pam_usbng pam_usbng is an USB authentication module for PAM.
Download

pam_usbng Ranking & Summary

pam_usbng Tags

authentication Authentication Module PAM module PAM USB storage devices

pam_usbng Description

pam_usbng is an USB authentication module for PAM. pam_usbng is an USB authentication module for PAM.Easy and secure authentication through ordinary USB storage devicesWith a couple of security-related concepts in mind, pam_usbng allows users to easily setup an USB storage device for serving as basis for system-wide authentication, using PAM.Easy setup of rescue devicesIf the main device gets lost or stolen, you'd be happy to have an additional preconfigured rescue device for your account. Since the authentication information on devices can't be easily copied and reused, pam_usbng provides a simple and efficient way to create so called rescue devices, serving as fallback.The software automatically recognizes when a rescue device has been used for authentication and may perform several actions: For example, immediately lock the old (main) device, limit possible authentications and much more.Multi-user/Multi-token capabilitypam_usbng is capable of handling a large amount of authentication fingerprints of users on only one device, while providing support for multiple devices for multiple users as well.1- or 2-factor authenticationYou can easily tell pam_usbng to additionally check for a specific passphrase or PIN number, which doesn't correlate in any form with the passwords of normal system accounts (as compared to doing the same directly via PAM with an additional module).Normal storage media interoperationalityWhen dedicating an USB device as authentication token, you will still be able to use almost the whole space for normal data storage. This even works on Windows systems, for these commonly don't really like multi-partitioned flash-devices.Event-based scripting interfacepam_usbng introduces a new event-scripting interfaces. When certain events occur (e.g. when the USB authentication device has been plugged in, or when an authentication has failed), you can easily define hooks which execute every script you like upon event triggering.USB device verification (physical dependency)The USB authentication device is checked against some certain values directly stored in the hardware, like vendor-name and serial-number. These values can not get easily modified (at least if do don't work at the NSA) and therefore provide a basis for physical device dependency.This means that, if the whole content of the authentication data on your device is copied exactly byte by byte to another device, authentication will still not succeed. This helps preventing thieves to steal your data and replicating the device.Smart layout of authentication fingerprintsEverything which is stored on the authentication device will be completely useless to attackers and thieves. Neither usernames nor passwords, timestamps and other valuable information are stored on the devices themselves.Built-in fully transparent one-time password engineThe authentication information on the device is only valid for exactly one login. Every time an authentication succeeds, pam_usbng will perform a password-regeneration procedure which will calculate a new password for the next authentication and prepare the device appropriately.Untraceable data hiding on rescue devicesRescue devices offer one more security mechanism: It is mathematically not possible to determine if the device holds any authentication information at all. Any thieve will not be able to determine if the data on the device may possibly serve as authentication data, or if it's just complete garbage.Filesystem & HAL independenceNeither any filesystem drivers nor HAL-routines are essential in order to run pam_usbng.Focus on secure implementationThe whole implementation process had security as highest priority. Nevertheless, I can't promise that there would be no bugs. If you find a bug, I'd be pleased if you tell me.

pam_usbng Related Software