Find the answer to your Linux question:
Results 1 to 5 of 5
Hi. I have a project where I have to login to Linux via USB (authentication by inserting a/the Pendrive). I want just hints , though, as I wasn't able to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2013
    Posts
    9

    USB authentication


    Hi.

    I have a project where I have to login to Linux via USB (authentication by inserting a/the Pendrive). I want just hints, though, as I wasn't able to google anything useful.
    I have to write myself something on my own, using in case of need some library which indirectly enables to achieve the task. I can't use of course any existing solutions.

    These are things I've found:
    -pamusb.org (PAM - Pluggable Authentication Modules) - existing solution, can't use
    -encrypting the entire hard drive and putting the decrypting file on the USB - can't use it as I'd be using existing program which would encrypt my drive; writing my own program to encrypt a drive would be taking a sledgehammer to crack a nut
    -modifying the display manager (should work on both KDM and GDM) - this seems resonable but couldn't find anything useful
    -Windows Credentials Manager - just the thing I'm looking for but on Windows; I've tried looking for Linux substitute but with no success

    Any phrases I may use successfully in Google or any links?

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,754
    What do you mean by "login to Linux via USB"? Please post the full requirements for this project.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    Nov 2013
    Posts
    9
    There are no requirements. I can do whatever I like but it would be desirable that it worked regardless of distro and display manager (either kdm or gdm).

    By "login to Linux via USB" i meant that when you turn your computer on and Linux is booted you see a screen with display manager where you enter your login and password. I'd like to log in without having to enter the password but plugging a/the Pendrive instead. OS would recognize it's ID/serial number or it would find a file on it with the password or "secondary password" (additional one) and log in automatically.

    I should have been more specific, sorry.

  4. $spacer_open
    $spacer_close
  5. #4
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,933
    It does sound a bit like 2-factor authentication, the sort of thing you get with a smart card - you plug the card into a reader and use a pin number that is encrypted and checked on the smartcard. Linux does support smartcard logon - and I know you can do it with USB devices/security tokens, but they tend to be commercial supplied stuff as they're used in the corporate world.

    To recreate something like this with flash memory/pendrives, you'd probably need something on the USB memory stick that'll do work for you to allow logon. I wouldn't go into this expecting the task to be easy.

    I've no experience with writing PAM modules, but if this were my project I'd certainly investigate putting together my own module to do this stuff. You're gong to run into security issues, so what you do should be driven by how secure you want your system.

    I'm sorry I can't really be more help - I work with smartcards and security tokens for my day job, so I have a little experience of this, but we've never done this kind of thing with USB pen drives before.
    Linux user #126863 - see http://linuxcounter.net/

  6. #5
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,754
    Even with a thumb/pen drive with authentication code block, you should still require a strong user password/token entered at run time in order to avoid a thief from accessing the system just because they have stolen the pen drive...
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •