This patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell. It rides on the plain password auth architecture in OpenSSH to avoid requiring ChallengeResponse or firstname.lastname@example.org style auth. It supports full privilege separation.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a full-strength general-purpose cryptography library.
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
Osiris is a host integrity management system that can be used to monitor changes to a network of hosts over time and report those changes back to the administrator(s). Osiris takes periodic snapshots of the filesystem, configurations, and logs, and stores them on a central management host. When changes are detected, Osiris will log these events and optionally send email to an administrator. Osiris also has preliminary support for monitoring other system data, including user lists, file system details, kernel modules, and network interface configurations.
P-Synch is a commercial password management toolkit which provides automated password synchronization, password strength enforcement, password self-reset by authenticated users, and streamlined password reset by helpdesk. P-Synch is available for both internal use as well as for Internet-based deployments in B2B and B2C applications.
pam_krb5_migrate is a stackable authentication module that takes a username and password from an earlier module in the stack and attempts to transparently add the user to a Kerberos realm using the Kerberos 5 kadmin service. The module can be used to ease the administrative burdens of migrating a large installed userbase from pre-existing authentication methods to a Kerberos-based setup.
passwdqc is a password/passphrase strength checking and policy enforcement tool set, including an optional PAM module (pam_passwdqc), command-line programs (pwqcheck and pwqgen), and a library (libpasswdqc). On systems with PAM, pam_passwdqc is normally invoked on password changes by programs such as passwd(1). It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable. pwqcheck and pwqgen are standalone password/passphrase strength checking and random passphrase generator programs, respectively, and are usable from scripts. libpasswdqc is the underlying library, which may also be used from third-party programs.