/pam_usb

Primary LanguageCGNU General Public License v2.0GPL-2.0

pam_usb

pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives.

It works with any application supporting PAM, such as su and login managers (GDM, KDM).

Features

  • Password-less authentication. Use your USB stick for authentication, don't type passwords anymore.
  • Device auto probing. You don't need to mount the device, or even to configure the device location (sda1, sdb1, etc). pam_usb.so will automatically locate the device using UDisks and access its data by itself.
  • Two-factor authentication. Achieve greater security by requiring both the USB stick and the password to authenticate the user.
  • Non-intrusive. pam_usb doesn't require any modifications of the USB storage device to work (no additional partitions required).
  • USB Serial number, model and vendor verification.
  • Support for One Time Pads authentication.
  • You can use the same device across multiple machines.
  • Support for all kind of removable devices (SD, MMC, etc).

Tools

  • pamusb-agent: trigger actions (such as locking the screen) upon device authentication and removal.
  • pamusb-conf: configuration helper.
  • pamusb-check: integrate pam_usb's authentication engine within your scripts or applications.

Getting Started