It didnt work for me and I don't understand why it should work
Maybe xscreensaver starts and then immediately relogs you because the usb key is there ?
It didnt work for me and I don't understand why it should work
Maybe xscreensaver starts and then immediately relogs you because the usb key is there ?
you need to put
in aswell. That solved the "Authentication denied: Remote user" error i gotCode:auth sufficient pam_usb.so allow_remote=1
EDIT
Depends on
libncurses5-dev
libreadline5-dev
libssl-dev
libpam0g-dev
/EDIT
Last edited by arcanus; August 26th, 2006 at 12:58 AM.
can anyone pls tell me where can i use pam_usb other than with "linux login"?
Also i'm trying to understand the source code,any help(docs) will indeed be appreciated.
Regards,
Sriram
Perhaps someone is willing to post all /etc/pam.d/* files that matter, working for both login and GDM?
That would be appreciated..
Last edited by nemin; February 22nd, 2007 at 01:18 PM.
Kind regards,
nemin
Looks like I've got it now, just add the following just right above the pam_unix line in /etc/pam.d/common-auth
Code:auth sufficient pam_usb.so fs=vfat force_device=/dev/sda log_file=/var/log pam_usb.log allow_remote=1
Kind regards,
nemin
Hi!
I followed the steps in this How To and logging in works just fine! Thank you!
But there is one thing I'm missing:
Can I unlock a kscreensaver with pam_usb ? I have seen this
http://users.own-hero.net/~decoder/i...am_usb&submit=
Which does indicate that it works, but I can't get the script (lock.sh) to work. It just terminates on the command line and neither locks nor unlocks the screensaver. I modified the commands for starting and stopping the screensaver to fit to the KUbuntu setup and they do work on the command line (invoked manually, without the script).
Can anybody point me to fitting resource?
Thanks in advance!
Cheers
MaleqAlhaq
P.S.: I did apply the patches mentioned in the post, but it didn't improve anything...
so the latest pam_usb is 0.4.1. Compilation is a bit tricky, but with a little brain usage, it works. install is simpler than ever. it really is as easy as following the quickstart guide on the howto page at pamusb.org. the only thing that needs mentioning for ubuntu now is that you MUST specify <option name="quiet">true</option> in the defaults section of pamusb.conf.
The way of using pam_usb has completely changed! Most of those parameters are no longer needed in the pam configuration file as they seem to now be in a config file. And the way the module authenticates seems to have changed too and no longer requires you generate a key file (it does so on its own).
I am not sure if these packages are available for anything prior to Gutsy, but here is how I did it:
The DeviceNickname parameter can be whatever you wish. It will find the flash drive on its own.Code:$ sudo apt-get install libpam-usb pamusb-tools $ sudo pamusb-conf --add-device DeviceNickname $ sudo pamusb-conf --add-user yourusername
Next, open up /etc/pam.d/common-auth
The last line should be something along the lines of:
Above this, add:Code:auth required pam_unix.so nullok_secure
Save the file and you're done! Try logging into a TTY or into your X Session with G/K/XDM. Simply enter your username and it should log you right in. It will even work when you use sudo and not require a password.Code:auth sufficient pam_usb.so
Other things of note:
- If you wish to use this as a required piece of hardware ALONG WITH a password, use "required" instead of "sufficient" in the pam file.
- If you wish to use pam_usb in only SPECIFIC modules, put the line in the specific modules. common-auth is a generic file that will work for tty login, gdm and sudo.
- ANOTHER method of excluding specific modules against pam_usb authentication is to have pam_usb simply disable specific services for authentication. For example, to disable using pam_usb to authenticate for sudo:
Code:<services> <service id="sudo"> <option name="enable">false</option> </service> </services>- The pamusb-tools package includes a program called "pamusb-agent". This allows you to state that you wish to run certain tasks (i.e.: lock/unlock the computer) upon removing or re-inserting the flash drive. To do so, you must manually edit /etc/pamusb.conf and enter the information necessary. Here is an example to use. They provided an example but the parameters for the application are wrong.
Then simply add pamusb-agent to your startup configuration within Gnome/KDE/Whatever.Code:<users> <user id="jouva"> <device> MemorexTraveldrive256 </device> <agent event="lock">gnome-screensaver-command --lock</agent> <agent event="unlock">gnome-screensaver-command --deactivate</agent> </user> </users>
I hope that about covers it!
Last edited by jouva; February 7th, 2008 at 07:25 AM.
Hi. I followed all the steps, but after the (successfull) login, NetworkManager (via gnome-keyring) ask me for my account's password. Anyone can suggest me what I have to change/use, please?
FYI, if you have updated from 7.10 Gutsy to 8.04 Hardy and cannot use pam_usb anymore, there's a possibility that the Vendor Name of your drive may have changed. For example: I have a 256 Meg Sony flash drive. Originally it was listed as "SONY". Now it is listed as "Sony Corp.". Use the pamusb-config utility to make these changes. Though a potentially simple way is to simply run the utility with the --add-device param, look at the vendor name and change it accordingly.
Bookmarks