pam_smxs 1.6

pam_smxs is a PAM module that authenticates a user using challenge-response. All tokens that support ANSI X9.9 are currently supported and it provides full support for CryptoCard RB1 tokens.

Installation from source:

Unpack the tarball: tar -zxvf pam_smxs-1.6-1.tar.gz
Change into that dir: cd pam_smxs-1.6, and do a ./configure --enable-rb1 issue a make.
After that, you should end op with a pam_smxs.so file in the dir you are in now. A make install should install the module.

Configuration:

After installing the module (it should be in /lib/security), the following is neccesary to make it work:

Edit the /etc/pam.d/xxx file, where xxx is a service, for example 'login'. In that case, edit /etc/pam.d/login

Normally it looks something like this:

#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
accountrequired /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
password required /lib/security/pam_smxs.so
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so
session required /lib/security/pam_limits.so

I'm using this on instead :
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_smxs.so
auth required /lib/security/pam_nologin.so
accountrequired /lib/security/pam_smxs.so
password required /lib/security/pam_smxs.so
session required /lib/security/pam_smxs.so
session optional /lib/security/pam_console.so
session required /lib/security/pam_limits.so

This will let the users authenticate using pam_smxs. Also see the PAM documentation for futher configuration directives.

Then use the cryptoadm program to add / remove / modify users.

Product's homepage