pam_usb provides hardware authentication for Linux using ordinary removable media. Tested are flash sticks and storage cards, but it should work with harddrives, SSDs and even floppies (at least USB based) too.
It works with any application supporting PAM, such as su and login managers (GDM, KDM).
Password-less authentication.
Use your removable media for authentication, don't type passwords anymore (or add a second factor).Device auto probing.
You don't need to mount the device, or even to configure the device location (sda1, sdb1, etc). pam_usb.so will automatically locate the device usingUDisks
and access its data by itself.Two-factor authentication.
Archive greater security by requiring both the removable media and the password to authenticate the user.Non-intrusive.
pam_usb doesn't require any modifications of the USB storage device to work (no additional partitions required).- USB Serial number, model and vendor verification.
- Support for One Time Pads authentication.
- Support for all kind of removable devices (SD, MMC, etc).
- Can optionally unlock your GNOME keyring
pamusb-agent
: trigger actions (such as locking the screen) upon device authentication and removal.pamusb-conf
: configuration helper.pamusb-check
: integrate pam_usb's authentication engine within your scripts or applications.pamusb-keyring-unlock-gnome
: utility to unlock the gnome-keyring on login with pam_usb
- Install pam_usb on your system
- Read the Getting Started Guide
- Have a look at the Configuration File Reference
- Problem? See the Troubleshooting Guide
This software was initially created by Andrea Luzzardi (https://github.com/aluzzardi/pam_usb/) but is unmaintained for quite some years by now. While the years passed the community continued to work on it but there was never a centralized place merging all those improvement. The goal of this repo is to provide exactly that, resulting in an up-to-date version. See Install for installation instructions and download options for prebuilt binaries.
This repo is mainly based on community improvements from
- Pekka Helenius (https://github.com/Fincer/pam_usb) - Agent improvements and Arch packaging support
- Luka Novsak (https://github.com/luka-n/pam_usb) - UDisk2 port
- "IGP" (https://github.com/IGP/pam_usb)" (many small improvements)
- "McDope" (https://github.com/mcdope/pam_usb) (this repo),
- ... and others.
See the commit history for details. You can find a list of all contributors in the AUTHORS
file.
The last official release was 0.5.0 btw, some private packages used 0.6.0 to override the upstream provided version but those varied in changes from 0.5.0. This repo started at 0.7.0 and includes all contributions up to this point I'm aware of (Python3 port, UDisks2 support, other smaller ones) or did myself.