Open Source Linux Authentication Software
Sort By:
Authentication Software for Linux
View 40 business solutionsBrowse free open source Authentication software and projects for Linux below. Use the toggles on the left to filter open source Authentication software by OS, license, language, programming language, and project status.
-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
1
*NOTE* Migrated to http://github.com/cracklib/cracklib Next generation version of libCrack password checking library. As of Oct 2008 (reflected in 2.8.15 code release), licensed under LGPL.
-
2
JXplorer - A Java Ldap Browser
Mature LDAP, LDIF and DSML client with i18n support.
A java LDAP client with LDIF support, security (inc SSL, SASL & GSSAPI), translated into many languages (inc. Chinese), online help, user forms and many other features. The commercial version is available at https://jxworkbench.com for $9.95. It extends JXplorer to include: - custom LDAP reporting - to pdf, word etc. - Find and Replace with regexp and attribute substitution - A secure password vault to store directory connections - etc. Support for JXplorer and JXWorkbench is available at http://jxplorer.org. Commercial support available from sales@jxworkbench.com -
3
EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.
-
4
Gobuster
Directory/File, DNS and VHost busting tool written in Go
Gobuster is a tool used to brute-force. This project is born out of the necessity to have something that didn't have a fat Java GUI (console FTW), something that did not do recursive brute force, something that allowed me to brute force folders and multiple extensions at once, something that compiled to native on multiple platforms, something that was faster than an interpreted script (such as Python), and something that didn't require a runtime. Provides several modes, like the classic directory brute-forcing mode, DNS subdomain brute-forcing mode, the mode that enumerates open S3 buckets and looks for existence and bucket listings, and the virtual host brute-forcing mode (not the same as DNS!). Since this tool is written in Go you need to install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options. You need at least go 1.16.0 to compile gobuster. -
Application Monitoring That Won't Slow Your App DownFull APM with errors, performance, logs, and uptime monitoring. 99.999% uptime SLA on the platform itself.
-
5
Fail2Ban
Daemon to ban hosts that cause multiple authentication errors
Fail2Ban scans log files and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services. -
6
Keycloak
Identity and access management for modern applications and services
Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box. You'll even get advanced features such as User Federation, Identity Brokering and Social Login. Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. Users authenticate with Keycloak rather than individual applications. This means that your applications don't have to deal with login forms, authenticating users, and storing users. Once logged-in to Keycloak, users don't have to login again to access a different application. This also applied to logout. Keycloak provides single-sign out, which means users only have to logout once to be logged-out of all applications that use Keycloak. -
7
Casdoor
An open-source Identity and Access Management (IAM)
A UI-first Identity Access Management (IAM) / Single-Sign-On (SSO) platform supporting OAuth 2.0, OIDC, SAML and CAS, integrated with Casbin RBAC and ABAC permission management. Within a few steps, we can setup a Casdoor app and realize our authorization management. Casdoor has a front-end back-end separation architecture, with maneuverable web UI and supporting high concurrency. Casdoor is supporting multi-languages, using i18n to support multi-languages UI. For more languages support, welcome to propose in our community. Casdoor SDK provides many functions, such as identity authentication, user management, resource upload, etc. Access to Casdoor is very convenient, please visit How to Connect to Casdoor for details. Casdoor also support sign up directly. By filling your Username, Display name, Password and Email, after your receive your Email code, you can sign up in Casdoor. -
8
Step Certificates
A private certificate authority (X.509 & SSH) & ACME server
Open Source step-ca provides the infrastructure, automations, and workflows to securely create and operate a private certificate authority. step-ca makes it easy for developers, operators and security teams to manage certificates for production workloads. Get a public key infrastructure and certificate authority running in minutes. Automate enrollment using ACME, OIDC, one-time tokens, cloud APIs and more. Use systemD timers, daemon mode, cron jobs, CI/CD, and more to automate certificate management. Build and operate systems using secure open standards (e.g. X.509, mTLS, JWT, OAuth, OIDC). step-ca is an online certificate authority for secure, automated certificate management. For people, in exchange for single sign-on ID tokens. For hosts, in exchange for cloud instance identity documents. Whatever your use case, step-ca is easy to use and hard to misuse. -
9
ZITADEL
Identity infrastructure, simplified for you
Secure authentication management for your application. Customize as you grow, with easy APIs and programmable workflows. Focus on growing, your login is in good hands. Streamline your application development with our all-in-one identity suite. Designed for all user types, be it consumers, businesses, or employees. Offload complex tasks by using our API as solid abstractions. Benefit from an adaptable identity infrastructure with custom code extensions and robust security defaults. -
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
10
truffleHog
Searches through git repositories for high entropy strings and secrets
truffleHog searches through git repositories for high entropy strings and secrets, digging deep into commit history. TruffleHog runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs. Secrets can be found anywhere, so TruffleHog scans more than just code repositories, including SaaS and internally hosted software. With support for custom integrations and new integrations added all the time, you can secure your secrets across your entire environment. TruffleHog is developed by a team entirely comprised of career security experts. Security is our passion and primary concern, and all features are developed with best practices in mind. TruffleHog enables you to track and manage secrets within our intuitive management interface, including links to exactly where secrets have been found. TruffleHog runs quietly in the background, continuously scanning your environment for secrets. -
11
authentik
The authentication glue you need
authentik is an open-source Identity Provider that emphasizes flexibility and versatility. It can be seamlessly integrated into existing environments to support new protocols. authentik is also a great solution for implementing sign-up, recovery, and other similar features in your application, saving you the hassle of dealing with them. authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols, implement sign-up/recovery/etc. in your application so you don't have to deal with it, and many other things. You can adopt authentik to your environment, regardless of your requirements. Need an Active-Directory integrated SSO Provider? Do you want to implement a custom enrollment process for your customers? Are you developing an application and don't want to deal with User verification and recovery? authentik can do all of that, and more. -
12
Better Auth
The most comprehensive authentication library for TypeScript
Better Auth is framework-agnostic authentication (and authorization) library for TypeScript. It provides a comprehensive set of features out of the box and includes a plugin ecosystem that simplifies adding advanced functionalities with minimal code in a short amount of time. Whether you need 2FA, multi-tenant support, or other complex features. It lets you focus on building your actual application instead of reinventing the wheel. -
13
Central Authentication Service (CAS)
Identity & Single Sign On for all earthlings and beyond
Welcome to the home of the Apereo Central Authentication Service project, more commonly referred to as CAS. CAS is an enterprise multilingual single sign-on solution and identity provider for the web and attempts to be a comprehensive platform for your authentication and authorization needs. CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name hosted here, with support for a plethora of additional authentication protocols and features. Monitor and track application and system behavior, statistics and metrics in real-time. Manage and review audits and logs centrally, and publish data to a variety of downstream systems. Manage and register client applications and services with specific authentication policies. Cross-platform client support (Java, .NET, PHP, Perl, Apache, etc). -
14
passport-facebook
Facebook authentication strategy for Passport and Node.js.
passport-facebook is a Passport strategy for authenticating users with their Facebook credentials using the OAuth 2.0 protocol, enabling Node.js applications to let visitors log in with their Facebook account easily. It manages the redirection to Facebook’s login page, the authorization code exchange, and the retrieval of basic profile information, reducing the boilerplate developers would otherwise write to integrate with Facebook’s API manually. When used with Express and Passport, the strategy triggers redirects and callback handling automatically based on configured routes, so developers can focus on application logic like user onboarding and account linkage. The module normalizes the returned user profile into a consistent format so you can store or use profile data with minimal translation. It also handles secure token exchange and sanitization of inputs to protect against common OAuth attacks. -
15
Zentyal, Linux Small Business Server
Zentyal is a Linux Small Business Server
Zentyal Server is an easy to use and affordable Linux server, specially designed to meet the needs of small and medium businesses Thanks to Zentyal's Samba integration, Zentyal provides native compatibility with Microsoft Active Directory, allowing you to join Microsoft clients to a domain and manage them easily. Zentyal Server incorporates all the network services required in a small and medium business environment: * Directory & Domain Server with native compatibility with Microsoft Active Directory * Mail Server with ActiveSync and webmail * Gateway with firewall and proxy * Infrastructure Server with DNS/DHCP server, Certification Authority and Virtual Private Networks For more information and download, please access the project's home page. -
16
-
17
OpenPAM is an open source PAM library that focuses on simplicity, correctness, and portability.
-
18
LDAP Explorer is a multi platform, graphical LDAP tool that enables you to browse, modify and manage LDAP servers.
-
19
Apereo CAS WAR Overlay Template
Apereo CAS WAR Overlay template
Welcome to the home of the Apereo Central Authentication Service project, more commonly referred to as CAS. CAS is an enterprise multilingual single sign-on solution and identity provider for the web and attempts to be a comprehensive platform for your authentication and authorization needs. CAS Overlay Template is a ready-to-use template for quickly deploying the Apereo CAS (Central Authentication Service) server, simplifying authentication management for developers. -
20
Authenticator Pro
Two-Factor Authentication (2FA) client for Android + Wear OS
Authenticator Pro is a free and open-source two-factor authentication app for Android. It features encrypted backups, icons, categories, a high level of customization, and even a Wear OS app. Unlike some alternative apps, Authenticator Pro gives you control over your data. You can import from other apps and export at any time. Authenticator Pro is a community-backed open-source project which aims to provide privacy and security to users. The source-code is auditable by anyone on GitHub and released under the GPL 3.0 license. The project has no corporate ties or interests but, rather has the purpose of providing a secure and private two-factor authentication solution to the privacy-conscious. Unlike alternative user-hostile applications, Authenticator Pro does not lock-in your data or communicate with distant servers. Everything is safely protected in the app and can be exported at any time. -
21
Google Auth Library
Google Auth Library for Node.js
This is Google's officially supported node.js client library for using OAuth 2.0 authorization and authentication with Google APIs. Use Application Default Credentials when you use a single identity for all users in your application. Especially useful for applications running on Google Cloud. Application Default Credentials also support workload identity federation to access Google Cloud resources from non-Google Cloud platforms. Use JWT when you are using a single identity for all users. Especially useful for server->server or server->API communication. Use workload identity federation to access Google Cloud resources from Amazon Web Services (AWS), Microsoft Azure or any identity provider that supports OpenID Connect (OIDC). Use workforce identity federation to access Google Cloud resources using an external identity provider (IdP) to authenticate and authorize a workforce—a group of users, such as employees, partners, and contractors. -
22
Howdy For Linux
Windows Hello style facial authentication for Linux
Howdy provides Windows Hello™ style authentication for Linux. Use your built-in IR emitters and camera in combination with facial recognition to prove who you are. Using the central authentication system (PAM), works everywhere you would otherwise need your password: Login, lock screen, sudo, su, etc. -
23
ORY Oathkeeper
A cloud native Identity & Access Proxy / API (IAP)
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. The BeyondCorp Model is designed by Google and secures applications in Zero-Trust networks. An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable of authenticating and optionally authorizing access requests. The Access Control Decision API can be deployed alongside an existing API Gateway or reverse proxy. Ory offers a support plan for Ory Network Hybrid, including Ory on private cloud deployments. If you have a self-hosted solution and would like help, consider a support plan! The team at Ory has years of experience in cloud computing. Ory's offering is the only official program for qualified support from the maintainers. -
24
jwt-auth
JSON web token authentication for Laravel and Lumen
jwt-auth provides a simple means of authentication within Laravel using JSON Web Tokens (spec). There are several ways to create a token within the package. There are simple ways to do it, and more advanced methods if you want greater control. The most common way to create a token would be to authenticate the user via their login credentials, and if successful return a token corresponding to that user. You can also skip user authentication and just pass in a User object. Once a user has logged in with their credentials, then the next step would be to make a subsequent request, with the token, to retrieve the users' details, so you can show them as being logged in. To make authenticated requests via http using the built in methods, you will need to set an authorization header. If you don't like the idea of catching mulitple exceptions inline, then you are free to add a global exception handler with Laravel. -
25
CID
Insert and manage Linux computers in AD
CID (Closed In Directory) is a set of bash scripts for inserting and managing Linux computers in Active Directory domains. Modifications made to the system allow Linux to behave like a Windows computer within AD.
