pam_cryptg PAM module ===================== This is my first try to create a PAM module. The goal of it is do add a new authentification by using a simple european phone card reader. The required hardware is quite simple : printer port, wire, card connector. European phone card is used here as a simple serial memory. To authenticate a user, the module read the card and watch for a line in /etc/crypt2g.conf. If readed data match with a ligne, it return PAM_SUCCESS. Hardware : Quite simple... Printer port Card D1 2 ---------------------------------|------- 1 - Vcc |------- 6 - Vpp D2 3 ----------------------------------------- 2 - Reset D3 4 ----------------------------------------- 3 - Clock D4 5 ----------------------------------------- 4 - Not used 11 ----------------------------------------- 7 - I/O GND 24 ----------------------------------------- 5 - GND The chip on the card look like this : ___________________________ 1 Vcc | GND 5 ____________/ ___________ 2 Reset / \ Vpp 6 _________| |_________ 3 Clock | | I/O 6 __________\_____/__________ 4 N/A | N/A 8 _____________|_____________ On the second generation of french phone card the chip is not a real serial EEPROM. But it like as one. For countries that don't have this kind of card, is it possible to connect a serial 256 or 128 bits serial EEPROM in the same way. Usage : To make the module work, build it and copy it to /lib/security. You need to build (or add entry in /etc/crypt2g.conf). For this, insert a card in reader and type : crypt2gadd username >> /etc/crypt2g.conf The content of the file look like this (depending to the content of the card) : denis BAd8Y6NsT5kr. /etc/crypt2g.conf _MUST_ be owned by root and root only writable. The content of the card is crypted when in the config file just because there must be difficult to make a new card with the content of the file. Then modify the service config file you want (in /etc/pam.d) by adding this line : auth required /lib/security/pam_crypt2g.so When called pam_crypt2g read the card, crypt the data and watch for an existing line in /etc/crypt2g.conf. If match... PAM_SUCCESS. Denis Bodor