macOS
brew install google-authenticator-libpamlocal Homebrew formula metadata
brew
google-authenticator-libpam のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。
インストール
brew install google-authenticator-libpamlocal Homebrew formula metadata
sudo zypper install google-authenticator-libpamopenSUSE Tumbleweed package metadata · google-authenticator-libpam · ソース: download.opensuse.org
sudo apk add google-authenticatorAlpine Linux edge package indexes · google-authenticator · ソース: dl-cdn.alpinelinux.org
sudo dnf install google-authenticatorFedora Rawhide package metadata · google-authenticator · ソース: dl.fedoraproject.org
nix profile install nixpkgs#google-authenticatornixpkgs package indexes · pkgs/by-name/go/google-authenticator/package.nix · ソース: api.github.com
sudo apt install libpam-google-authenticatorDebian stable package indexes · libpam-google-authenticator · ソース: deb.debian.org
概要
PAM module for two-factor authentication
履歴
google-authenticator-libpam is Google's PAM module and setup utility for adding HOTP or TOTP second-factor authentication to Unix login flows such as SSH and OpenVPN. Its package significance is unusually high for a small C/PAM project because it bridges standard one-time-password algorithms, the Google Authenticator app ecosystem, and distribution-level authentication stacks.
The project implements a PAM module named pam_google_authenticator and a google-authenticator setup binary. The README describes it as an example PAM module for two-factor authentication to servers via SSH, OpenVPN, and similar services, and explicitly scopes it away from logging into Google or other TOTP/HOTP services.
The implementation is grounded in the HOTP and TOTP standards. RFC 4226 defined HMAC-based one-time passwords in 2005, and RFC 6238 extended HOTP with a time-based moving factor in 2011. The project's README cites both standards as the algorithms behind its one-time codes.
The GitHub repository was created in November 2016 under Google's organization, and Git tags show 1.03 through 1.11 release labels. The man page documents the PAM module interface, default secret-file behavior, security notes, and deployment options.
The package is widely packaged under names such as google-authenticator-libpam, google-authenticator, and libpam-google-authenticator. The batch metadata records Homebrew, Alpine, Debian, Fedora, Nix, Ubuntu, and openSUSE-family package names, and Homebrew's formula page documents SSH PAM configuration snippets.
Its adoption comes from fitting an existing Unix security boundary: administrators can add an auth required pam_google_authenticator.so line to PAM configuration and let users enroll per-account secrets, rather than deploying a separate authentication server.
Because PAM is distribution- and service-sensitive, the project also exposes rollout controls such as nullok for users without a secret file, secret= for nonstandard secret locations, user= for alternate file access, owner and permission checks, time-skew handling, HOTP counter behavior, and combined password-code prompting.
A user typically runs google-authenticator to create ~/.google_authenticator. The setup can display a QR code when libqrencode is available, or provide a URL or alphanumeric secret that can be entered into an authenticator app.
An administrator enables the PAM module in a service configuration, commonly with an auth line for pam_google_authenticator.so. The module then prompts for a one-time code in addition to the normal password, using either time-based TOTP or counter-based HOTP depending on user setup and options.
The man page emphasizes that the secret file is per account, defaults to .google_authenticator in the user's home directory, and must satisfy ownership and permission checks unless explicitly relaxed.
For package nerds, google-authenticator-libpam is a classic example of a small library package with outsized operational consequences. Packaging has to put a PAM shared object in the right security module path, install a user enrollment binary, and often provide service-specific post-install guidance.
It is also a good reminder that authentication packages are not just CLIs. Their paths, file permissions, PAM control flags, and distro integration details can determine whether users are protected, locked out, or silently bypassing a second factor.
セキュリティ状態
narrow executable package without higher-risk signals.
リスク グリーン · 信頼度 低 · appliance
エージェントに無人実行させる前に、このツールが平文の認証情報を読むか、リモート状態を書き込むか、成果物を公開するか、プラグインを起動するかを確認してください。
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Credential-bearing paths to review before unattended agent runs.
~/.google_authenticator実行可能ファイル
| コマンド | 種類 | 公開範囲 | メモ |
|---|---|---|---|
google-authenticator | cli | グローバル実行可能ファイル |
鮮度
これらの信号は、ページ生成時期、パッケージマネージャの活動、上流リリース比較を分けて示します。バージョン遅れは、証拠 URL と比較可能なバージョンがある場合だけ警告されます。
https://github.com/google/google-authenticator-libpam
インストールメタデータ
| パッケージキー | brew:google-authenticator-libpam |
|---|---|
| バージョン | 1.11 |
| パッケージマネージャ | Homebrew |
| パッケージマネージャページ | https://formulae.brew.sh/formula/google-authenticator-libpam |
| ホームページ | https://github.com/google/google-authenticator-libpam |
| リポジトリ | https://github.com/google/google-authenticator-libpam |
| 上流ドキュメント | https://github.com/google/google-authenticator-libpam#readme |
| ライセンス | Apache-2.0 |
| ソースアーカイブ | https://github.com/google/google-authenticator-libpam/archive/refs/tags/1.11.tar.gz |
| 依存関係 | qrencode |
| ビルド依存関係 | autoconf, automake, libtool |
| Bottle | 利用可能 (対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | 未定義 |
| サービス | 宣言なし |
| 注意点 | Add 2-factor authentication for ssh: echo "auth required $HOMEBREW_PREFIX/opt/google-authenticator-libpam/lib/security/pam_google_authenticator.so" \ | sudo tee -a /etc/pam.d/sshd Add 2-factor authentication for ssh allowing users to log in without OTP: echo "auth required $HOMEBREW_PREFIX/opt/google-authenticator-libpam/lib/security/pam_google_authenticator.so" \ "nullok" | sudo tee -a /etc/pam.d/sshd (Or just manually edit /etc/pam.d/sshd) |
レジストリ情報
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | google-authenticator-libpam |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
ソースデータベース一致
一致は外部パッケージマネージャインデックスから取得され、ローカルの Automic Vault パッケージリンクとは分けて表示されます。
google-authenticator-libpam 1.10-3.3
Google Authenticator PAM module
https://github.com/google/google-authenticator-libpam
sudo zypper install google-authenticator-libpamlibpam-google-authenticator 20191231-2.1
Two-step verification
https://github.com/google/google-authenticator-libpam
sudo apt install libpam-google-authenticatorgoogle-authenticator
nix profile install nixpkgs#google-authenticatorlibpam-google-authenticator 20191231-2build1
Two-step verification
https://github.com/google/google-authenticator/
sudo apt install libpam-google-authenticatorgoogle-authenticator 1.11-r0
Google Authenticator PAM module
https://github.com/google/google-authenticator-libpam
sudo apk add google-authenticatorgoogle-authenticator-doc 1.11-r0
Google Authenticator PAM module (documentation)
https://github.com/google/google-authenticator-libpam
sudo apk add google-authenticator-docgoogle-authenticator 1.11-4.fc44
One-time pass-code support using open standards
https://github.com/google/google-authenticator-libpam/
sudo dnf install google-authenticatorソース経路
このページは scripts/generate-pkg-sqlite.py が生成した非公開のパッケージ SQLite アーティファクトから av-web によって提供されます。
View the package source record on GitHub.