Configuration file reference ============================ The configuration file is formatted in XML and subdivided in 4 sections: * Default options, shared among every device, user and service * Devices declaration and settings * Users declaration and settings * Services declaration and settings The syntax is the following: ```xml ``` Options -------
Name Type Default Description
enable Boolean true Enable pam_usb
debug Boolean false Enable debug messages
quiet Boolean false Quiet mode
color_log Boolean true Enable colored output
one_time_pad Boolean true Enable the use of one time pads
deny_remote Boolean true Deny access from remote host (ssh)
probe_timeout Time 10s Time to wait for the volume to be detected
pad_expiration Time 1h Time between pads regeneration
hostname String Computer's hostname Must be unique accross computers using the same device
system_pad_directory String .pamusb Relative path to the user's home used to store one time pads
device_pad_directory String .pamusb Relative path to the device used to store one time pads
Example: ```xml ``` Devices -------
Name Type Description Example
id Attribute Arbitrary device name MyDevice
vendor Element device's vendor name SanDisk Corp.
model Element device's model name Cruzer Titanium
serial Element serial number of the device SNDKXXXXXXXXXXXXXXXX
volume_uuid Element UUID of the device's volume used to store pads 6F6B-42FC
Example: ```xml SanDisk Corp. Cruzer Titanium SNDKXXXXXXXXXXXXXXXX 6F6B-42FC ``` Users -----
Name Type Description Example
id Attribute Login of the user root
device Element id of the device associated to the user MyDevice
agent env Element An environment variable for the command. For multiple variables use multiple env tags cmd Element Agent command, associated with env tags in the same agent element Element Agent commands, for use with pamusb-agent
Example: ```xml MyDevice DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus HOME=/home/scox gnome-screensaver-command --lock beep-media-player --pause DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus HOME=/home/scox gnome-screensaver-command --deactivate beep-media-player --play ``` Services --------
Name Type Description Example
id Attribute Name of the service su
Example: ```xml ``` Location of the configuration file ---------------------------------- By default, pam_usb.so and its tools will look for the configuration file at `/etc/security/pam_usb.conf`. If you want to use a different location, you will have to use the `-c` flag. # /etc/pam.d/common-auth auth sufficient pam_usb.so -c /some/other/path.conf auth required pam_unix.so nullok_secure You will also have to use the -c option when calling pam_usb's tools. pamusb-agent -c /some/other/path.conf