Skip to content
forked from mcdope/pam_usb

Hardware authentication for Linux using ordinary flash media (USB & Card based).

License

Notifications You must be signed in to change notification settings

IslandC0der/pam_usb

 
 

Repository files navigation

Build Packaging Functional testing CodeQL DevSkim Nightly builds (tar.gz, deb, rpm, zst)

pam_usb

pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives.

It works with any application supporting PAM, such as su and login managers (GDM, KDM).

Features

  • Password-less authentication. Use your USB stick for authentication, don't type passwords anymore.
  • Device auto probing. You don't need to mount the device, or even to configure the device location (sda1, sdb1, etc). pam_usb.so will automatically locate the device using UDisks and access its data by itself.
  • Two-factor authentication. Achieve greater security by requiring both the USB stick and the password to authenticate the user.
  • Non-intrusive. pam_usb doesn't require any modifications of the USB storage device to work (no additional partitions required).
  • USB Serial number, model and vendor verification.
  • Support for One Time Pads authentication.
  • You can use the same device across multiple machines.
  • Support for all kind of removable devices (SD, MMC, etc).
  • Can optionally unlock your GNOME keyring

Tools

  • pamusb-agent: trigger actions (such as locking the screen) upon device authentication and removal.
  • pamusb-conf: configuration helper.
  • pamusb-check: integrate pam_usb's authentication engine within your scripts or applications.
  • pamusb-keyring-unlock-gnome: utility to unlock the gnome-keyring on login with pam_usb

Getting Started

History of this PAM module

This software was initially created by Andrea Luzzardi (https://github.com/aluzzardi/pam_usb/) but is unmaintained for quite some years by now. While the years passed the community continued to work on it but there was never a centralized place merging all those improvement. The goal of this repo is to provide exactly that, resulting in an up-to-date version. See Install for installation instructions and download options for prebuilt binaries.

This repo is mainly based on community improvements from

See the commit history for details. You can find a list of all contributors in the AUTHORS file.

The last official release was 0.5.0 btw, some private packages used 0.6.0 to override the upstream provided version but those varied in changes from 0.5.0. This repo will be released starting from 0.7.0 when ready and includes all updates I'm aware of (Python3 port, UDisks2 support, other smaller ones) or did myself.

About

Hardware authentication for Linux using ordinary flash media (USB & Card based).

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 67.8%
  • Python 21.4%
  • Makefile 5.7%
  • Shell 5.1%