encrypted key type login using usb storage device

A 5 star hangout for overworked and underpaid system admins.
Post Reply
Jacob_Lavoie
Posts: 8
Joined: 2011/04/25 10:52:49

encrypted key type login using usb storage device

Post by Jacob_Lavoie » 2012/01/24 23:13:05

I came up with the idea of creating a login process that would be "passwordless" much like using a key to unlock a door, but in this case the keyhole is a usb port, and the key is a usb storage device with a key of sorts that would be plugged in and read thus authenticating the user and logging them in, much like smartcard auth. my idea takes it a step further, each time the key is read the datestamp of the key is also read, because the key could easily be coppied from storage device to storage device. the system would after authentication automatically create a new key and datestamp and write it to the storage device, thus making each key a "one shot login auth" it could be taken even further, using sha to make sure data has not been altered/coppied. what i do not know is how to do such a thing.
please discuss and make this idea evolve.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

encrypted key type login using usb storage device

Post by pschaff » 2012/01/25 00:22:54

I have no idea how that could be accomplished, but it sounds kind of like a poor man's [url=http://en.wikipedia.org/wiki/Common_Access_Card]CAC[/url]. :-) Might be useful in some environments.

Anyway - nothing CentOS-6 specific here, so I'm moving to Social.

Jacob_Lavoie
Posts: 8
Joined: 2011/04/25 10:52:49

Re: encrypted key type login using usb storage device

Post by Jacob_Lavoie » 2012/01/25 18:54:13

Had a slight inkling that this shoulda been in social, thanks for the move. and yes it is a poor man's CAC, it in the end would make this type of login authentication more easily do-able either via a writeup, or a packagelist, and a custom coded gui to bring everything together.
I do remember seeing a PAM module that was along the lines of running a script on event, and also one for usb. cant remember the names, will research, and post with updates as they come.

Post Reply