PAM S/Key module
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Travis CI Build Status


This is complete pam_skey modul as interface to existing S/Key library/interface by Wietse Venema. So far it has been tested on Linux (Debian potato, Debian woody and Debian sid), Solaris 2.6, 2.7 and 2.8. I have reason to believe it will work where PAM implementation exists and is properly done. It provides auth services only. It can use tokens from PAM_AUTHTOK to implement flexibile module stacking.

NOTE: You absolutely need libskey to make this module working. If there is no libskey available on your system, configure will flag built-in skey library (from logdaemon-5.10 package) for use.

This suite consists of following modules:


    Main module than by default contains routines for checking skey.access for access rules


    Add-on module that is useful only when it is required (requisite) module after pam_skey, which means skey.access controls future loading of other modules. Note that this emulates behavior of original Venema's skeylogin.

Known problems

Note that there are several problems with existing (original) Wietse Venema's implementation - no flock() on keys file, hairy host checking code in skeyaccess(), etc. If there is any other library function and parametric compatible with S/Key library, this will most probably work with it, too. I am planning to re-implement S/Key library later, having Venema's and Linux-skey package as main resources.

Known bugs

None reported so far. That does not mean there are none: if you find any bug, or something that is likely to be bug, try to exactly see what happens using `debug' option in local pam configuration file and e-mail me together with console and syslog information. Or at least e-mail me with feedback that can help to trace problems.


Please please please, for installation instructions look closely at INSTALL file.

Literature and other sources

I find most helpful was Linux-PAM documentation. I had also a peek into following sources:

  • Wietse Venema's logdaemon package
  • Olaf Kirch's Linux S/Key package
  • Wyman Miles' pam_securid module
  • Linux-PAM modules and templates


My e-mail address is Dinko Korunic and PGP key 0xEA160D0B.