Provided by: libpam-u2f_1.0.4-2_amd64 bug

NAME
       pam_u2f - Module for U2F authentication


SYNOPSIS
       pam_u2f [...]


DESCRIPTION
       The module provides U2F authentication against Yubikeys and other compliant
       authenticators.


OPTIONS
       debug
           Turns on debugging to STDOUT

       origin=origin
           Set the origin for the U2F authentication procedure. If no value is specified, the
           origin "pam://$HOSTNAME" is used.

       appid=appid
           Set the application ID for the U2F authentication procedure. If no value is specified,
           the same value used for origin is taken ("pam://$HOSTNAME" if also origin is not
           specified).

       authfile=file
           Set the location of the file that holds the mappings of user names to keyHandles and
           user keys. The format is username:keyHandle1,public_key1:keyHandle2,public_key2:...
           the default location of the file is $XDG_CONFIG_HOME/Yubico/u2f_keys. If the
           environment variable is not set, $HOME/.config/Yubico/u2f_keys is used.

       nouserok
           Set to enable authentication attempts to succeed even if the user trying to
           authenticate is not found inside authfile.

       alwaysok
           Set to enable all authentication attempts to succeed (aka presentation mode).

       max_devices=n_devices
           Maximum number of devices allowed per user (default is 24). Devices specified in the
           authentication file that exceed this value will be ignored.

       interactive
           Set to prompt a message and wait before testing the presence of a U2F device.
           Recommended if your device doesn’t have tactile trigger.

       manual
           Set to drop to a manual console where challenges are printed on screen and response
           read from standard input. Useful for debugging and SSH sessions without U2F-support
           from the SSH client/server. If enabled, interactive mode becomes redundant and has no
           effect.

       cue
           Set to prompt a message to remind to touch the device.


EXAMPLES
       auth sufficient pam_u2f.so debug origin=pam://$HOSTNAME appid=pam://$HOSTNAME

       auth required pam_u2f.so origin=http://example.com appid=http://example.com
       authfile=/etc/yubikey_mappings


CAVEATS
       Using pam-u2f to secure the login to a computer while storing the mapping file in an
       encrypted home directory, will result in the impossibility of logging into the system. The
       partition is decrypted after login and the mapping file can not be accessed.


BUGS
       Report pam-u2f bugs in the issue tracker: https://github.com/Yubico/pam-u2f/issues


SEE ALSO
       pam(7)

       The pam-u2f home page: https://developers.yubico.com/pam-u2f/

       YubiKeys can be obtained from Yubico: http://www.yubico.com/