pam_supair is a PAM module for use with su(1) that authenticates the user if and only if that user's name (obtained via that user's real id) and su's target user name (obtained via pam_get_user(3)) form a pair that is allowed by the configuration. Multiple pairs can be specified.
pam_ttylog is a PAM module to log console output of a login shell. pam_ttylog takes an approach that makes a script-like environment in the PAM session section of /bin/login. Thus, the log files are in a user-unreachable directory and have user-unreadable/unwritable permissions. As PAM module, it doesn't need to modify or replace the original /bin/login, getty, telnet, or libraries for its installation and operation.
The HOTP Toolkit package contains tools that are useful when deploying the one-time password HOTP technology. It contains a shared library, a command-line tool to generate and validate one-time passwords, and a PAM module (pam_hotp) to make system login or SSH use HOTP one-time passwords for authentication.
OpenOTP is an implementation of the HOTP protocol using a ZeitControl Cardsystems ZC3.9 BasicCard and standalone balance reader, standalone Spyrus PAR2 (Personal Access Reader), or PCSC-Lite supported smart card reader. Included is a C library implementation of the HOTP protocol and associated user database management, HOTP PAM library, OpenVPN plug-in module, micro RADIUS server with HOTP support, and utilities for managing the smart card, Spyrus reader, and host side HOTP user database. The PCSC-Lite API provides reader support for smart card management.
nss-pam-ldapd is a Name Service Switch module and Pluggable Authentication Module using an LDAP server. It allows your LDAP server to provide user account, group, host name, alias, netgroup, and almost any other information that you would normally get from /etc flat files or NIS, and allows you to do authentication to an LDAP server.