4
I want to be able to authenticate with PAM using a USB drive with a file on it. I've read about how to do this with a PAM module that reads the specific USB hardware ID of a device, but if the device malfunctions or is lost, there would be no way to authenticate. I would prefer to use the method BitLocker uses, requiring a particular file to be found on the drive in order to authenticate. That way I can keep another drive in a secure location as a backup.
Any other suggestions are welcome. I just want to require a higher level of security that just a password.
Edit: The existing pam way (that I don't like): http://ubuntuforums.org/showthread.php?t=17571
How does "Make the keys on the usb memory stick" imply that it uses the hardware ID of the drive? – Ignacio Vazquez-Abrams – 2010-12-22T16:04:31.737
http://www.xtarutaru.com/2010/03/05/ubuntu-pam-usb-authentication/ – themicahmachine – 2010-12-22T16:52:57.563
@Ignacio: The file
doc/FAQ
inpam_usb
source does: "The USB device is both identified by its manufacturer attributes (vendor, product, serial number) and by a few random bytes called one time pads that pam_usb writes and updates on the USB device upon authentication." – user1686 – 2010-12-22T20:10:10.773