- Category: Uncategorised
- Published on 26 September 2014
- Written by Ryan Collier
- Hits: 31
The intent of this project was to make the laptop lockable when I walk away from it. I always have a USB flash drive connected to the laptop. So I wanted to make it when the flash drive is connected I am able to use the computer. Once it is disconnected, you can not login the system. I have actually made this happen. I am going to try and improve this to the web servers also. I wanted to share my experience with everyone.
The operating system is Crunchbang 11. Which is based on Debian 7. I had to read a lot of article and do some magic to make this work right. You have to make sure the pamusb-tools and libpam-usb is installed.
The command you will issue is:
sudo apt-get install pamusb-tools libpam-usb.
Once these programs are installed. You can mount and unmount the usb drive. Make scripts for the pamusb-scripts to use to make it do various task. Tasks are ran when the system locks and unlocks.
So now lets setup the pam-usb configuration with the usb flashdrive. I tried to pick a usb flashdrive that I can use for more than just one use.
To start off type this command "my-usb-stick can be anything you want.":
sudo pamusb-conf --add-device my-usb-stick
This command makes it where your usb stick is added to the configuration files. At this point you can add users to the usb-stick config so you have control over the computer. The pamusb-conf file is made in xml format. It should look something like this:
<pre> <device id="my-usb-stick"> <vendor> Verbatim </vendor> <model> STORE N GO </model> <serial> Verbatim_STORE_N_GO_XXXXXXXXXXXXXXXXXXX-0:0 </serial> <volume_uuid> A842-0654 </volume_uuid> </device> </pre>
Now we need to add some users. Here is the command:
sudo pamusb-conf --add-user name
Once you have the user added. I always check that the user works. You can do this with this command format:
sudo pamusb-check name
At this point you should see ACCESS GRANTED. Once you get that your ready.
Here is a tip!
If you get Pad check failed. This is how I fixed it.
rm -r ~/.pamusb/*
then type this command:
sudo pamusb-check name
It should be fine after the denial reset.
Now we can have a little bit of fun with it. I have made to where if you unplug the flash drive. The computer is locked. Also if it is not plugged in you can not get logged in either. Here is the steps you have to do to get this section to work.
sudo nano /etc/pam.d/common-auth
Make sure that you have this section of the file look like this
auth required pam_usb.so
Leave this line the samoe. No need to change., It is as follows. The line with pam_unix.so just needs not to be touched.