Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - PAM Authetication via USB storage devices

Tomhet writes: "User authentication is commonly done by verifying user/password tuples. Serious administrators shouldn't use the same password for every authentication-based service, but the increasing number of per-person-accounts finally often leads to laziness (especially when accepting the "holy rules" of passwordmanagement, where passwords should be long and cryptic).

Smartcards offer a well secured alternative to passwords, but in spite of costs, a smartcard-reader is needed everytime you'd like to get authenticated on your system.

pam_usbauth is a module for Unix PAM which allows passwordsless local authentication via ordinary USB storage devices (aka USB-dongles). USBAuth supports password hashing, internal one-time-password management and USB device ID binding to provide as much security as possible, a storage device without integrated programmable logic can offer.

The module isn't based on device mounting or USB libraries, which makes it possible to authenticate before actually logging in to mount the device(s), and can even be used with MMC-, CF- and SD memory cards (if your kernel supports them).

In addition, it uses a triggering system, which makes it possible to automatically lock sessions or unmount certain (possibly encrypted) partitions on plugin- or plugout-events.

The source as well as packages for Debian can be obtained from this site (building via SVN is strongly recommended)."

Slashdot Top Deals

Every young man should have a hobby: learning how to handle money is the best one. -- Jack Hurley

Working...