make install: Install example conf file

pam_usb/Makefile

@@ -39,6 +39,7 @@ TOOLS_DEST	:= $(DESTDIR)/usr/bin
 # Binaries
 RM		:= rm
 INSTALL		:= install
+MKDIR		:= mkdir
 
 ifeq (yes, ${DEBUG})
 	CFLAGS := ${CFLAGS} -ggdb
@@ -59,10 +60,12 @@ clean		:
 		$(RM) -f $(PAM_USB) $(PUSB_CHECK) $(OBJS) $(PUSB_CHECK_OBJS) $(PAM_USB_OBJS)
 
 install		: all
+		$(MKDIR) -p /etc/pusb
 		$(INSTALL) -m644 $(PAM_USB) $(PAM_USB_DEST)
 		$(INSTALL) -m755 $(PUSB_CHECK) $(TOOLS_DEST)
 		$(INSTALL) -m755 $(PUSB_ADM) $(TOOLS_DEST)
 		$(INSTALL) -m755 $(PUSB_HOTPLUG) $(TOOLS_DEST)
+		$(INSTALL) -m644 doc/pusb.conf-example /etc/pusb
 
 deinstall	:
 		$(RM) -f $(PAM_USB_DEST)/$(PAM_USB)

pam_usb/doc/pusb.conf-example

@@ -0,0 +1,146 @@
+<!--
+pusb.conf-example
+Sample configuration file for pam_usb.
+
+Use pusb_check to test your settings.
+Example: pusb_check -d -u root -s gdm
+-->
+
+<configuration>
+
+	<!-- Default options -->
+	<defaults>
+
+		<!-- Enable pam_usb -->
+		<!-- <option name="enable">true</option> -->
+
+		<!-- Enable debug output -->
+		<!-- <option name="debug">false</option> -->
+
+		<!-- Quiet mode (no verbose output) -->
+		<!-- <option name="quiet">false</option> -->
+
+		<!-- Whether or not enable colored logging -->
+		<!-- <option name="color_log">true</option> -->
+
+		<!-- Enable one time pad -->
+		<!-- <option name="one_time_pad">true</option> -->
+
+		<!-- Time (in seconds) to wait for the volume to be detected -->
+		<!-- <option name="probe_timeout">10</option> -->
+
+		<!-- Computer name, defaults to the hostname -->
+		<!-- <option name="hostname">hostname</option> -->
+
+		<!-- Relative path to the user's home used to store one time pads -->
+		<!-- <option name="system_pad_directory">.pusb</option> -->
+
+		<!-- Relative path to the device used to store one time pads -->
+		<!-- <option name="device_pad_directory">.pusb</option> -->
+	</defaults>
+
+	<!-- Device settings -->
+	<devices>
+		<!-- Syntax:
+		<device id="arbitrary device name">
+			<vendor>device's vendor</vendor>
+			<model>device's model</model>
+			<serial>device's serial number</serial>
+			<volume_uuid>UUID of the volume used for one time pads</volume_uuid>
+			<option name="option name">value</option>
+			<option name="another option">another value</option>
+		</device>
+		-->
+
+		<!-- You can use the pusb_adm tool which will
+			 automatically detect your device properties (vendor, model,
+			 serial, uuid) and write a configuration block in this file.
+
+			 See pusb_adm -h for more informations.
+		-->
+
+		<!-- Example: -->
+		<!--
+		<device id="foo">
+			<vendor>Generated by pusb_adm</vendor>
+			<model>Generated by pusb_adm</model>
+			<serial>Generated by pusb_adm</serial>
+			<volume_uuid>Generated by pusb_adm</volume_uuid>
+			<option name="probe_timeout">15</option>
+		</device>
+		-->
+	</devices>
+
+
+	<!-- User settings -->
+	<users>
+		<!-- Syntax:
+			<user id="login name">
+				<device>device name</device>
+				<hotplug event="lock">lock command</hotplug>
+				<hotplug event="unlock">unlock command</hotplug>
+				<option name="option name">value</option>
+				<option name="another option">another value</option>
+			</user>
+		-->
+
+		<!-- Examples: -->
+
+		<!-- Authenticate user "foo" with device "dev" -->
+		<!--
+		<user id="foo">
+			<device>dev</device>
+		</user>
+		-->
+
+		<!-- Authenticate user "bar" with device "dev2", without using
+		     one time pads.
+		-->
+		<!--
+		<user id="bar">
+			<device>dev2</device>
+			<option name="one_time_pad">false</option>
+		</user>
+		-->
+
+		<!-- If you're using pusb_hotplug, you can setup commands
+		     to be executed to lock or unlock the system as soon
+		     as the device is inserted (and authenticated) or removed.
+		-->
+		<!--
+		<user id="user name">
+			<device>dev2</device>
+			<hotplug event="lock">gnome-screensaver-command -lock</hotplug>
+			<hotplug event="unlock">gnome-screensaver-command -deactivate</hotplug>
+		</user>
+		-->
+	</users>
+
+	<!-- Services settings (e.g. gdm, su, sudo...) -->
+	<services>
+		<!-- Syntax is:
+			<service id="service name">
+				<option name="option name">value</option>
+				<option name="another option">another value</option>
+			</service>
+		-->
+
+		<!-- Examples: -->
+
+		<!-- Disable pam_usb for su -->
+		<!--
+		<service id="su">
+			<option name="enable">false</option>
+		</service>
+		-->
+
+		<!-- Speed up hotplug events by disabling one time pads
+		     for pusb_hotplug.
+		-->
+		<!--
+		<service id="pusb_hotplug">
+			<option name="one_time_pad">false</option>
+		</service>
+		-->
+	</services>
+</configuration>

pam_usb/pusb.conf

@@ -1,44 +0,0 @@
-<configuration>
-	<defaults>
-		<option name="one_time_pad">true</option>
-		<option name="probe_timeout">10</option>
-		<option name="system_pad_directory">/usr/share/pam_usb/pads</option>
-		<option name="device_pad_directory">.auth</option>
-	</defaults>
-
-	<devices>
-		<device id="foobar">
-			<vendor>SanDisk Corp.</vendor>
-			<model>Cruzer Titanium</model>
-			<serial>SNDKB882652FC4A03701</serial>
-			<volume_uuid>3B69-1AFD</volume_uuid>
-		</device>
-	</devices>
-
-
-	<users>
-		<user id="scox">
-			<device>foobar</device>
-			<!--<option name="one_time_pad">false</option> -->
-		</user>
-
-		<user id="root">
-			<device>foobar</device>
-		</user>
-	</users>
-
-	<services>
-		<!-- Disable pam_usb for sshd (nonsense) -->
-		<service id="ssh">
-			<option name="enable">false</option>
-		</service>
-
-		<!-- Speed up 'login' authentication by disabling one time pads.
-		     This setting will not affect user 'root' as he/she is
-		     enforcing one time pads (enforce_otp).
-		-->
-		<service id="login">
-			<option name="one_time_pad">false</option>
-		</service>
-	</services>
-</configuration>