pam_ihosts is a PAM module that can allow/deny login on the basis of IP address, MAC address or the country-code/registrar associated with an IP. It uses the allocated ip-range files that are downloadable from Regional Internet Registries. pam_ihosts can also check in whitelist/blacklist files and in DNS whitelists/blacklists.
ConsoleKit2 is a continuation fork of ConsoleKit for managing user sessions, logins, and tracking seats. It's an alternative to systemd-logind, and intended for XFCE as compatibility layer to run on the various BSD systems. It interates many patches since ConsoleKit was unmaintained, utilizes recent dbus, glib, X11, libkvm, PAM, udev, inotify and pm-utils bindings.
pam_mapi is a PAM module for authenticating against a Kopano or Zarafa server. It is intended to be used as a bridge between SASL daemons providing SMTP authentication and a Kopano/Zafara user information database.
A PAM session module for setting resource limits using both rlimit and cgroup2 systems. It creates a cgroup for every login and applies various resource limits to it.
pam_honeycreds.so is a pam module that watches for particular passwords being used in login attempts. Simply watching for 'wrong' passwords can generate a lot of noise, due to people mistyping their passwords. With pam_honeycreds an admin can leave fake password lists around on their network, and then get an alert if any of those passwords are ever used. It can also be used to monitor for bruteforcers using the top passwords, or for internal passwords being used by bruteforcers against internet-
A linux PAM module that allows using USB flashdrives as authentcation tokens. Written mostly as a learning exercise, the code has been commented in the hope of providing a template to others interested in creating PAM modules. It can be used in combination with password authentication to prevent login or 'su' unless a particular usb-key is plugged into the system.