Wednesday, January 8, 2014

HOW TO CONFIGURE YOUR UBUNTU SYSTEM TO LOGIN/LOGOUT WITH USB KEY

1.    Install pamusb-tools  and libpam-usb as under :-

       sudo apt-get install pamusb-tools libpam-usb

2.    Add USB device

       sudo pamusb-conf --add-device gerardButlers-usb-stick

3.   Define a user for PAM authentication ( the user must exist on the linux system) :-

      sudo pamusb-conf --add-user gerardButler

4.   Edit the  /etc/pam.d/common-auth file, so that pam can use the pam_usb library :-

       Add
      auth    sufficient      pam_usb.so
      
    above
      auth    required        pam_unix.so nullok_secure
 
    Note :- FOR TWO FACTOR AUTHENTICATION
     If you wish to use both the usb key as well as your user 
     password then add the following:-
 
      auth    required        pam_usb.so 

5.  In the terminal window, execute  su gerardButler and then provide the 
     password for the account.

6.  The pam_usb agent (pamusb-agent) allows you to automatically execute
     commands upon locking and unlocking events. Those events are generated when
     you insert or remove your authentication device. To configure the commands, you
     have to edit pam_usb's configuration file (/etc/pamusb.conf) and add agent
     entries into your user section.

     For instance, you could automatically start your screensaver as soon as you
     remove the device, and deactivate it when you plug the device back.

     Open and modify the file /etc/pamusb.conf file's user section as under :-
    
   <user id="gerardButler">
    <device>gerardButlers-usb-stick</device>
    <agent event="lock">gnome-screensaver-command --lock</agent>
    <agent event="unlock">gnome-screensaver-command --deactivate</agent>
   </user>

     Now, you have to add pamusb-agent to the list of autostarted applications so it will
     be started automatically. It is important to note that for agent events to work you
     have to ensure pamusb-agent is running at all times:-

  • Select Startup Programs and press Add
  • Enter pamusb-agent and press OK
Refs :-
     https://github.com/aluzzardi/pam_usb/wiki/Getting-Started
     http://linuxconfig.org/linux-authentication-login-with-usb-device

7.  Note :- Pad checking failed
     Sometimes pamusb stopped authenticating with the message "Pad checking
     failed". Use the following command to flush previously stored pam  config
     files and pads from your home directory, as under :-
    
     sudo rm ~/.pamusb/*

Enjoy and Ubuntu!
      
  

No comments:

Post a Comment