Hardware authentication for Linux using ordinary USB Flash Drives.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

146 lines
3.7 KiB

<!--
pusb.conf-example
Sample configuration file for pam_usb.
Use pusb_check to test your settings.
Example: pusb_check -d -u root -s gdm
-->
<configuration>
<!-- Default options -->
<defaults>
<!-- Enable pam_usb -->
<!-- <option name="enable">true</option> -->
<!-- Enable debug output -->
<!-- <option name="debug">false</option> -->
<!-- Quiet mode (no verbose output) -->
<!-- <option name="quiet">false</option> -->
<!-- Whether or not enable colored logging -->
<!-- <option name="color_log">true</option> -->
<!-- Enable one time pad -->
<!-- <option name="one_time_pad">true</option> -->
<!-- Time (in seconds) to wait for the volume to be detected -->
<!-- <option name="probe_timeout">10</option> -->
<!-- Computer name, defaults to the hostname -->
<!-- <option name="hostname">hostname</option> -->
<!-- Relative path to the user's home used to store one time pads -->
<!-- <option name="system_pad_directory">.pusb</option> -->
<!-- Relative path to the device used to store one time pads -->
<!-- <option name="device_pad_directory">.pusb</option> -->
</defaults>
<!-- Device settings -->
<devices>
<!-- Syntax:
<device id="arbitrary device name">
<vendor>device's vendor</vendor>
<model>device's model</model>
<serial>device's serial number</serial>
<volume_uuid>UUID of the volume used for one time pads</volume_uuid>
<option name="option name">value</option>
<option name="another option">another value</option>
</device>
-->
<!-- You can use the pusb_adm tool which will
automatically detect your device properties (vendor, model,
serial, uuid) and write a configuration block in this file.
See pusb_adm -h for more informations.
-->
<!-- Example: -->
<!--
<device id="foo">
<vendor>Generated by pusb_adm</vendor>
<model>Generated by pusb_adm</model>
<serial>Generated by pusb_adm</serial>
<volume_uuid>Generated by pusb_adm</volume_uuid>
<option name="probe_timeout">15</option>
</device>
-->
</devices>
<!-- User settings -->
<users>
<!-- Syntax:
<user id="login name">
<device>device name</device>
<hotplug event="lock">lock command</hotplug>
<hotplug event="unlock">unlock command</hotplug>
<option name="option name">value</option>
<option name="another option">another value</option>
</user>
-->
<!-- Examples: -->
<!-- Authenticate user "foo" with device "dev" -->
<!--
<user id="foo">
<device>dev</device>
</user>
-->
<!-- Authenticate user "bar" with device "dev2", without using
one time pads.
-->
<!--
<user id="bar">
<device>dev2</device>
<option name="one_time_pad">false</option>
</user>
-->
<!-- If you're using pusb_hotplug, you can setup commands
to be executed to lock or unlock the system as soon
as the device is inserted (and authenticated) or removed.
-->
<!--
<user id="user name">
<device>dev2</device>
<hotplug event="lock">gnome-screensaver-command -lock</hotplug>
<hotplug event="unlock">gnome-screensaver-command -deactivate</hotplug>
</user>
-->
</users>
<!-- Services settings (e.g. gdm, su, sudo...) -->
<services>
<!-- Syntax is:
<service id="service name">
<option name="option name">value</option>
<option name="another option">another value</option>
</service>
-->
<!-- Examples: -->
<!-- Disable pam_usb for su -->
<!--
<service id="su">
<option name="enable">false</option>
</service>
-->
<!-- Speed up hotplug events by disabling one time pads
for pusb_hotplug.
-->
<!--
<service id="pusb_hotplug">
<option name="one_time_pad">false</option>
</service>
-->
</services>
</configuration>