pam-all : a new pluggable authentication Module

A nice development : a PAM module (linux) for authentication for sudo, based
on validation by other administrators.

Designed for secure systems, all sudo commands (administrators commands) must be validate by a quorum of administrators before execution.

Download

pam_all provide a system of authentification in an administrators group. When an user start a command (via sudo), pam_all puts the user awaiting approval from the other administrators of the group before running the command.

pam_all is based on an encryption system, where each user have his key pair. The command is salted and encrypted with a random AES key (secured by the RSA public key of each user in the group). When an user validate the command with all-validate, command is signed and pam_all return PAM_SUCCESS (when the quorum is reached).

Thanks to Aurelien Rausch (aurel at aurel-r.fr)