Free Software Foundation!

Averist 'Averist' adds an authentication layer to any CGI application written in Perl. It supports initial authentication through CGI (form), and it can use CGI (hidden form fields) or cookies for reauthentication after a configurable timeout. It can also use a DBM file, a flat file database, or an SQL database for storing session tickets for increased security. The username and password check at the initial authentication can be done via a DBM file, an LDAP directory, a NIS database, the passwd database, a passwd-style file, or an SQL database.

Cgipaf The 'cgipaf' package includes three CGI programs: passwd.cgi, which users update their password; viewmailcfg.cgi, which lets users view their current mail configuration; and mailcfg.cgi, which updates the mail configuration. All programs use PAM for user authentication. Users can run a script to update SAMBA passwords or NIS configuration when a password is changed. mailcfg.cgi creates a .procmailrc in the user's home directory. A user with too many invalid logins can be locked. The minimum and maximum UID can be set in the configuration file, so you can specify the range of UIDs that can use cgipaf.

Checkpassword-pam 'checkpassword-pam' is an implementation of a PAM- based checkpassword-compatible authentication program, but is more modern and administrator-friendly.

Cksfv 'ksfv' (Check SFV) creates simple file verification (.sfv) listings and tests existing .sfv files. It uses the crc32 checksum.

GNU SASL GNU SASL is a library that implements the IETF Simple Authentication and Security Layer (SASL) framework and some SASL mechanisms. SASL is used in network servers (e.g. IMAP, SMTP, etc.) to authentication peers, and can also integrity and privacy. This project was formerly know as 'libgsasl.'

GSKey GSkey is used to generate MD5 sums needed to authenticate with some proxy servers. It works like a known S/key generator, and uses GTK2 as the GUI.

Gensys 'genpass' generates decent random passwords as per user's requirements. Users can pass options specifying the total length, and type and minimum number of characters they want in their password.

Monkeysphere The Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify each other while we work online. Specifically, monkeysphere currently offers a framework to leverage the OpenPGP web of trust for OpenSSH authentication. In other words, it allows you to use secure shell as you normally do, but to identify yourself and the servers you administer or connect to with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and monkeysphere manages the known_hosts and authorized_keys files used by OpenSSH for authentication, checking them for cryptographic validity.

Pam pwcheck The pam_pwcheck is a PAM module for password strength checking. It makes additional checks upon password changes, but it doesn't make the change itself. It only provides functionality for one PAM management group: password changing. This module works in the following manner: if enabled it calls at first the Cracklib routine to check the strength of the password; if crack likes the password, the module does an additional set of strength checks.

Parano Parano is a GNOME frontend for creating, editing, and checking MD5 and SFV files.

Pasmal 'pasmal' is a TCP/IP packet authentication and intrusion detection system. When it receives a sequence of ICMP or TCP packets to any port (open/closed), it will issue a command to the server

Passwd exp 'Passwd_exp' notifies users via email of password or account expiration.

Administrators can review expired accounts in the system. Its modular architecture allows you to perform expiration checks on any data source you use (databases, LDAP, NIS, etc.).

PasswdGen PasswdGen is a utility for system administrators who, for security reasons, want to generate random passwords based on their own criteria. passwdGen has many run-time options that allow you to customize the criteria the generated password. 'passwdGen' is designed in a modular way and currently has three main front-ends: a console based front-end (fe-text), a GTK+ based front-end (fe-gtk), and a KDE2 front-end (fe-kde2). The building of each of these can be disabled at runtime using --disable-gtk, --disable-text, and --disable-kde2.

Shadow 2 The Shadow password file utilities package includes programs necessary to convert traditional V7 *NIX password files to the SVR4 shadow password format, and additional tools to maintain password and group files (that work with both shadow and non-shadow passwords).

Spin auth 'spin_auth' is an authentication wrapper. It can be used by other mod_spin applications to authenticate users specified in a traditional Apache manner, but without employing dangerously breakable basic authentication. It also lets non-encrypted applications temporarily switch to SSL/TLS for authentication only.

TextTokenizer 'textTokenizer' is a Perl module for fast text lexical analysis and/or parsing.

Tiny SRP library The Tiny SRP library is a stripped-down version of srp-1.7.1 and openssl-0.9.6 that contains only what is necessary for secure remote passphrase authentication. No other libraries are required. If you already have libsrp installed on both server and client then you don't need this. Tiny SRP is designed for embedded or mini distributions, and is also a quick and easy way to add secure authentication to small client/server projects. Also included is the TSRP protocol, which reduces socket authentication to one function call on each of the client and server.

TinyCA 'TinyCA' manages a small certification authority. It works as a frontend to OpenSSL. TinyCA lets you manage x509 certificates. You can export data in PEM or DER format to use with servers, as PKCS#12 to use with clients, or as S/MIME certificates to use with email. You can also import your own PKCS#10 requests and generate certificates from them, and create and manage SubCAs for more complex setups. The most important certificate extensions can be configured with the graphical frontend. English, German, and Spanish translations are included.

Tthsum 'tthsum' generates and checks TTH checksums (root of the THEX hash tree). The Merkle Hash Tree is a hash construct that exhibits desirable properties for verifying the integrity of files and file subranges in an incremental or out-of-order fashion. 'tthsum' uses the Tiger hash algorithm for both the internal and the leaf nodes, and has an interface identical to md5sum.

UID Provided is an implementation of a "unique" ID generator in Python. The implementation does not follow UUID or GUID standards, but rather uses available system, host, user, shell environment, process, and other ephemeral information fed into a hasher (by default MD5) to generate the ID. The system is designed to be used both as a standalone application and as a module. The data used to be fed into the hash, as well as the hashing mechanism itself, can be overridden both through the command line and programmatically by importing the module.