Free auth software for linux

Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification and to expose system management information on the Linux operating system using the WS-Management protocol.
WS-Management is based on a suite of web services specifications and usage requirements that exposes a set of operations focused on and covers all system management aspects.
This specification identifies a core set of Web service specifications and usage requirements to expose a common set of operations that are central to all systems management. This comprises the abilities to:
- Discover the presence of management resources and navigate between them
Get, Put, Create, Rename, and Delete individual management resources, such as settings and dynamic values
- Enumerate the contents of containers and collections, such as large tables and logs
- Subscribe to events emitted by managed resources
- Execute specific management methods with strongly typed input and output parameters
Enhancements:
- fixed client bug: return 0 if no auth callback is defined

Rodent is an ident daemon that is capable of routing AUTH requests to other machines on your network.

Rodent is intended for routers or to be run on a machine behind a home router.

Rodent allows others to enjoy full ident without the limitations of port forwarding to a single machine.

loggerfs is the virtual file system that allows you to store logs in a database. I just released the first version of it (checkout the News) and will now be focusing on supporting more logging formats. If you dont yet know what loggerfs is, then heres a simple explanation for when you need it:

- Are you running cron scripts periodically to parse log files and put them in a database?
- Do you need to store log files remotely because you have limited space?
- Would you like a more efficient solution than simply polling the log files and waiting for new data?

If you answer yes to any of the above questions, please take a look at loggerfs. It will allow you to create virtual files to which you can then direct syslog/ apache/ squid/ etc. to log to. For example, instead of having syslog store authentication information in /var/log/auth.log, you could create a virtual file in /var/loggerfs/auth.log and then tell syslog to log to that file. Now instead of storing the information in the auth.log file, the data is actually sent to a database server that you defined in the logs.xml file. Every time new information is sent to the file, it is immediately sent to the database server, which means that:

- It doesnt poll for information, it listens, which makes it a lot more efficient.
- It automatically creates the tables in the database and makes sure that all the information can be stored.
- Youll be able to easily sort/ analyze the log files once theyre in the database.

I encourage you to checkout the CVS on the sourceforge project page, and let me know if you have any questions/ problems/ suggestions.

neon is an HTTP and WebDAV client library for Unix systems, with a C language API. neon project provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented.
Main features:
- High-level interface to HTTP and WebDAV methods (PUT, GET, HEAD etc)
- Low-level interface to HTTP request handling, to allow implementing new methods easily.
- persistent connections
- RFC2617 basic and digest authentication (including auth-int, md5-sess)
- Proxy support (including basic/digest authentication)
- SSL/TLS support using OpenSSL (including client certificate support)
- Generic WebDAV 207 XML response handling mechanism
- XML parsing using the expat or libxml parsers
- Easy generation of error messages from 207 error responses
- WebDAV resource manipulation: MOVE, COPY, DELETE, MKCOL.
- WebDAV metadata support: set and remove properties, query any set of properties (PROPPATCH/PROPFIND).
- autoconf macros supplied for easily embedding neon directly inside an application source tree.
Enhancements:
- This release includes a number of bugfixes, particularly to the authentication code.

Auth2db parses auth.log files and inserts details about logins into a MySQL database.

The project allows you to display in the shell or in a Web front-end the date and time, IP, username and service (ssh, smb, login, su, gdm, etc.) for each login.

Net::SMS::Clickatell is Perl module access to Clickatell SMS messaging service.

SYNOPSIS

use Net::SMS::Clickatell;

my $catell = Net::SMS::Clickatell->new( API_ID => $api_id );
$catell->auth( USER => $user, PASSWD => $passwd );
$catell->sendmsg( TO => $mobile_phone, MSG => Hi, Im using Clickatell.pm );

Clickatell (http://www.clickatell.com) is a commercial service that allows its users to send SMS messages to anyone in the world. This service supports many ways to send messages, for example HTTP, SMTP and SMPP, among others.

Net::SMS::Clickatell provides OO methods that allow to send SMS messages through Clickatell service.

Note that whether this software nor the author are related to Clickatell in any way.

METHODS

new

Creates the Clickatell object.

Usage:

my $catell = Net::SMS::Clickatell->new( API_ID => $api_id );

The complete list of arguments is:

API_ID : Unique number received from Clickatell when an account is created.
UseSSL : Tell Clickatell module whether to use SSL or not (0 or 1).
BaseURL : Default URL used to connect with Clickatell service.
UserAgent : Name of the user agent you want to display to Clickatell service.
auth
Logs in Clickatell service,

Usage:

$catell->auth( USER => $user, PASSWD => $passwd );
where $user and $password are your credentials for Clickatell service.

This method returns 1 or 0 if we logged in or not .

sendmsg

Sends a message trought Clickatell service.

Usage:

$catell->sendmsg( TO => $mobile_phone, MSG => $msg );

where $mobile_phone is the mobile phone number that you wants to sends the message (international format, no leading zeros) and $msg is the messages text.

This method return 1 or 0 if we successfully sent the message or not.
session_id

Set or retrieve a session identificator number. This number is returned by Clickatell service when a user logs in successfully in the service.

Usage:

$catell->session_id(); # Retrieve session identificator number

or

$catell->session_id($sid); # Set session identificator number to $sid
msg_id

Set or retrieve a message identificator number. This number is returned by Clickatell service is a message was successfully sent.

Usage:

$catell->msg_id(); # Retrieve message identificator number

or

$catell->msg_id($mid); # Set message identificator number to $mid

error

Returns a code that describes the last error ocurred.

Example:

if(my $error = $catell->error) {
if($error == 1) {
die("Username or password not definedn");
} elseif ($error == 2) {
die("Username or password invalidn");
} else {
die("Unexpected faultn");
}
}

Complete list of error codes:

0 - No error
1 - Username or password not defined
2 - Username or password wrong
3 - Server has problems
4 - The message couldnt be sent

pam_usbauth is a module for PAM allowing end-users to locally authenticate via USB storage devices. USBAuth currently supports user-dependent authentication via password-hashing as well as one-time-password mechanisms, which make the verification process via USB-dongles much more secure. In addition, USBAuth comes with USB device serial checking support, so attackers wont be able to grab and copy your device easily (if this is the case, the device will be rejected).

Install instructions for Debian

1.Download the Debian package.
2.Install as root, by typing dpkg -i usbauth_0.2-1_i386.deb.
3.Use the program uapasswd for activating USBAuth. You may have a look at the manpage of uapasswd(1) for detailed instructions, but the following command will configure USBAuth for user root. The USB device is located at /dev/sda1:

uapasswd -u root -p mypassword -d /dev/sda1 -d /dev/sdb1 -w -o if you wish to use USB device ID binding, get the serial number of your USB storage device out of /proc/bus/usb/devices, and call:

uapasswd -u root -p mypassword -d /dev/sda1 -d /dev/sdb1 -w -o -s serial -c

4.Follow step 5, below .. (configuration of PAM to use pam_usbauth.so in /etc/pam.d/)

How shall I use it?

1. Download the source

2. Compile and install (both done via "make") as root (you need to have PAM development files and libraries, as well as OpenSSL installed)

3. Get a USB storage device. You can use every writeable USB-stick device, but Id recommend to make an extra partition, 1024k is more than enough. Be sure you know which device/partition this is (e.g. /dev/sda1). The selected partition doesnt need to be formated, the data will be in written RAW format onto the device - this means, you also dont have to mount it. Not now, and not when actually using pam_usbauth for authentication. Be aware, that you can still use all other partitions on the device for storage!

4. To generate the config file, call at least "./uapasswd -u username -p cleartextpassword -d /dev/sda1 -w". uapasswd must be called as root, because it needs to have write permissions either on the USB device, and on the config file in /etc. Check the manual page for more options, there are severl nice features available.

WARNING: The device which is given first, will be used for writing! Dont choose a device where real data is stored, like harddisks!

(4b. Alternatively, you can manually edit /etc/usbauth.conf; for syntax see this file)

5. Set up the applications you want to use with the module, changing the files for the programs youd like to use with usbauth in /etc/pam.d/. Normally, such files define something like:

auth sufficient pam_unix.so, or
auth -auth

Just comment this line, and write:

auth sufficient pam_usbauth.so

Id strongly recomment to accept a Unix-fallback, so you can still get access with your normal password:

auth sufficient pam_usbauth.so
auth sufficient pam_unix.so
auth required pam_deny.so

Please note that, as long as pam_usbauth is in alpha state, it may be more secure to use:

auth sufficient pam_unix.so
auth sufficient pam_usbauth.so
auth required pam_deny.so

Then, pam_unix (the standard passwort authentication) will be used at first. If you want to get authenticated via USB, just type a blank password and PAM will try the next module in queue. This makes sense, because if you are in the very unlikely situation to download an unstable source from SVN and pam_usbauth.so is corrupt, PAM may not switch to the next module (pam_unix) and youd be not able to use the application anymore if you havnt direct root access to /etc when doing this. However, this case has never been reported and should be very, very unlikely to happen.

(5b.) If you have used the -w switch, uapasswd has hopefully already written the data to your USB device. If not, save your key (or the hash value of your key; whatever is defined in /etc/usbauth.conf) in a plain text file with carriage-return/line-feet at the end, with the format "USBAUTH passwordhash", and call dd if=yourfile of=yourdevice. This will not work when uapasswd has been called with -o, using one time passwords.

pam_usbauth now comes with a daemon called usbauthd by SVN Rev20. USBAuthd recognizes if USB devices, which have a predefined serial at /etc/usbauth.conf, are plugged in or plugged out. In the config file, you may specify the following two options:

action plugin any_shell_command...
action plugout any_shell_command...

You may specify up to 10 commands for each, plugging in and plugging out events. This may be useful to automatically lock the screen if the USB device is plugged out, for example. However, any command can be binded to those events.

A sample configuration file including the new options, may be found here. Note: usbauthd is alpha, I didnt have the time yet to really test it out (but it cant harm your system, just relax).

Note: If you have something like action plugout xscreensaver-command -lock in your config file and it doesnt work, keep sure that the user who calls usbauthd has the permission to open up connections to X, otherwise the command will fail (but you wont get an error message).

Net::SMTP::TLS is an SMTP client supporting TLS and AUTH.

SYNOPSIS

use Net::SMTP::TLS;
my $mailer = new Net::SMTP::TLS(
your.mail.host,
Hello => some.host.name,
Port => 25, #redundant
User => emailguy,
Password=> s3cr3t);
$mailer->mail(emailguy@your.mail.host);
$mailer->to(someonecool@somewhere.else);
$mailer->data;
$mailer->datasend("Sent thru TLS!");
$mailer->dataend;
$mailer->quit;

Net::SMTP::TLS is a TLS and AUTH capable SMTP client which offers an interface that users will find familiar from Net::SMTP. Net::SMTP::TLS implements a subset of the methods provided by that module, but certainly not (yet) a complete mirror image of that API.

The methods supported by Net::SMTP::TLS are used in the above example. Though self explanatory for the most part, please see the perldoc for Net::SMTP if you are unclear.

The differences in the methods provided are as follows:
The mail method does not take the options list taken by Net::SMTP
The to method also does not take options, and is the only method available to set the recipient (unlike the many synonyms provided by Net::SMTP).
The constructor takes a limited number of Net::SMTPs parameters. The constructor for Net::SMTP::TLS takes the following (in addition to the hostname of the mail server, which must be the first parameter and is not explicitly named):

NoTLS - In the unlikely event that you need to use this class to perform non-TLS SMTP (you ought to be using Net::SMTP itself for that...), this will turn off TLS when supplied with a true value. This will most often cause an error related to authentication when used on a server that requires TLS
Hello - hostname used in the EHLO command
Port - port to connect to the SMTP service (defaults to 25)
Timeout - Timeout for inital socket connection (defaults to 5, passed directly to IO::Socket::INET)
User - username for SMTP AUTH
Password - password for SMTP AUTH