AusweisApp
- Ebuilds: 2, Stable: 2.4.0, Testing: 2.4.1 Description: Official authentication app for German ID cards and residence permits
Homepage:https://www.ausweisapp.bund.de/ License: EUPL-1.2
howdy
- Ebuilds: 2, Testing: 3.0.0 Description: Windows Hello style facial authentication for Linux
Homepage:https://github.com/boltgolt/howdy License: MIT
munge
- Ebuilds: 1, Stable: 0.5.18, Testing: 0.5.18 Description: MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating
and validating credentials. It is designed to be highly scalable for use in
an HPC cluster environment. It allows a process to authenticate the UID and
GID of another local or remote process within a group of hosts having common
users and groups. These hosts form a security realm that is defined by a
shared cryptographic key. Clients within this security realm can create and
validate credentials without the use of root privileges, reserved ports, or
platform-specific methods.
Homepage:https://github.com/dun/munge License: GPL-3
nss-docker-ng
- Ebuilds: 2, Testing: 1.1.3 Description: NSS plugin for finding Docker containers by their ID or name
Homepage:https://github.com/petski/nss-docker-ng License: MIT Apache-2.0 LGPL-3 MIT MPL-2.0 Unicode-DFS-2016
nss-mdns
- Ebuilds: 2, Stable: 0.15.1, Testing: 9999, 0.15.1 Description: Name Service Switch module for Multicast DNS
Homepage:https://github.com/lathiat/nss-mdns License: GPL-2+
nss-myhostname
- Ebuilds: 1, Stable: 0.3-r1, Testing: 0.3-r1 Description:
nss-myhostname is a plugin for the GNU Name Service Switch (NSS) functionality
of the GNU C Library (glibc) providing host name resolution for the locally
configured system hostname as returned by gethostname(2). Various software
relies on an always resolvable local host name. When using dynamic hostnames
this is usually achieved by patching /etc/hosts at the same time as changing
the host name. This however is not ideal since it requires a writable /etc
file system and is fragile because the file might be edited by the
administrator at the same time. nss-myhostname simply returns all locally
configure public IP addresses, or -- if none are configured -- the IPv4
address 127.0.0.2 (wich is on the local loopback) and the IPv6 address ::1
(which is the local host) for whatever system hostname is configured locally.
Patching /etc/hosts is thus no longer necessary.
Homepage:https://0pointer.de/lennart/projects/nss-myhostname/ License: LGPL-2.1+
nss-pam-ldapd (ambiguous, available in 2 overlays)
- Ebuilds: 3, Stable: 0.9.13-r1, Testing: 0.9.13-r1 Description:
Provides a Name Service Switch (NSS) module that allows your LDAP
server to provide user account, group, host name, alias, netgroup, and
basically any other information that you would normally get from /etc
flat files or NIS. It also provides a Pluggable Authentication Module
(PAM) to do authentication to an LDAP server.
This is implemented using thin NSS and PAM modules which delegate to a
dedicated service (nslcd) that queries the LDAP server with persistent
connections, authentication, attribute translation, etc.
Homepage:https://arthurdejong.org/nss-pam-ldapd/ License: LGPL-2.1
oath-toolkit
- Ebuilds: 3, Stable: 2.6.14, Testing: 2.6.14, 2.6.13 Description: Toolkit for using one-time password authentication with HOTP/TOTP algorithms
Homepage:https://oath-toolkit.codeberg.page/ License: GPL-3 LGPL-2.1
oath-uri
- Ebuilds: 1, Testing: 1.0.0 Description:
oath-uri is an open source C/C++ library and command line tool to
generate OATH TOTP/HOTP key sharing URI for soft tokens, also known as
one-time password authentication applications.
Homepage:https://sinustrom.info/projects/oath-uri/ License: LGPL-2+ GPL-3+
otpcalc (ambiguous, available in 2 overlays)
- Ebuilds: 2, Stable: 0.98.1, Testing: 0.98.1 Description:
otpCalc is an RFC2289 and RFC1760 compliant one time password calculator,
written to use the GTK+ library for screen I/O.
Homepage:https://gitlab.com/otpcalc/otpcalc
http://www.killa.net/infosec/otpCalc/ License: GPL-2+
pam-ssh-agent
- Ebuilds: 1, Testing: 0.9.5 Description:
The goal of this project is to provide a PAM authentication module determining the identity of a user based on a signature request and response sent via the ssh-agent protocol to a potentially remote ssh-agent.
One scenario that this module can be used in is to grant escalated privileges on a remote system accessed using ssh with agent forwarding enabled and the sudo command.
Homepage:https://github.com/nresare/pam-ssh-agent License: || ( Apache-2.0 MIT ) 0BSD Apache-2.0 BSD MIT Unicode-3.0
pam_dumb_runtime_dir
- Ebuilds: 1, Stable: 1.0.4 Description:
Creates an XDG_RUNTIME_DIR directory on login per the freedesktop.org base directory spec.
Flaunts the spec and never removes it, even after last logout.
This keeps things simple and predictable.
Homepage:https://github.com/ifreund/dumb_runtime_dir License: 0BSD
pam_mount
- Ebuilds: 3, Stable: 2.22, Testing: 2.21 Description: A PAM module that can mount volumes for a user session
Homepage:https://inai.de/projects/pam_mount/ License: GPL-3
pam_p11
- Ebuilds: 1, Stable: 0.6.0, Testing: 0.6.0 Description: PAM module for authenticating against PKCS#11 tokens
Homepage:https://github.com/opensc/pam_p11/wiki License: LGPL-2.1
pam_radius
- Ebuilds: 4, Testing: 9999 Description:
Oubliette - ebuild version bump from Gentoo repository
This is the PAM to RADIUS authentication module. It allows any
PAM-capable machine to become a RADIUS client for authentication
and accounting requests.
Homepage:http://www.freeradius.org/pam_radius_auth/
pam_rssh
- Ebuilds: 3, Testing: 1.2.0_rc2 Description:
This PAM module provides ssh-agent based authentication. The primary design goal is to avoid typing password when you sudo on remote servers. Instead, you can simply touch your hardware security key (e.g. Yubikey/Canokey) to fulfill user verification. The process is done by forwarding the remote authentication request to client-side ssh-agent as a signature request.
This project is developed in Rust language to minimize security flaws.
Homepage:https://github.com/z4yx/pam_rssh License: MIT Apache-2.0 BSD-2 CC-PD MIT Unicode-DFS-2016 Unlicense
pam_smb
- Ebuilds: 1, Stable: 2.0.0_rc6-r3, Testing: 2.0.0_rc6-r3 Description: PAM module for authenticating against an SMB (such as the Win_x families) server
Homepage:http://www.csn.ul.ie/~airlied/pam_smb/ License: GPL-2
rtkit
- Ebuilds: 1, Stable: 0.14, Testing: 0.14 Description:
RealtimeKit is a DBus service that provides applications with an interface
to escalate their priority to realtime, without any special setup in
rlimits, etc.
Homepage:https://gitlab.freedesktop.org/pipewire/rtkit License: GPL-3 BSD
skey
- Ebuilds: 1, Stable: 1.1.5-r14, Testing: 1.1.5-r14 Description:
From RFC2289:
One form of attack on networked computing systems is eavesdropping on
network connections to obtain authentication information such as the
login IDs and passwords of legitimate users. Once this information is
captured, it can be used at a later time to gain access to the system.
One-time password systems are designed to counter this type of attack,
called a "replay attack."
The authentication system described in this document uses a secret
pass-phrase to generate a sequence of one-time (single use) passwords.
With this system, the user's secret pass-phrase never needs to cross the
network at any time such as during authentication or during pass-phrase
changes. Thus, it is not vulnerable to replay attacks. Added security
is provided by the property that no secret information need be stored on
any system, including the server being protected.
The OTP system protects against external passive attacks against the
authentication subsystem. It does not prevent a network eavesdropper from
gaining access to private information and does not provide protection
against either "social engineering" or active attacks.
Homepage:https://web.archive.org/web/20160710152027/http://www.openbsd.org:80/faq/faq8.html#SKey License: BSD MIT RSA BEER-WARE
solo1 (ambiguous, available in 2 overlays)
- Ebuilds: 2, Stable: 0.1.1-r2, Testing: 0.1.1-r2 Description:
The command-line tool 'solo1' provided by this package can be used to reset
a SoloKeys Solo 1, set/change the PIN, generate credentials, interact
with the on-board TRNG, update the firmware, and more. See the output
of 'solo1 key --help' for more information.
Homepage:https://github.com/solokeys/solo1-cli License: Apache-2.0 MIT
solo2-cli
- Ebuilds: 1, Testing: 0.2.0 Description: Library and CLI for the SoloKeys Solo 2 security key
Homepage:https://github.com/solokeys/solo2-cli License: 0BSD Apache-2.0 Apache-2.0-with-LLVM-exceptions BSD Boost-1.0 ISC MIT MPL-2.0 Unlicense ZLIB
ssh-import-id
- Ebuilds: 1, Stable: 5.11-r1, Testing: 5.11-r1 Description: Utility to securely retrieve an SSH public key and install it locally
Homepage:https://launchpad.net/ssh-import-id License: GPL-3
sssd
- Ebuilds: 3, Stable: 2.12.0-r2, Testing: 2.12.0-r2 Description: System Security Services Daemon provides access to identity and authentication
Homepage:https://github.com/SSSD/sssd
thinkfinger
- Ebuilds: 1, Testing: 0.3-r3 Description: Support for the UPEK/SGS Thomson fingerprint reader, common in Thinkpads
Homepage:http://thinkfinger.sourceforge.net/ License: GPL-2