RSS feed

Re: combine pam-usb and pam-ldapd ?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: combine pam-usb and pam-ldapd ?

On Sun, Dec 11, 2011 at 10:04 PM, Tim White <weirdit [at]> wrote:
On 12/12/11 06:38, Arthur de Jong wrote:

I would really want to have users authenticated by a private key on a
usb stick, with/without a password.

Correctly setup, PAM is designed to be modular. So you can for example, use libnss to provide all the passwd/group information, and then use pam_usb to attempt to authenticate, and then failback to libpam_ldapd on failure. Do some reading into pam (man pam, man pam.conf) and

I believe what he is trying to do is to store the public keys in ldap somehow. I think a quicker approach maybe to  use autofs with pam-usb rather than pam-ldap.

It took me a while to figure out what you are wanting to do, somehow adding to the ldap schema to add a public key to each user as well as modifying the pam side to lookup the key and do what pam-usb does. This does seem like a lot of work though ...


Hatem Nassrat
Chief Technical Officer
T:  (902) 431-4847 ext. 112
F:  (902) 431-4848

GenieKnows Inc.


The opinions expressed are those of the individual and not the company. Internet communications are not secure and therefore GenieKnows Inc. ("the company") does not accept liability for any claims arising as a result of the use of this medium for transmissions by or to the company. This email and any files transmitted with it are confidential. If you are not the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. Whilst we take every reasonable precaution to screen out computer viruses from emails, attachments to the email may contain such viruses. We cannot accept liability for loss or damage resulting from such viruses. GenieKnows Inc. registered office: 1567 Argyle Street, Halifax, Nova Scotia, B3J 2B2, Canada.

To unsubscribe send an email to or see