From 6befb43adfda83206bb91bba1949739439cb2029 Mon Sep 17 00:00:00 2001 From: Giovanni Simoni Date: Wed, 18 Dec 2024 10:49:41 +0100 Subject: [PATCH] man: update with info about conf file --- man/pam_u2f.8.txt | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/man/pam_u2f.8.txt b/man/pam_u2f.8.txt index 4524d39..2340a60 100644 --- a/man/pam_u2f.8.txt +++ b/man/pam_u2f.8.txt @@ -134,6 +134,12 @@ FIDO devices. It is not possible to mix native credentials and SSH credentials. Once this option is enabled all credentials will be parsed as SSH. +*conf*=_path/to/pam_u2f.conf_:: +Set an alternative location for the configuration file. +The supplied path must be absolute and must correspond to an existing +regular file. +See *CONFIGURATION FILE*. + == EXAMPLES Second factor authentication deferring user verification configuration to the @@ -162,6 +168,27 @@ mapping file in an encrypted home directory, will result in the impossibility of logging into the system. The partition is decrypted after login and the mapping file can not be accessed. +== CONFIGURATION FILE + +A configuration file can be used to set the default module arguments. + +The file has a `name = value` format, with comments starting with the `#` +character. +White spaces at the beginning of line, end of line, and around +the `=` sign are ignored. + +Any `conf` argument in the configuration file is ignored. + +The maximum size for the configuration file is 4 KiB. + +The default path for the configuration file is +`/etc/security/pam_u2f.conf`. Note that it may have been set to another +value by the distribution. The default file is allowed to not exist. An +alternative path may be set in the module command line options. + +The options specified on the module command line override the values +from the configuration file. + == NOTES *Nodetect*