Please create an account to participate in the Slashdot moderation system


Forgot your password?

Submission + - PAM Authetication via USB storage devices

Tomhet writes: "User authentication is commonly done by verifying user/password tuples. Serious administrators shouldn't use the same password for every authentication-based service, but the increasing number of per-person-accounts finally often leads to laziness (especially when accepting the "holy rules" of passwordmanagement, where passwords should be long and cryptic).

Smartcards offer a well secured alternative to passwords, but in spite of costs, a smartcard-reader is needed everytime you'd like to get authenticated on your system.

pam_usbauth is a module for Unix PAM which allows passwordsless local authentication via ordinary USB storage devices (aka USB-dongles). USBAuth supports password hashing, internal one-time-password management and USB device ID binding to provide as much security as possible, a storage device without integrated programmable logic can offer.

The module isn't based on device mounting or USB libraries, which makes it possible to authenticate before actually logging in to mount the device(s), and can even be used with MMC-, CF- and SD memory cards (if your kernel supports them).

In addition, it uses a triggering system, which makes it possible to automatically lock sessions or unmount certain (possibly encrypted) partitions on plugin- or plugout-events.

The source as well as packages for Debian can be obtained from this site (building via SVN is strongly recommended)."

Slashdot Top Deals

Never buy what you do not want because it is cheap; it will be dear to you. -- Thomas Jefferson