pam_usb 0.3.3 review
Downloadpam_usb is a PAM modules that enables either two-factor or password-less authentication using an USB storage device (such as an USB F
|
|
pam_usb is a PAM modules that enables either two-factor or password-less authentication using an USB storage device (such as an USB Flash Memory Token).
It can work with any PAM enabled program, such as login, su, gdm/kdm/xdm, xlock...
This is done with a pair of DSA keys, the private one is stored on the device and the public one on the computer.
Whenever a user tries to authenticate, pam_usb will try to find the usb device and will load the private key.
Then it will compute a private/public key signing challenge using the public key contained in the user's home directory.
Then, if configured in two-factor mode (additional mode, in the documentation), a password is asked to the user in order to finish the authentication. Otherwise, if configured in password-less mode (alternative / unique in the documentation)
it will log in the user without asking any password.
It can also work using any kind of mountable devices such as floppy disks or cd-roms. To improve security, it supports private key encryption and serial number access list.
Sorry for the poor informations provided here but the website is being redesigned.
What's New in This Release:
The option keypath is now splitted into local_keypath and device_keypath.
Fixed a bug that occurred when the TTY entry was empty.
pam_usb doesn't get anymore the tty name from PAM_TTY as it used to be empty on some systems.
Better defaults. The default options have been set to fit most needs, you are no longer required to use !check_device on 2.6.
Verbose mode. By default, pam_usb now prints some informations during the login process (access granted, the reason why access was refused, etc). This can be turned off using the brand new 'quiet' option.
Other small fixes.
pam_usb 0.3.3 keywords