| Code | |
|---|---|
| Alaya DAV-aware webserver with a number of unusual features | |
| Hashrat 'Swiss army knife of hashing' recursive hashing program | |
| MetaFTPD FTP server with some unusual features | |
| Paranoid TelnetD Telnet server with some unusual features | |
| pam_usbkey.so linux PAM module that uses USB keys as authentication tokens | |
| pam_honeycreds.so linux PAM module that watches for certain passwords | |
| pam_ihosts.so linux PAM module that limits login by mac-address, ip-address, country-code or registrar | |
| daytime A small utility for setting time from the network, or serving it to a network | |
| gngeo-cjp My fork of the gngeo arcade emulator | |
|
|  |
pam_usbkey.so - A PAM module to use USB flashdrives as authentication tokens.
| Current Version: 1.1 | ||
|---|---|---|
| GitHub | Source Tarball | |
Summary
pam_usbkey.so is a linux Pluggable Authentications Module to implement login using usb keys as access tokens. It was written mostly as a learning exercise in how to write a PAM module, and the code is commented in the hope it will provide a template for others. It can be configured to allow passwordless login to certain user accounts if a USB key is plugged into the system (if you're crazy) or can be used as an extra requirement to login, or perhaps to 'su', used in combination with the usual password.Licence
pam_usbkey.so is made available under the Gnu Public License version 3, and comes with no warranties or guarentees.Description
pam_usbkey.so can be configured in the standard/etc/pam.d configuration files against a specified user, tty or remote host. When the user, and tty or rhost match, the appropriate usb-drive can be used to either:
1) Allow login without a password
2) Disallow login, even with the correct password, if the appropriate USB device is not plugged into the system.
USB keys are identified by their serial number, which can be discovered by reading the 'serial' file in the appropriate device directory under /sys/bus/usb/devices/. The pam_usbkey source comes with a small shell-script that will print out the serial numbers of currently plugged-in USB keys. When a USB key is plugged into the system any user can read its serial number, so it's not a secret from users already on a system who are seeking privilege escalation. However in most use cases the account will still be protected by a password, and making use of the discovered serial number would either require creating a matching USB key and gaining physical access to the system to plug it in, or else fooling the system into thinking a key is plugged in when it isn't. Achieving this is left as an exercise for the attacker.