|
@ -0,0 +1,146 @@ |
|
|
|
|
|
<!-- |
|
|
|
|
|
pusb.conf-example |
|
|
|
|
|
Sample configuration file for pam_usb. |
|
|
|
|
|
|
|
|
|
|
|
Use pusb_check to test your settings. |
|
|
|
|
|
Example: pusb_check -d -u root -s gdm |
|
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
|
|
<configuration> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Default options --> |
|
|
|
|
|
<defaults> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Enable pam_usb --> |
|
|
|
|
|
<!-- <option name="enable">true</option> --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Enable debug output --> |
|
|
|
|
|
<!-- <option name="debug">false</option> --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Quiet mode (no verbose output) --> |
|
|
|
|
|
<!-- <option name="quiet">false</option> --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Whether or not enable colored logging --> |
|
|
|
|
|
<!-- <option name="color_log">true</option> --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Enable one time pad --> |
|
|
|
|
|
<!-- <option name="one_time_pad">true</option> --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Time (in seconds) to wait for the volume to be detected --> |
|
|
|
|
|
<!-- <option name="probe_timeout">10</option> --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Computer name, defaults to the hostname --> |
|
|
|
|
|
<!-- <option name="hostname">hostname</option> --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Relative path to the user's home used to store one time pads --> |
|
|
|
|
|
<!-- <option name="system_pad_directory">.pusb</option> --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Relative path to the device used to store one time pads --> |
|
|
|
|
|
<!-- <option name="device_pad_directory">.pusb</option> --> |
|
|
|
|
|
</defaults> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Device settings --> |
|
|
|
|
|
<devices> |
|
|
|
|
|
<!-- Syntax: |
|
|
|
|
|
<device id="arbitrary device name"> |
|
|
|
|
|
<vendor>device's vendor</vendor> |
|
|
|
|
|
<model>device's model</model> |
|
|
|
|
|
<serial>device's serial number</serial> |
|
|
|
|
|
<volume_uuid>UUID of the volume used for one time pads</volume_uuid> |
|
|
|
|
|
<option name="option name">value</option> |
|
|
|
|
|
<option name="another option">another value</option> |
|
|
|
|
|
</device> |
|
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
|
|
<!-- You can use the pusb_adm tool which will |
|
|
|
|
|
automatically detect your device properties (vendor, model, |
|
|
|
|
|
serial, uuid) and write a configuration block in this file. |
|
|
|
|
|
|
|
|
|
|
|
See pusb_adm -h for more informations. |
|
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Example: --> |
|
|
|
|
|
<!-- |
|
|
|
|
|
<device id="foo"> |
|
|
|
|
|
<vendor>Generated by pusb_adm</vendor> |
|
|
|
|
|
<model>Generated by pusb_adm</model> |
|
|
|
|
|
<serial>Generated by pusb_adm</serial> |
|
|
|
|
|
<volume_uuid>Generated by pusb_adm</volume_uuid> |
|
|
|
|
|
<option name="probe_timeout">15</option> |
|
|
|
|
|
</device> |
|
|
|
|
|
--> |
|
|
|
|
|
</devices> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- User settings --> |
|
|
|
|
|
<users> |
|
|
|
|
|
<!-- Syntax: |
|
|
|
|
|
<user id="login name"> |
|
|
|
|
|
<device>device name</device> |
|
|
|
|
|
<hotplug event="lock">lock command</hotplug> |
|
|
|
|
|
<hotplug event="unlock">unlock command</hotplug> |
|
|
|
|
|
<option name="option name">value</option> |
|
|
|
|
|
<option name="another option">another value</option> |
|
|
|
|
|
</user> |
|
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Examples: --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Authenticate user "foo" with device "dev" --> |
|
|
|
|
|
<!-- |
|
|
|
|
|
<user id="foo"> |
|
|
|
|
|
<device>dev</device> |
|
|
|
|
|
</user> |
|
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Authenticate user "bar" with device "dev2", without using |
|
|
|
|
|
one time pads. |
|
|
|
|
|
--> |
|
|
|
|
|
<!-- |
|
|
|
|
|
<user id="bar"> |
|
|
|
|
|
<device>dev2</device> |
|
|
|
|
|
<option name="one_time_pad">false</option> |
|
|
|
|
|
</user> |
|
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
|
|
<!-- If you're using pusb_hotplug, you can setup commands |
|
|
|
|
|
to be executed to lock or unlock the system as soon |
|
|
|
|
|
as the device is inserted (and authenticated) or removed. |
|
|
|
|
|
--> |
|
|
|
|
|
<!-- |
|
|
|
|
|
<user id="user name"> |
|
|
|
|
|
<device>dev2</device> |
|
|
|
|
|
<hotplug event="lock">gnome-screensaver-command -lock</hotplug> |
|
|
|
|
|
<hotplug event="unlock">gnome-screensaver-command -deactivate</hotplug> |
|
|
|
|
|
</user> |
|
|
|
|
|
--> |
|
|
|
|
|
</users> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Services settings (e.g. gdm, su, sudo...) --> |
|
|
|
|
|
<services> |
|
|
|
|
|
<!-- Syntax is: |
|
|
|
|
|
<service id="service name"> |
|
|
|
|
|
<option name="option name">value</option> |
|
|
|
|
|
<option name="another option">another value</option> |
|
|
|
|
|
</service> |
|
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Examples: --> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Disable pam_usb for su --> |
|
|
|
|
|
<!-- |
|
|
|
|
|
<service id="su"> |
|
|
|
|
|
<option name="enable">false</option> |
|
|
|
|
|
</service> |
|
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
|
|
<!-- Speed up hotplug events by disabling one time pads |
|
|
|
|
|
for pusb_hotplug. |
|
|
|
|
|
--> |
|
|
|
|
|
<!-- |
|
|
|
|
|
<service id="pusb_hotplug"> |
|
|
|
|
|
<option name="one_time_pad">false</option> |
|
|
|
|
|
</service> |
|
|
|
|
|
--> |
|
|
|
|
|
</services> |
|
|
|
|
|
</configuration> |