Distro is Debian stable..
First you need to install Pam Usb and it's set of tools.
Code: Select all
# apt-get install libpam-usb pamusb-tools
Like so, Name can be anything
Code: Select all
# pamusb-conf --add-device Name
You should see something like:
Code: Select all
Please select the device you wish to add.
0) Kingston DataTraveler 3.0 (some serial)
1) Generic- Multi-Card (some serial )
[0-1]:
Which volume would you like to use for storing data ?
Code: Select all
* Using "/dev/sdb1 (UUID: XXXX-XXX-X)" (only option)
Name : name
Vendor : Generic-
Model : Multi-Card
Serial : XXXXXXXXXXXXX
UUID : XXXX-XXX-X
Save to /etc/pamusb.conf ?
[Y/n]
Now it's time to configure the users.. In my case I want it setup for the root user.
That is done like so
Code: Select all
# pamusb-conf --add-user root
Now we should check the setup and make sure it works, you must have the usb in whenever running a check..
$ pamusb-check (username)
Code: Select all
$ pamusb-check root
..
..
Access granted.
It should work now.
If your using an older version you may have to modify /etc/pam.d/common-auth
NOTE:
Careful ... You can brake the system if you edit the /etc/pam.d/common-auth wrong ... it is advised to use the pam-auth-update tool
Code: Select all
auth sufficient pam_usb.so
auth required pam_unix.so nullok_secure
Now you should be able su with no password with the usb inserted, if it's removed it will fall back to password prompt..
If you wish both password and usb then change sufficient to required...
I hope to come back and add to this for now this will work... I hope it helps someone.. I hope to come back and add how to use the agent as well but i'm not comfortable enough with it yet....