionally unlock your GNOME keyring
pamusb-agent
: trigger actions (such as locking the screen) upon device authentication and removal.pamusb-conf
: configuration helper.pamusb-check
: integrate pam_usb's authentication engine within your scripts or applications.pamusb-keyring-unlock-gnome
: utility to unlock the gnome-keyring on login with pam_usb
- Install pam_usb on your system
- Read the Getting Started Guide
- Have a look at the Configuration File Reference
- Problem? See the Troubleshooting Guide
This software was initially created by Andrea Luzzardi (https://github.com/aluzzardi/pam_usb/) but is unmaintained for quite some years by now. While the years passed the community continued to work on it but there was never a centralized place merging all those improvement. The goal of this repo is to provide exactly that, resulting in an up-to-date version. See Install for installation instructions and download options for prebuilt binaries.
This repo is mainly based on community improvements from
- Pekka Helenius (https://github.com/Fincer/pam_usb) - Agent improvements and Arch packaging support
- Luka Novsak (https://github.com/luka-n/pam_usb) - UDisk2 port
- "IGP" (https://github.com/IGP/pam_usb)" (many small improvements)
- "McDope" (https://github.com/mcdope/pam_usb) (this repo),
- ... and others.
See the commit history for details. You can find a list of all contributors in the AUTHORS
file.
The last official release was 0.5.0 btw, some private packages used 0.6.0 to override the upstream provided version but those varied in changes from 0.5.0. This repo will be released starting from 0.7.0 when ready and includes all updates I'm aware of (Python3 port, UDisks2 support, other smaller ones) or did myself.