You're pledging to donate if the project hits its minimum goal and gets approved. If not, your funds will be returned.
OLA is an open-source local authentication decision daemon for Linux.
Linux authentication currently trusts too many places. PAM modules, desktop components, authenticators, and local agents can each become their own decision point. OLA draws a smaller boundary:
Clients ask.
Adapters bring evidence.
ola-core decides.
The decision is audited.
The current repository proves the core path: Unix-socket IPC, kernel-set caller identity, adapter dispatch, single-use nonces, HMAC-bound evidence, policy evaluation, audit logging, rate limits, seccomp hardening, an experimental PAM bridge, and a demo FIDO2-shaped adapter.
OLA is not production-ready yet. Real hardware authentication, a direct non-PAM client, root-resistant audit checkpointing, distro packaging, and production PAM hardening are still planned.
The goal is to turn OLA from a hardened prototype into reviewable public Linux authentication infrastructure.
The project will do this by keeping the trust boundary narrow:
PAM remains the compatibility layer.
Adapters produce bounded authentication evidence.
ola-core owns the local decision boundary.
Policy is evaluated in one place.
Every returned decision is written to an audit record before allow or deny is returned.
The next proof is to add real evidence and a path outside PAM:
real FIDO2 adapter using libfido2
enrollment and credential mapping for real FIDO2
audit verifier for the existing hash chain
first audit hash export or checkpoint path
ola-verify CLI as the first direct non-PAM client
action-aware protocol v2 design
After that, the project can move toward production readiness: PAM bridge hardening, sudo/login/display-manager testing, distro packaging, release signing, provenance, and external security review.
Funding will be used to move OLA from prototype to the next reviewable milestone.
The priority work is:
build a real FIDO2 adapter using libfido2
add enrollment and credential mapping
build an audit verifier for the existing local hash chain
add the first audit hash export or checkpoint path
build ola-verify as a direct non-PAM client
design action-aware protocol v2 for login, sudo, unlock, enrollment, recovery, and admin changes
add protocol fixtures and adapter conformance tests
improve operator and adapter-author documentation
The minimum funding would support a smaller slice of this work, such as scoping, documentation, protocol fixtures, and one narrow implementation milestone. Full funding would support the larger next-proof milestone: real FIDO2 evidence, a non-PAM client, and verifiable audit work.
I am a solo developer and have been working on this project for the past 10 months.
Current track record:
hardened local daemon request path
v1 client and adapter protocol
demo adapter proving adapter attestation and dispatch
local audit hash chain
experimental PAM bridge demo path
Project’s boundaries, threat model, architecture, protocol, audit design, install path, roadmap, related work, and security reporting process are well documented so far.
The real FIDO2 adapter and enrollment flow take longer than expected
The PAM bridge remains experimental and is not ready for real login stacks
No direct non-PAM client is completed, leaving OLA mostly proven through PAM compatibility and protocol tests
The audit path remains only locally tamper-evident, without checkpointing or forwarding that can survive root access
Production readiness work such as distro packaging, release signing, provenance, external review, and real sudo/login/display-manager testing does not happen soon enough
If the project fails, the likely outcome is still useful but smaller: OLA remains a documented experimental prototype with a hardened daemon, protocol, demo adapter, local audit hash chain, and clear threat model. It would not yet become production Linux authentication infrastructure.
I have raised $0 for OLA in the last 12 months.