Automic VaultAutomic Vault

brew

google-authenticator-libpam を Homebrew, zypper, apk, dnf, Nix, apt でインストール

google-authenticator-libpam のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。

インストール

追加のインストールコマンド

macOS

Homebrew確認済み · 100%
brew install google-authenticator-libpam

local Homebrew formula metadata

Linux

openSUSE zypper確認済み · 92%
sudo zypper install google-authenticator-libpam

openSUSE Tumbleweed package metadata · google-authenticator-libpam · ソース: download.opensuse.org

Alpine Linux apk確認済み · 92%
sudo apk add google-authenticator

Alpine Linux edge package indexes · google-authenticator · ソース: dl-cdn.alpinelinux.org

Fedora dnf確認済み · 92%
sudo dnf install google-authenticator

Fedora Rawhide package metadata · google-authenticator · ソース: dl.fedoraproject.org

Nix確認済み · 92%
nix profile install nixpkgs#google-authenticator

nixpkgs package indexes · pkgs/by-name/go/google-authenticator/package.nix · ソース: api.github.com

Debian apt確認済み · 92%
sudo apt install libpam-google-authenticator

Debian stable package indexes · libpam-google-authenticator · ソース: deb.debian.org

概要

パッケージ概要

PAM module for two-factor authentication

コマンドとエイリアス

  • google-authenticator

履歴

プロジェクトの歴史と使われ方

google-authenticator-libpam is Google's PAM module and setup utility for adding HOTP or TOTP second-factor authentication to Unix login flows such as SSH and OpenVPN. Its package significance is unusually high for a small C/PAM project because it bridges standard one-time-password algorithms, the Google Authenticator app ecosystem, and distribution-level authentication stacks.

プロジェクトの歴史

The project implements a PAM module named pam_google_authenticator and a google-authenticator setup binary. The README describes it as an example PAM module for two-factor authentication to servers via SSH, OpenVPN, and similar services, and explicitly scopes it away from logging into Google or other TOTP/HOTP services.

The implementation is grounded in the HOTP and TOTP standards. RFC 4226 defined HMAC-based one-time passwords in 2005, and RFC 6238 extended HOTP with a time-based moving factor in 2011. The project's README cites both standards as the algorithms behind its one-time codes.

The GitHub repository was created in November 2016 under Google's organization, and Git tags show 1.03 through 1.11 release labels. The man page documents the PAM module interface, default secret-file behavior, security notes, and deployment options.

採用の歴史

The package is widely packaged under names such as google-authenticator-libpam, google-authenticator, and libpam-google-authenticator. The batch metadata records Homebrew, Alpine, Debian, Fedora, Nix, Ubuntu, and openSUSE-family package names, and Homebrew's formula page documents SSH PAM configuration snippets.

Its adoption comes from fitting an existing Unix security boundary: administrators can add an auth required pam_google_authenticator.so line to PAM configuration and let users enroll per-account secrets, rather than deploying a separate authentication server.

Because PAM is distribution- and service-sensitive, the project also exposes rollout controls such as nullok for users without a secret file, secret= for nonstandard secret locations, user= for alternate file access, owner and permission checks, time-skew handling, HOTP counter behavior, and combined password-code prompting.

使われ方

A user typically runs google-authenticator to create ~/.google_authenticator. The setup can display a QR code when libqrencode is available, or provide a URL or alphanumeric secret that can be entered into an authenticator app.

An administrator enables the PAM module in a service configuration, commonly with an auth line for pam_google_authenticator.so. The module then prompts for a one-time code in addition to the normal password, using either time-based TOTP or counter-based HOTP depending on user setup and options.

The man page emphasizes that the secret file is per account, defaults to .google_authenticator in the user's home directory, and must satisfy ownership and permission checks unless explicitly relaxed.

パッケージ好きにとっての重要性

For package nerds, google-authenticator-libpam is a classic example of a small library package with outsized operational consequences. Packaging has to put a PAM shared object in the right security module path, install a user enrollment binary, and often provide service-specific post-install guidance.

It is also a good reminder that authentication packages are not just CLIs. Their paths, file permissions, PAM control flags, and distro integration details can determine whether users are protected, locked out, or silently bypassing a second factor.

タイムライン

  • 2005: RFC 4226 publishes HOTP.
  • 2011: RFC 6238 publishes TOTP as a time-based extension of HOTP.
  • 2016-11: Google GitHub repository created.
  • 2016-2026: Git tags show 1.03 through 1.11 release labels.
  • 2026: README and man page document PAM setup, ~/.google_authenticator secrets, HOTP/TOTP behavior, and security-sensitive module options.

Related projects

  • Google Authenticator mobile apps generate compatible one-time codes for enrolled secrets.
  • Linux-PAM and service PAM configurations such as sshd and OpenVPN are the integration surfaces for the module.
  • pam_oath, FreeOTP, oathtool, and other OATH-compatible tooling occupy adjacent HOTP/TOTP authentication space.

ソース

セキュリティ状態

リスクレベル: グリーン

narrow executable package without higher-risk signals.

リスク分類器

リスク グリーン · 信頼度 低 · appliance

理由

  • narrow executable package without higher-risk signals

信号

  • metadata:no-higher-risk-signals

インストール挙動

  • formula メタデータに Homebrew post-install フックは記録されていません。
  • Homebrew bottle メタデータは 8 個のプラットフォームターゲットで利用できます。
  • 1 件の実行時依存関係とともにインストールされます。
  • ビルドメタデータには 3 件のビルド依存関係があります。

推奨レビュー

エージェントに無人実行させる前に、このツールが平文の認証情報を読むか、リモート状態を書き込むか、成果物を公開するか、プラグインを起動するかを確認してください。

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.google_authenticator

実行可能ファイル

インストールされる実行可能ファイル

コマンド種類公開範囲メモ
google-authenticatorcliグローバル実行可能ファイル

鮮度

バージョンと鮮度

これらの信号は、ページ生成時期、パッケージマネージャの活動、上流リリース比較を分けて示します。バージョン遅れは、証拠 URL と比較可能なバージョンがある場合だけ警告されます。

ページ生成日2026-07-10
マネージャ版1.11
マネージャ更新日
ローカルデータOK
上流最新
検出された最新1.11

https://github.com/google/google-authenticator-libpam

  • 情報No package-manager update timestamp was available.信頼度 低

インストールメタデータ

パッケージメタデータ

パッケージキーbrew:google-authenticator-libpam
バージョン1.11
パッケージマネージャHomebrew
パッケージマネージャページhttps://formulae.brew.sh/formula/google-authenticator-libpam
ホームページhttps://github.com/google/google-authenticator-libpam
リポジトリhttps://github.com/google/google-authenticator-libpam
上流ドキュメントhttps://github.com/google/google-authenticator-libpam#readme
ライセンスApache-2.0
ソースアーカイブhttps://github.com/google/google-authenticator-libpam/archive/refs/tags/1.11.tar.gz
依存関係qrencode
ビルド依存関係autoconf, automake, libtool
Bottle利用可能 (対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux)
Homebrew post-install未定義
サービス宣言なし
注意点Add 2-factor authentication for ssh: echo "auth required $HOMEBREW_PREFIX/opt/google-authenticator-libpam/lib/security/pam_google_authenticator.so" \ | sudo tee -a /etc/pam.d/sshd Add 2-factor authentication for ssh allowing users to log in without OTP: echo "auth required $HOMEBREW_PREFIX/opt/google-authenticator-libpam/lib/security/pam_google_authenticator.so" \ "nullok" | sudo tee -a /etc/pam.d/sshd (Or just manually edit /etc/pam.d/sshd)

レジストリ情報

ソースデータベース詳細

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegoogle-authenticator-libpam
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

ソースデータベース一致

他のパッケージマネージャ記録

一致は外部パッケージマネージャインデックスから取得され、ローカルの Automic Vault パッケージリンクとは分けて表示されます。

zypper95%

google-authenticator-libpam 1.10-3.3

Google Authenticator PAM module

https://github.com/google/google-authenticator-libpam

sudo zypper install google-authenticator-libpam
  • License: Apache-2.0
  • Category: Productivity/Security
  • Architecture: x86_64
  • Source Package: google-authenticator-libpam
  • 3 依存関係
  • 2 提供
  • normalized package name match
  • 一致条件: Google Authenticator Libpam
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: google-authenticator-libpam from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
Debian apt92%

libpam-google-authenticator 20191231-2.1

Two-step verification

https://github.com/google/google-authenticator-libpam

sudo apt install libpam-google-authenticator
  • Section: admin
  • Architecture: amd64
  • Source Package: google-authenticator
  • 3 依存関係
  • installed executable or alias match
  • 一致条件: Google Authenticator
Debian stable package indexes · deb.debian.org · Debian stable package indexes: libpam-google-authenticator from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix92%

google-authenticator

nix profile install nixpkgs#google-authenticator
  • installed executable or alias match
  • 一致条件: Google Authenticator
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/go/google-authenticator/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt92%

libpam-google-authenticator 20191231-2build1

Two-step verification

https://github.com/google/google-authenticator/

sudo apt install libpam-google-authenticator
  • Section: universe/admin
  • Architecture: amd64
  • Source Package: google-authenticator
  • 3 依存関係
  • installed executable or alias match
  • 一致条件: Google Authenticator
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: libpam-google-authenticator from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk92%

google-authenticator 1.11-r0

Google Authenticator PAM module

https://github.com/google/google-authenticator-libpam

sudo apk add google-authenticator
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: google-authenticator
  • 1 依存関係
  • 1 提供
  • installed executable or alias match
  • 一致条件: Google Authenticator
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: google-authenticator from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk92%

google-authenticator-doc 1.11-r0

Google Authenticator PAM module (documentation)

https://github.com/google/google-authenticator-libpam

sudo apk add google-authenticator-doc
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: google-authenticator
  • installed executable or alias match
  • 一致条件: Google Authenticator
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: google-authenticator-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
dnf92%

google-authenticator 1.11-4.fc44

One-time pass-code support using open standards

https://github.com/google/google-authenticator-libpam/

sudo dnf install google-authenticator
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: google-authenticator
  • 4 依存関係
  • 1 提供
  • installed executable or alias match
  • 一致条件: Google Authenticator
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: google-authenticator from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

ソース経路

リポジトリデータから生成

このページは scripts/generate-pkg-sqlite.py が生成した非公開のパッケージ SQLite アーティファクトから av-web によって提供されます。

使用ソース

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment