Why You Should Never Install The Google Authenticator PAM Apt Package on Ubuntu

There are three major reasons why I would completely avoid installing the PAM Google Authenticator Module from the Apt Ubuntu command which I detail here:

Reason #1: Google Authenticator PAM was last updated on July 2017 on the Ubuntu Repostiory (Reminder: It’s 2021)

You can check the package compilation date using the command apt-cache policy libpam-google-authenticator command on Ubuntu:

apt-cache policy libpam-google-authenticatorlibpam-google-authenticator:
Installed: (none)
Candidate: 20170702–1
Version table:
20170702–1 500
500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages

Surprisingly the last update was on 02-JUL-2017 for the apt package while the Github project was last updated on Dec 23rd, 2020. That’s three whole years of lost updates!

Reason #2: Google Auth PAM Package Is Not Security Reviewed By The Ubuntu Team

The Google Authenticator PAM module package is being published on Ubuntu through the bionic/universe repository, which according to Ubuntu’s /etc/apt/sources.list file has the following comment attached to it:

bionic/universe on Ubuntu will NOT receive any review or updates from the Ubuntu security team

bionic/universe repository on Ubuntu is marked with a disclaimer above. Notice the line which says Also, please note that software in universe WILL NOT receive any review or updates from the Ubuntu security team.

This means what it says, and says what it reads; there are no security reviews or updates from the Ubuntu Security team for any package served through the bionic/universe repository. Now if that doesn’t raise an eye brow for you, what does?

Reason #3: The Ubuntu Package Does Not Support the grace_period Feature

Without the grace_period security configuration the Google Authenticator becomes hardly usable. Since this feature allows users a grace period of 24 hours by default to not have to re-authenticate on each usage. Without it, the module becomes very intimidating to use since you’ll have to re-authenticate using the app every time you login.

I hope enough reasons have been given to convince you to fully ditch the Apt Package version of this useful PAM Google Authenticator module and to go for the better alternative which is pulling the source code from GitHub to compile it from scratch.

I have detailed How to Compile Google Authenticator in my next part instead.

A Software Engineer with interests in data storage and database systems done right.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store