RSS feed

Re: combine pam-usb and pam-ldapd ?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: combine pam-usb and pam-ldapd ?

On Mon, Dec 12, 2011 at 4:09 AM, Karl Kashofer <>
wrote:Thanks for the fast replies, Hatem, Tim and Arthur !
> Yes, what i want is central user management on the server and easy and secure 
> authentication on clients.
> We would create users on the server and issue usb-sticks with keys to 
> employees. The stick contains a secret that together with the secret on the 
> server allows the identification, authentication and login without any user 
> intervention (or alternatively with a password to unlock the key).
> pam-usb seems to store one-time pads on the usb-stick, but anything that 
> allows to identify the user in a secure way should suffice.
> With the sticks the user can unlock any machine on the network, which then 
> mounts their ~home. Basically its like a smartcard solution, just without 
> smartcard.

I believe from what I read (the actual pamusb site seems to be non
responsive) is that pam-usb stores the user keys in the user's home
directories. The following bug report hints to that:\

>From the bug report, it seems that installing the following should do
what you want:


Where autofs is setup to automatically mount the users home
directories ( check out auto_home )

I am not 100% sure if this is how pam-usb works but it sees like this
would do it.


Hatem Nassrat
To unsubscribe send an email to or see