RFC2284 PPP Extensible Authentication Protocol (EAP). [c. 1998/03/01]

RFC2245 Anonymous SASL Mechanism. [c. 1997/11/01]

RFC1828 IP Authentication using Keyed MD5. [c. 1995/08/01]

RFC1852 IP Authentication using Keyed SHA. [c. 1995/09/01]

RFC2138 Remote Authentication Dial In User Service (RADIUS). [c. 1997/04/01]

RFC2078 Generic Security Service Application Program Interface, Version 2. [c. 1997/01/01]

RFC2289 A One-Time Password System. [c. 1998/02/01]

RFC1994 PPP Challenge Handshake Authentication Protocol (CHAP). [c. 1996/08/01]

RFC2243 OTP Extended Responses. [c. 1997/11/01]

RFC1875 UNINETT PCA Policy Statements. [c. 1995/12/01]

RFC2222 Simple Authentication and Security Layer (SASL). [c. 1997/10/01]

RFC2202 Test Cases for HMAC-MD5 and HMAC-SHA-1. [c. 1997/09/01]

RFC2104 HMAC: Keyed-Hashing for Message Authentication. [c. 1997/02/01]

RFC2195 IMAP/POP AUTHorize Extension for Simple Challenge/Response. [c. 1997/09/01]

RFC2082 RIP-2 MD5 Authentication. [c. 1997/01/01]

RFC2139 RADIUS Accounting. [c. 1997/04/01]

RFC1824 The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange (E.I.S.S.-Report 1995/4). [c. 1995/08/01]

RFC1509 Generic Security Service API : C-bindings. [c. 1993/09/01]

RFC1507 DASS - Distributed Authentication Security Service. [c. 1993/09/01]

RFC1510 The Kerberos Network Authentication Service (V5). [c. 1993/09/01]

RFC1826 IP Authentication Header. [c. 1995/08/01]

RFC1704 On Internet Authentication. [c. 1994/10/01]

RFC1760 The S/KEY One-Time Password System. [c. 1995/02/01]

RFC1511 Common Authentication Technology Overview. [c. 1993/09/01]

RFC1170 Public key standards and licenses. [ 1991/01/01]

RFC1004 Distributed-protocol authentication scheme. [ 1987/04/01]

RFC0972 Password Generator Protocol. [ 1986/01/01]

RFC0931 Authentication server. [ 1985/01/01]

Kerberos FAQ, v1.10 (last modified 5/14/1999)

Kerberos Users' Frequently Asked Questions 1.14

<1999/05/21> Comp.security.pgp FAQ [German]

alt.security.keydist Frequently Asked Questions

Optical Fingerprinting to Protect Data: A Proposal ( Nachiketh R. Potlapally ; IEEE Computer Magazine 2002-04)

Parasitic Authentication To Protect Your E-Wallet ( Tim Ebringer, Peter Thorne, Yuliang Zheng ; IEEE Computer Magazine 2000-010)

To Whom am I Speaking? ( Mark Lomas, Bruce Christianson ; IEEE Computer Magazine 1995-01)

Authentication Revisited ( T.Y.C. Woo, S.S. Lam ; IEEE Computer Magazine 1992-03)

Unix Programming FAQ How do I check a user's password? []

Unix Programming FAQ How do I get a user's password? []

Unix Programming FAQ How do I get shadow passwords by uid? []

Unix Programming FAQ How do I verify a user's password? []

Cross-platform Password Management? [2002/04/06]

Enterprise-Level Authentication for Linux? [2002/02/01]

Smart Card Authentication in Mixed Environments? [2001/12/28]

Smart Cards for Windows XP Login? [2001/12/03]

Strong Token-Based Authentication w/ Open Source Software? [2001/10/30]

Thoughts for Thawte's Personal Certificates? [2001/06/06]

Are Strong Passwords All That Strong? [2001/06/05]

Managing Shared Passwords? [2001/06/04]

pam_ldap/pam_krb5 Authentication Against Active Directory? [2001/06/03]

Tips on the Prevention of Social Engineering? [2001/05/03]

PAM Support for Shadow Passwords? [2001/04/06]

Hardware For Protecting Your Passwords? [2001/04/02]

Windows 2000 Directory Support While Keeping Unix? [ 2000/08/24]

Authentication on an Untrusted Network? [ 2000/06/19]

Kerberos Outside the US? [ 2000/01/14]

How do I unify passwords and such on a heterogeneous network? [ 2000/01/01]

American Express Blue as User Authentication? [ 1999/12/15]

Username/Password - Is It Still Secure? [ 1999/11/08]

How do you Remember Your Passwords? [ 1999/11/08]

Kerberos and PAM? [ 1999/03/17]

Questions and Answers

encrypt(1) - encrypt passwords from the command line or standard input {oss}

startkey(1) - start keying with photurisd {oss}

skey, otp-md4, otp-md5, otp-sha1, otp-rmd160(1) - Respond to a OTP challenge. {oss}

passwd(1) - modify a user's password {oss}

skeyaudit(1) - warn users if their S/Key will soon expire {oss}

skeyinfo(1) - obtain the next S/Key challenge for a user {oss}

skeyinit(1) - change password or add user to S/Key authentication system. {oss}

photurisd(8) - IPSec key management daemon {oss}

rpc.yppasswdd(8) - YP update password file daemon {oss}

l0phtcrack-1.5 - L0pht Heavy Industries' cracker for SAMBA or Windows NT passwords

radreport-1.3 - Perl script for processing radius logs

tac_plus-F4.0.4 - The Cisco remote authentication/authorization/accounting server

mdcrack-1.2 - Bruteforce password MD5 hashes

ssh-multiadd-1.3.1 - Tool to add multiple ssh keys to the authentication agent

pwgen-1.15 - A simple password generator

fpm-0.53 - Figaro's Password Manager, an app to securely store your passwords

ascend-radius-980618 - The Ascend modified Radius Daemon

radiusniff-0.2 - Sniffer for RADIUS traffic

mod_auth_pgsql-0.9.12 - Allows users to use PostgreSQL databases for user authentication

apg-1.2.13 - An automated password generator

mod_auth_mysql-2.20 - Allows users to use MySQL databases for user authentication

keyprint-1.0 - Print S/Key keys on a piece of paper, twice the size of a credit card

checkpassword-0.90 - A simple password-checking interface

mod_auth_external-2.1.15 - Enables the use of external mechanisms for user authentication

didentd-0.2 - Modular RfC1423 (identd) server sending encrypted audit tokens.

gnu-radius-0.96 - GNU RADIUS server

icradius-0.18.1 - A variant of Cistron RADIUS, but with a MySQL backend

krb5-beta-1.2.5b2 - An authentication system developed at MIT, successor to Kerberos IV

p5-Crypt-PassGen-0.02 - Crypt::PassGen - Generate a random password that looks like a real word

p5-RADIUS-UserFile-1.01 - Perl extension for manipulating a RADIUS users file

ppgen-1.0 - Secure passphrase generator

safesh-1.3 - Authentication manager for OpenSSH (making secure auth easier)

srp-1.7.4 - Secure Remote Password protocol library, TELNET, and FTP

radius-basic-3.6B2 - A remote authentication server

radiusd-cistron-1.6.6 - A RADIUS-compliant remote authentication and accouting server

crack-5.0 - the "Sensible" Unix Password Cracker.

donkey-0.5 - An alternative for S/KEY's key command

krb5-1.2.4 - An authentication system developed at MIT, successor to Kerberos IV

pidentd-2.8.5 - An RFC1413 identification server

idutil - command-line i'face to cuserid(3), getpwnam(3), &etc {oss}

auth - RFC 931 TCP Authentication server {oss}

KeyNote {GPL}

pgp4pine - Interactive program for using PGP with email programs, specifically Pine {GPL}

Slurpie - Distributed passwd cracker {GPL}

PGPMenu - Interactive menu for using PGP2, PGP5, and/or GPG {GPL}

pam_smb - PAM module for NT authentication {GPL}

Cistron Radius Server - Free Radius Server with many features {GPL}

pTrack - pTrack is a password tracking program written using mingw32 EGCS gcc2.95 and a winapi gcc-win32 port. pTrack is licensed under the GNU Public License. That means you can use it for free for non-commercial purposes. A commercial version is not available. [Windows95 OSR2 or later]

ppgen-1.0.tgz - secure passphrase generator

radiusreport-0.3b6.tgz - RADIUS log file analysis tool

PGPHTML - Generates PGP signed web-pages

radiusd-lucent-2.1.tgz - Lucent remote access RADIUS server

Face Lock

john-1.6 - featureful Unix password cracker

gnupg-1.0.6_6 - The GNU Privacy Guard

Linux-PAM - Linux Pluggable Authentication Modules {GPL}

Egoistic Wordlist Generator - A wordlist generator with a variety of options. {Freeware}

auth_ipc_module - Shadow password authentication module for Apache {free to use but restricted}

mcrypt - A replacement for the old unix crypt(1). Uses several block algorithms.

Secure Remote Password Protocol - Zero-knowledge password-based authentication and key exchange protocol {free to use but restricted}

Applications and Utilities

p5-Apache-AuthTicket-0.31 - Perl modules that implement a cookie-based authentication system

p5-Authen-PAM-0.13 - A Perl interface to the PAM library

p5-TacacsPlus-0.16 - A perl module that provides authentication using a tacacs+ server

pam-pgsql-0.5.2_2 - A pam module for authenticating with PostgreSQL

p5-Apache-AuthenCache-0.04 - Perl module that implements authentication caching

pam_mysql-0.4.7 - A pam module for authenticating with MySQL

smb_auth-0.05 - A proxy authentication module against an SMB server

cracklib-2.7_1 - Password-checking library

freeradius-devel-20010310 - A new RADIUS authentication and accounting server with loadable modules

p5-Apache-AuthCookie-2.011 - A perl module to provide custom forms for reauthentication

ruby-pam-1.4 - Ruby extension to use PAM library

mod_auth_any-1.0.2 - Apache module to use any command line program to authenticate a user

mod_sequester-1.7.0 - Apache module that controls access to the website using secure info

mod_auth_pam-1.0a - Allows users to use PAM modules for user authentication

mod_access_identd-1.2.0 - Apache module to supply access control based on ident reply

pam_ldap-1.4.0 - A pam module for authenticating with LDAP

auth_ldap-1.6.0_1 - Apache module to authenticate against an LDAP directory.

mod_auth_kerb-4.10 - An Apache module for authenticating users with Kerberos v5

mod_auth_pwcheck-1.0 - Apache module for user authentication via Cyrus pwcheck daemon

p5-IC-Radius-0.4 - A Perl5 extension for ICRADIUS Interface Module

p5-Net-Radius-1.43 - A perl module to manipulate RADIUS packets

pam_alreadyloggedin-0.2 - PAM module based on whether a user is already logged in

pam_pwdfile-0.95 - A pam module for authenticating with flat passwd files

libident-0.22 - A small library to interface the ident protocol server (rfc1413)

radiusclient-0.3.1 - Client library and basic utilities for Radius authenticated login

p5-Authen-Radius-0.05 - A perl5 module to provide simple Radius client facilities

Regkey.H, Regit.C, Chkreg.C - Craig Morrison's registration key functions {oss}

permissions - access control library for YP/NIS environments {oss}

pam_smb-1.9.9_1 - NetBIOS domain logon PAM module

Net::Ident - Lets you extract the user name from the other end of a TCP/IP connection. (This only works if the remote site is running IDENTD.) [Perl] {oss}

Net::NIS - Interface to NIS, the Network Information Service. (NIS used to be called Yellow Pages before Sun lost a trademark battle.) NIS provides information about user accounts to remote hosts. This makes it possible for all the computers on a network t [Perl] {oss}

Net::NISPlus - Interface to NIS+, the second generation of NIS. Also see Net::NIS above. [Perl] {oss}

HTTPD::Authen - Portable methods for authenticating users for your Web server. [Perl] {oss}

HTTPD::UserAdmin - Portable access to user databases for your Web server. [Perl] {oss}

HTTPD::GroupAdmin - Portable access to group databases for your Web server. [Perl] {oss}

Libraries and Functions

(The following links to subjects at this site retain your personalized selections.)

See also: Remote Process Communication

See also: Kerberos authentication

See also: Process Limits: Identity - Process ownership and Identity

See also: Communication Filtering and Firewalls - Preventing certain types of communication. Communication security, encryption, et al. -

Up to Communications