PAM S/Key module
Fetching latest commit…
Cannot retrieve the latest commit at this time
$Id$ About ----- This is complete pam_skey modul as interface to existing S/Key library/interface by Wietse Venema. So far it has been tested on Linux (Debian potato, Debian woody and Debian sid), Solaris 2.6, 2.7 and 2.8. I have reason to believe it will work where PAM implementation exists and is properly done. It provides `auth' services only. It can use tokens from PAM_AUTHTOK to implement flexibile module stacking. NOTE: You *absolutely* need libskey to make this module working. I recommend original logdaemon suite by Wietse Venema - you can find it in logdaemon-5.10 package. This suite consists of following modules: pam_skey.so - Main module than by default contains routines for checking skey.access for access rules pam_skey_access.so - Add-on module that is useful only when it is required (requisite) module after pam_skey, which means skey.access controls future loading of other modules. Note that this emulates behavior of original Venema's skeylogin. Known problems -------------- Note that there are several problems with existing (original) Wietse Venema's implementation - no flock() on keys file, hairy host checking code in skeyaccess(), etc. If there is any other library function and parametric compatible with S/Key library, this will most probably work with it, too. I am planning to re-implement S/Key library later, having Venema's and Linux-skey package as main resources. Known bugs ---------- None reported so far. That does not mean there are none: if you find any bug, or something that is likely to be bug, try to exactly see what happens using `debug' option in local pam configuration file and e-mail me together with console and syslog information. Or at least e-mail me with feedback that can help to trace problems. Installation ------------ Please please please, for installation instructions look closely at INSTALL file. Literature and other sources ---------------------------- I find most helpful was Linux-PAM documentation. I had also a peek into following sources: Wietse Venema's logdaemon package Olaf Kirch's Linux S/Key package Wyman Miles' pam_securid module Linux-PAM modules and templates Contact ------- My e-mail address is Dinko Korunic <firstname.lastname@example.org>. I usually respond e-mails within a couple of hours, perhaps one day. If necessary, use PGP key 0xEA160D0B, with fingerprint 48BF A3C2 6FB9 14EC B05C A683 6D3B AED1 EA16 0D0B.