Requirements gathering for pam_usb alternative

[andrey-utkin]

Hi all, developers and users,

It's pity that pam_usb is unmaintained and nothing else has emerged yet. I used pam_usb for a while a couple of years ago and I have mixed review on it - mainly stability issues. Setup also felt a bit more complex than it could be. Nowadays udisks v1 dependency is another odd issue (while it feels simple udev hook alone would do).

So I wonder if anybody would like to contribute to requirements document for a software fulfilling same purpose, but without baggage of pam_usb project. Would you like basically the same what pam_usb provides, or would you want something more, or would you want to have more stripped-down tool (e.g. no agent process hanging around)? Would you agree to give up "one time pads" and go with static key?

Would really love @aluzzardi feedback on what would he do differently if given a chance to do it anew.

[aluzzardi]

@andrey-utkin Why not contribute to pam_usb instead of starting from scratch?

I'd be happy to hand over maintainership to committed individuals.

There have been PRs in the past to move over to udisk2 (/cc @Danesprite @luka-n).

Regarding my feedback, I'd say, in no particular order:

• Move away from udisks1
• Reconsider the technologies used. I don't think we necessarily need to switch to udisks2 - maybe udev can be used directly, or maybe systemd? pam_usb went from scanning /dev to using HAL, to relying on udev/udisks and maybe today that's not the best solution anymore
• Rewrite the tools. The main module is fine the way it is (it doesn't have to do much), but the tools are old. If I had to do this today, I'd probably rewrite the tools in Go (small binaries with tiny memory footprint)