One-time Passwords on Linux or Unix using PAM

Summary: One-time passwords (OTPs) are a means of accomplishing two-factor authentication (TFA/T-FA/2FA), an authentication approach aiming to increase account security over traditional passwords.  Now, you can easily set up one-time passwords (passcodes) and two-factor authentication in Linux (and Unix and anything else that makes use of PAM)!

You might have seen one-time passwords in the wild if you use Gmail, Google Apps, or other Google services, where a token application running on Android or the iPhone/iPod iOS can be used as an optional second factor for authenticating users [see: Two-factor Authentication with Google Services].  You also might have seen OTPs in the corporate world if you use a security dongle to access company resources, such as the RSA SecurID, or, perhaps, you have looked into pseudo–two-factor authentication like paper password cards or live in a region where banks frequently provide OTPs on paper.  Whatever your relationship is with them, there are two one-time password, two-factor authentication PAM modules that you should know about.

One-time Passwords with PAM

Using Authenticator

Linux/Unix/PAM two-factor authentication with one-time passwords can be easily accomplished (for free) without using a Google product of any kind (see the end of this article); however, if you already use Google Authenticator for existing Gmail, Google Apps, or other Google accounts, you might find it to be helpful to simply use Google Authenticator for your PC or network authentication needs as well.

Using Barada

If Google Authenticator does not suit your needs, Barada is an analogous solution that also offers a mobile phone token application and PAM module.


I provide consulting if you need additional help setting this up, so feel free to contact me.

Also, you might want try using one-time passwords and two-factor authentication with web programming projects in PHP and other languages!

Keywords: one-time passwords, two-factor authentication, PAM, OTP, TFA, one-time passwords in Linux, two-factor authentication in Linux, one-time passwords PAM module, two-factor authentication PAM module

Leave a Reply

Your email address will not be published. Required fields are marked *