dynalogin is a distributed two-factor authentication suite that combines a secure UNIX server and API with an Android soft token. Open standards (HOTP, TOTP, and soon OCRA) are used for one-time passwords. A C library is provided for inclusion in existing software and Web sites. OpenID (using SimpleID) is supported for Web applications and single sign on. PAM is supported for easy UNIX and LDAP integration (SASL, RADIUS, and JAAS in development). It works with Google Authenticator or the dynalogin Android application.
pam_supair is a PAM module for use with su(1) that authenticates the user if and only if that user's name (obtained via that user's real id) and su's target user name (obtained via pam_get_user(3)) form a pair that is allowed by the configuration. Multiple pairs can be specified.
pam_ttylog is a PAM module to log console output of a login shell. pam_ttylog takes an approach that makes a script-like environment in the PAM session section of /bin/login. Thus, the log files are in a user-unreachable directory and have user-unreadable/unwritable permissions. As PAM module, it doesn't need to modify or replace the original /bin/login, getty, telnet, or libraries for its installation and operation.
The OATH Toolkit makes it easy to build one-time password authentication systems. It contains shared libraries, commandline tools, and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization which specifies the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported.
The HOTP Toolkit package contains tools that are useful when deploying the one-time password HOTP technology. It contains a shared library, a command-line tool to generate and validate one-time passwords, and a PAM module (pam_hotp) to make system login or SSH use HOTP one-time passwords for authentication.
OpenOTP is an implementation of the HOTP protocol using a ZeitControl Cardsystems ZC3.9 BasicCard and standalone balance reader, standalone Spyrus PAR2 (Personal Access Reader), or PCSC-Lite supported smart card reader. Included is a C library implementation of the HOTP protocol and associated user database management, HOTP PAM library, OpenVPN plug-in module, micro RADIUS server with HOTP support, and utilities for managing the smart card, Spyrus reader, and host side HOTP user database. The PCSC-Lite API provides reader support for smart card management.
nss-pam-ldapd is a Name Service Switch module and Pluggable Authentication Module using an LDAP server. It allows your LDAP server to provide user account, group, host name, alias, netgroup, and almost any other information that you would normally get from /etc flat files or NIS, and allows you to do authentication to an LDAP server.