UsbAuth

Japanese version is here.


Introduction

This system is a onetime password authentication system, which reconciled advanced security and easy operation.

You can login to the Linux machine without input user name and password, using a removable memory device (ex. USB memory, Floppy disk, etc.).

If you succeed to login, this program generates another password (1024 bytes of random numbers) and registers the password to the memory device and the system database automatically, for next login.

Even if the memory medium is stolen or copied by the offender, if you Login before the criminal Logins unjustly, a criminal cannot Login.

Although if you are not able to login with the genuine device, you can know promptly that the offender logged in unjustly.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version.


Install

Please download software from here and execute the make command after expand.

If you have not changed Makefile, please perform

sh install.sh

by the authority of root.

With a default:

Execution files

/usr/local/sbin/{uauth, usbauth, uauthwait}

Data base

/usr/local/etc/usbauth

The mount point for an authentication device

/mnt/auth

Configuration file of the authentication device

/etc/uauth.conf

If you feel they are inconvenient, please correct Makefile and install.sh .


Please write the name of the device used for authentication into /etc/uauth.conf.

An USB memory or a memory card read writer are usually mount as SCSI device.

Therefore, when using these, write follows:

/dev/sda1


A floppy disk can also be used. Recently, it is used seldom.

Therefore, when using these, write follows:

/dev/fd0


There is also the other method of connecting CF, SD, Memory Stick, etc. with a read writer.


If you want to use this authentication system when system boot up.

Please use patch to /etc/inittab.

Some samples are in the directory of a source code, respectively.


How to create an authentication device

This system can use mostly device that is able to read / write, and removable.

When using this system first, you request the system administrator to create the authentication device.

I think that it is easy to use USB memory as the authentication device. In addition, USB memory is mostly recognized as SCSI disk like /dev/sd* .

root connects a medium, and input command follows:

/usr/local/sbin/uauth -d dev -a username

Then, the medium for this user can be created. Only one person can use this medium, two or more men cannot share it.

However, if you have other account on other machines, you can register their authentication data on the same device.

Although it understands immediately if contents are seen, the FQDN of the machine is a management file name.


How to use this system

If you have a medium made at once, login will become safe and easy operation.

Uauth Login[Uauth Login]

The above screen shows that this machine is waiting for login.

In order to login, you insert the authentication device on writable state, and push "Enter".

When you lose the authentication device or had the device stolen, you should contact a system administrator as soon as possible.

The system administrator executes

/usr/local/sbin/uauth -r username

for void this account.


Contributors and acknowledgements

Thank you for Mr. Kihara, to post Linux-users ML.

Subject: [linux-users:100510] The X Window System use method without a keyboard.

This article gave me the cause, which makes this program.


Thank you for Mr. Masaki Shinomiya <shino@pos.to>.

I wrote the usbauth script based on his "Automatic login to Linux".

He consented reconstruction of this script, and public re-distribution under GPL2.


Thank you for create the ncursis programmers.

Savio Lam (lam836@cs.cuhk.hk) - version 0.3, "dialog"
Stuart Herbert (S.Herbert@sheffield.ac.uk) - patch for version 0.4
Pako (demarco_p@abramo.it) - version 0.9a, "cdialog",
Thomas Dickey (updates for 0.9b)


Field Peas

I am using "Field Peas" MP3 music player for an authentication device, USB flash memory for private data and a voice recorder.

However, Kernel after Linux-2.4.22 can recognize this device.

⇒  Field Peas (Japanese page)


Uauth Manual

Although I think as a user that it is enough in the range written now in order to use this software, Manual is summarized for the details of a command for system administrators.

⇒  Uauth Manual


SourceForge.jpcopyright (C.) 2003

$Id: index.html,v 1.7 2003/09/26 10:40:47 mac Exp $