![]() Well, I if you stare at the screen at errors like this:Īuthentication token is no longer valid new one required.Īnd you locked yourself out because you didn't leave a root terminal open :shock:Ģ. I found out that in Additional mode you cannot login if the usb memory stick isn't there (doh') and that you _can_ login if the stick is present. There are 3 modes according to the Quickstart: #session optional pam_mail.so standard common-passwordĭepending on how you set the mode on pam_usb, play a little around with it. # it to make sure that removing a user, also removes their mail # is better handled by /etc/fs, since userdel also uses # can also enable a MAIL environment variable from here, but it # (Replaces the `MAIL_CHECK_ENAB' option from fs). # Prints the status of the user's mailbox upon succesful login # (Replaces the `MOTD_FILE' option in fs) # (Replaces the `LASTLOG_ENAB' option from fs) # Prints the last login info upon succesful login # (Replaces the use of /etc/limits in old login) # Sets up user limits, please uncomment and read /etc/security/nf # Standard Un*x account and common-session # Uncomment and edit /etc/security/nf if you need to # (Replaces the `PORTTIME_CHECKS_ENAB' option from fs # Uncomment and edit /etc/security/nf if you need to set # (Replaces the `CONSOLE_GROUPS' option in fs) # Please uncomment and edit /etc/security/nf if you # based on things like time of day, tty, service, and user. # This allows certain extra groups to be granted to a user # (Replaces the `ENVIRON_FILE' setting from fs) # environ vars) and also allows you to use an extended config # This module parses /etc/environment (the standard for setting # (Replaces the `NOLOGINS_FILE' option from fs) # Disallows other than root logins when /etc/nologin exists # (Replaces the `CONSOLE' setting from fs) # Disallows root logins except on tty's listed in /etc/securetty # auth required pam_issue.so issue=/etc/issue # Outputs an issue file prior to each login prompt (Replaces the # in order for login to stay around until after logout to call # need to enable the `CLOSE_SESSIONS' option in /etc/fs # that retains persistent credentials (like key caches, etc), you # NOTE: If you use a session module (such as kerberos or NIS+) # The PAM configuration file for the Shadow `login' service Make the logfile (for debugging purposes) Check whether your filesystem is vfat, otherwise replace fs= with your filesystem, e.g reiserfs or ext3 or whatever.Īuth required pam_usb.so fs=vfat check_device=-1 check_if_mounted=-1 force_device=/dev/sda log_file=/var/log/pam_usb.logĨ. I added the following line (copy-pasted it from some gentoow forum). BACKUP all the /etc/pam.d files somewhere, in case something goes wrong.ħ. If it spits out all kind of DSA code gibberish, the key is ok.Ħ. Usbadm keygen Ĭheck if the keys are made correctly. I used a DSA keypair of 4096 bits :mrgreen: I made one for root and one for my normal user account. Make the keys on the usb memory stick, as described in the Quickstart. Read the Quickstart and Options files on ĥ. Get all the packages needed by pam_usb, it depends on what you have installed already, but I needed:Ĥ. Get pam_usb from the website latest version is 0.3.2Ģ. The possibility to remotely login (via ssh) with the the usb memory stickĪ layer build on top of the linux login process (locally/remote) which handles the authenication between the the usb memory stick and the keyserver/ Certificate Authorityġ. Login locally with your usb memory stick on XDM,GDM,KDM Login locally with your usb memory stick on the console (this howto) An advantage is when you have too many passwords to remember, SSO brings this back to one password and one point where you have to login and then use these credentials to access all your applications and resources. This relates to a project of mine, a Single Sign On solution using a usb-memory stick. Howto : pam_usb login with USB memory stick
0 Comments
Leave a Reply. |