pam_usb – Linux authentication with USB media

pam_usb is a PAM module providing user authentication on Linux by using USB media in addition, or replacement, for passwords. Additionally it provides a service to take actions when the configured authentication media is removed/inserted – like locking/unlocking your session. It was initially written by Andrea Luzzardi but he stopped maintaining it quite some years ago.

Now I have picked up the ball and started a yet another fork, combining all the improvements done by the community over the years. But unlike the other forks I plan to actually maintain this since I’m using pam_usb myself quite heavily on multiple machines. I’ve also added some new stuff. In example the repository now provides packaging files for Debian based distributions „out of the box“.

Pull requests for further improvements are also heavily welcome. This also applies to further packaging support like for RPM.

Version history

Current version is 0.7.0, with 0.5.0 being the last upstream pam_usb release by aluzzardi.

0.6.0 was used by some downstream packaged versions to override distribution provided packages and included varying changes – depending on the source repository. This also means some of the changes listed as changed in 0.7.0 were already contained in some 0.6.0 builds too. Quite messy? Yeah, thought so too – that’s why I’ve choosen to go with 0.7.0 instead of incrementing 0.6.x.

What has changed in pam_usb?

So what’s new in pam_usb 0.7.0 you may ask? Quite a bit…

  • Ported to Python 3
  • pamusb-agent is now a systemd unit
  • pamusb-agent config can now hold environment vars
  • pamusb-conf got new options for automation (–list-devices, –list-volumes, –device, –volume, –yes)
  • pamusb-conf now properly ignores read-only media (like optical drives)
  • Support for devices lacking vendor and/or model
  • PAM module gets installed using libpam-runtime/pam-auth-update
  • Using debconf to create fully working config on install
  • Documentation / example config updated
  • Wiki updated

But again, not all of these improvements were done by me. See the repository, esp. the file AUTHORS and the commit history, for details. Also some of the additions are Debian(-based distribution) specific. This applies to the auto-installation using pam-auth-update and auto-config on package installation. Though this can easily be implemented for other distributions, too.

Download pam_usb

GPLv2 licensed sourcecode is available at Github at

Prebuilt Debian packages can be found at, with currently being the latest built. See the repository page for details on how to add the repo to your system. But please note, these packages are currently only tested on Ubuntu focal

Gelesen: 2089 · Heute: 5 · Zuletzt: 15. April 2024

Das könnte dich auch interessieren …

2 Antworten

  1. Halli Hallo
    ich hab auch mal am pam_usb herum gefrickelt, benutze das seit 7 Jahren
    1. Danke für das Maintainen / Coden
    2. Dir / Euch ist bewusst dass solche Projekte gewisse Menschen nicht mögen inklusive den Maintainern / Codern ?

    bin sonst auf Twitter

    Volle Adresse von mir ist auf

    • Tobias sagt:

      Hi Marc,

      Danke für deinen Dank Immer schön zu sehen wenn Software auch genutzt wird. Wenn du früher auch schon mal dran gearbeitet hast kannst ja gerne mal die offenen Tickets durchgehen und ein paar PRs fertig machen ;-). Würde mich über jede Hilfe freuen.

      Aber was deinen Punkt 2 angeht, ich gehe mal davon aus das du dich auf beziehst und das Ticket von dir ist? Nichts für ungut, ich will dich nicht angreifen und mir ist klar das du, wie jeder von uns inkl. mir, sein Päckchen zu tragen hast. Aber das ist einfach nur Geschwurbel ohne Substanz. Ich habe Unrecht? Dann überzeuge mich mit Belegen. Wenn du zufällig mal in der Nähe von Dortmund bist gerne auch bei ’nem Bierchen.

Kommentar verfassen

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.