Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

Pluggable Authentication Modules (PAM)

pam_passwdqc (homepage, wiki, screenshots, downloads, CVSweb, Freecode, Ohloh)
Linux (Linux-PAM), FreeBSD 5.0+ (OpenPAM), DragonFly BSD, Solaris, HP-UX 11

pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd(1). In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated passwords. All features are optional and can be (re-)configured without rebuilding.

More information on pam_passwdqc and download links are available on its dedicated page.

pam_mktemp (downloads, CVSweb, Freecode, Ohloh)
Linux (Linux-PAM), FreeBSD 5.0+ (OpenPAM), DragonFly BSD, Solaris, others?

pam_mktemp is a PAM module that may be used with a PAM-aware login service to provide per-user private directories under /tmp as part of PAM session or account management. When an interactive (shell) session is started, a directory is created and the environment variables TMPDIR and TMP are set to the name of the directory.

Download:

pam_tcb (homepage, downloads, CVSweb, Freecode, Ohloh)
Linux (Linux-PAM or OpenPAM) + glibc with crypt_blowfish

pam_tcb is part of the Openwall GNU/*/Linux (Owl) tcb suite implementing the alternative password shadowing scheme. It also makes use of the password hashing framework introduced with crypt_blowfish. It should be used in place of modules such as pam_unix and pam_pwdb.

More information on the tcb suite and download links are available on its dedicated page.

pam_userpass (downloads, CVSweb, Freecode, Ohloh)
Linux (Linux-PAM)

PAM has traditionally assumed that services doing authentication have the ability to interact with the user. Unfortunately, this isn't true for services that implement non-interactive and/or fixed protocols, such as FTP and POP3. This is typically worked around by making the flawed assumption that PAM_PROMPT_ECHO_ON requests the username and PAM_PROMPT_ECHO_OFF requests the password.

With pam_userpass, this assumption is no longer required. pam_userpass uses PAM binary prompts (only available in Linux-PAM) to ask the application for the username and password specifically.

pam_userpass doesn't perform any actual authentication. An actual authentication module should be stacked after pam_userpass and told to use the authentication token (password) provided by pam_userpass.

Download:

These files are also available from the Openwall file archive.

Follow this link for information on verifying the signatures.

All of these modules are fully integrated into Owl and distributions by ALT Linux team. Additionally, pam_passwdqc has been integrated into FreeBSD 5.0+ and DragonFly BSD 2.2+, packaged for NetBSD, is used on ASPLinux and Annvix, and is part of Red Hat Enterprise Linux, CentOS, and Fedora, Debian GNU/Linux, SUSE Linux (along with pam_userpass and pam_mktemp above), Gentoo Linux, and PLD.

Quick Comment:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ

167811