Saturday, July 21, 2007

USB "Key" based authentication using pam_usb in Fedora

What Is pam_usb?

pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives.
It works with any application supporting PAM (Pluggable Authentication Module), such as su, any login manager (GDM, KDM), etc. The pam_usb package contains:

So? What does it do?

pam_usb enables you to login to your system using a USB "Key" as a physical authentication device. Ever watched some of those movies where user required to key in some sort of card before logging into the computer? Well, pam_usb allows you to do this on Linux, using your USB drive!.

Getting pam_usb

pam_usb 0.3.3 is available in Fedora repository.
yum install pam_usb pam_usb-hotplug

Setting up Your Computer

1 . Setting up console login to use pam_usb
add this entry to the first line in /etc/pam.d/login
auth       sufficient

2 . Setting up GDM to use pam_usb
add this entry to the first line in /etc/pam.d/gdm
auth       sufficient allow_remote

1 . Setting up su command to use pam_usb
add this entry to the first line in /etc/pam.d/su
auth       sufficient

more details about options can be acquired from the quickstart, located at

Creating your DSA key pair

To enable your USB drive as an authentication device, you will need to generate a set of public and private key which one will reside in the USB device and another in your home folder.

To generate the key, first, make sure your USB drive is mounted, then this command:
usbadm keygen /path/to/usb/mountpoint username keybits

usbadm keygen /media/usbdrive root 1024

Thats it, you're done. Try su-ing to root to test out whether it works or not.

Enabling log for debugging

In case it did not work, you can enable pam_usb logging to find out whats wrong. To enable logging, add log_file=/var/log/pam_usb.log at the end of pam_usb entry in the pam.d files.

auth       sufficient log_file=/var/log/pam_usb.log

then create an empty log file
touch /var/log/pam_usb.log



Wednesday, July 18, 2007

Wiki , Compiz fusion 20070716git, and package review

It has been 2 weeks+ since I last post. Here goes

Compiz Fusion 20070716git
A little update on the compiz fusion packages:
  • fusion-icon is now separated into 3 packages. fusion-icon, fusion-icon-gtk,fusion-icon-qt

  • I have included in 20070716git compiz package my rewrite of desktop-effects to make use of compiz's CCP plugin. Desktop-effects menu is back, but might be buggy, I'm quite noobie in coding, help greatly appreciated

New Wiki
Just created a wiki to keep certain stuff in/from this blog more organized Compiz Fusion's wiki page is here :

Compiz Fusion package review
I have submitted Fedora package reviews for libcompizconfig, compizconfig-python, and compiz-bcop in Fedora bugzilla.

compiz-bcop: #247405
libcompizconfig: #247406
compizconfig-python: #247408

and a RFE for compiz : #247409

I havent send the other packages yet, I would like these core packages to pass review first.

Monday, July 02, 2007

Update on Compiz Fusion repository 20070630git

The repository have been updated to 20070630git packages

Several changes in the RPM Packaging

the metapackage that will pull all compiz bits is now known as compiz-all. compiz-core is renamed back to compiz.

compiz-* packages no longer pulls compizconfig-settings-manager. compiz-gnome no longer pulls emerald. (Trying to make basic installation simple). You can yum them separately

Desktop-effects menu is back!. But launching compiz automatically during login is still broken,

compiz-icon was replaced by fusion-icon and its now working properly.
Locations of visitors to this page