PAM Module for Fedora from www.pamusb.org

Introduction

www.pamusb.org provide a pam authentication module, allowing you to use one of those conference free-bee USB key fobs that do not have enough space for anything useful to be used as an authentication device.

The Project

See www.pamusb.org for all the information.

Fedora Packages

After being so impressed with the project, and it being so easy to use on my Debian GNU/Linux based laptop, and as the Mrs's machine runs Fedora, I built the RPMS for it. The RPMS were built using the Fedora 2 Test 3 installation, using the basic spec file from the Mandrake package (thanks to Frederic Lepied for the original SPEC file).

Current Status

You can get the RPMS from here:
Binary RPM for Fedora 2 Test 3
Source RPM for Fedora 2 Test 3

Installation

Install the package in the normal way:
rpm -i pam_usb-0.2-0.2rhf2t3.i386.rpm I then added this line:
auth sufficient pam_usb.so debug=0 force_device=/dev/sda1 check_device=-1 to be the second line of /etc/pam.d/login after editing /etc/pam.d/login looked like this: [root@fermit pam.d]# more login #%PAM-1.0 auth sufficient pam_usb.so debug=0 force_device=/dev/sda1 check_device=-1 auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_selinux.so multiple session required pam_stack.so service=system-auth session optional pam_console.so change the debug=0 to debug=1 to get a description of what is going on during the authentication.

Using

I mounted the usb key device, in my case it was /dev/sda (change the above config and the example below if you have SCSI drives and your device number is different). mkdir /mnt/usb mount /dev/sda1 /mnt/usb After mounting (I use a ext2 file-system on my key, you may need to change the /etc/pam.d/login file to support other file systems, see the pamusb web-site for more details) I created a key for me and then root: usbadm keygen /mnt/usb awr 2048 usbadm keygen /mnt/usb root 2048 And that was it! See the pamusb web-site for more details about how the module can be used. I have used the module in a mode where if I insert the key I do not need to enter my password, if I do not have the key then I have to type in my password.