Skip to main content

USB "Key" based authentication using pam_usb in Fedora

What Is pam_usb?

pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives.
It works with any application supporting PAM (Pluggable Authentication Module), such as su, any login manager (GDM, KDM), etc. The pam_usb package contains:

http://www.pamusb.org/

So? What does it do?

pam_usb enables you to login to your system using a USB "Key" as a physical authentication device. Ever watched some of those movies where user required to key in some sort of card before logging into the computer? Well, pam_usb allows you to do this on Linux, using your USB drive!.

Getting pam_usb

pam_usb 0.3.3 is available in Fedora repository.
yum install pam_usb pam_usb-hotplug


Setting up Your Computer

1 . Setting up console login to use pam_usb
add this entry to the first line in /etc/pam.d/login
auth       sufficient   pam_usb.so


2 . Setting up GDM to use pam_usb
add this entry to the first line in /etc/pam.d/gdm
auth       sufficient   pam_usb.so allow_remote


1 . Setting up su command to use pam_usb
add this entry to the first line in /etc/pam.d/su
auth       sufficient   pam_usb.so


more details about options can be acquired from the quickstart, located at
file:///usr/share/doc/pam_usb-0.3.3/quickstart.html

Creating your DSA key pair

To enable your USB drive as an authentication device, you will need to generate a set of public and private key which one will reside in the USB device and another in your home folder.

To generate the key, first, make sure your USB drive is mounted, then this command:
usbadm keygen /path/to/usb/mountpoint username keybits

eg:
usbadm keygen /media/usbdrive root 1024


Thats it, you're done. Try su-ing to root to test out whether it works or not.

Enabling log for debugging

In case it did not work, you can enable pam_usb logging to find out whats wrong. To enable logging, add log_file=/var/log/pam_usb.log at the end of pam_usb entry in the pam.d files.

eg:
auth       sufficient   pam_usb.so log_file=/var/log/pam_usb.log


then create an empty log file
touch /var/log/pam_usb.log


done.

Ref:
http://forums.gentoo.org/viewtopic-t-305540-highlight-pamusb.html
1 comment

Popular posts from this blog

Adding simple popup to Plone frontpage

Here is a little guide for those who want to add a simple popup to the Plone frontpage for some purpose (eg: announcements, advertisements, etc).

Create a basic html file containing the content you want to appear in the popup. Upload it into $PLONE_SITE/portal_skins/custom (as Page Template) and for the sake of this example, name it popup.html

Afterward, create a Javascript file with your Pop-Up loader script. For example , this script:


function popup(mylink, windowname)
{
if (! window.focus)return true;
var href;
if (typeof(mylink) == 'string')
href=mylink;
else
href=mylink.href;
window.open(href, windowname, 'width=220,height=400,scrollbars=no');
return false;
};

popup('popup.html', 'My Popup');


Also upload this file into $PLONE_SITE/portal_skins/custom (as Page Template too). For this example, name it as popup.js

Afterward, in $PLONE_SITE/portal_javascripts , add popup.js as a new script into portal_javascripts…

Consolidated community site infrastructure on Plone

In Inigo, we believe in helping out local FOSS communities and help them grow. We help out in community events where we can, present FOSS talks, and provide some platforms for local communities to grow. One of such platform is our consolidated community site infrastructure on Plone.

The system/infra and its components was originally developed for the Fedora Malaysia website, while keeping in mind to keep it generic enough so that other communities could use the same components for their own community sites. The infra is already at a usable state, and we can add new sites easily with just a few clicks.

Features in this consolidated infra are:
Document/Content management (Plone built-in)Calendar system (powered by solgema.fullcalendar addon)Conference/BarCamp system (powered by collective.conference addon, which was developed for FUDCon Kuala Lumpur 2012)Blog (powered by Products.Scrawl)Simple yet powerful theming engine (powered by plone.app.theming/ Diazo) - Check out Diazo, you'l…

HOWTO: Mirroring Yum repositories using Yum-Utils

As promised before in one of my previous post, a Howto on how to mirror and manage yum repositories using some of the utilities in yum-utils.

The first step is, well, of course, is to get yum-utils from fedora repository
yum install yum-utils

Reposync
Reposync is a utility for mirroring and synchronizing local copy of a yum/rpmmetadata repository.

This utility is very useful if you wanted to make a yum repository mirror. Before this, I used "wget -R -np -N" but this method is a little bit tedious and it doesnt work with repos that didn't use directory listing. Plus, it also download together additional site stuff that I don't need/want and it doesn't verify checksum of the downloaded packages.

Mirroring a repo using this utility is easy, just execute this command
reposync -r <repoid> -a <arch> -n
and the repo will be mirrored in a folder with the same name of the repoid in the directory you executed the command. Eg: you executed the command in /mnt/storage/mi…