xenial (8) pam_u2f.8.gz

Provided by: pamu2fcfg_1.0.3-1_amd64 bug

NAME
       pam_u2f - Module for U2F authentication


SYNOPSIS
       pam_u2f [...]


DESCRIPTION
       The module provides U2F authentication against Yubikeys and other compliant authenticators.


OPTIONS
       debug
           Turns on debugging to STDOUT

       origin=origin
           Set the origin for the U2F authentication procedure. If no value is specified, the origin
           "pam://$HOSTNAME" is used.

       appid=appid
           Set the application ID for the U2F authentication procedure. If no value is specified, the same value
           used for origin is taken ("pam://$HOSTNAME" if also origin is not specified).

       authfile=file
           Set the location of the file that holds the mappings of user names to keyHandles and user keys. The
           format is username:keyHandle1,public_key1:keyHandle2,public_key2:... the default location of the file
           is $XDG_CONFIG_HOME/Yubico/u2f_keys. If the environment variable is not set,
           $HOME/.config/Yubico/u2f_keys is used.

       nouserok
           Set to enable authentication attempts to succeed even if the user trying to authenticate is not found
           inside authfile.

       alwaysok
           Set to enable all authentication attempts to succeed (aka presentation mode).

       max_devices=n_devices
           Maximum number of devices allowed per user (default is 24). Devices specified in the authentication
           file that exceed this value will be ignored.

       interactive
           Set to prompt a message and wait before testing the presence of a U2F device. Recommended if your
           device doesn’t have tactile trigger.

       manual
           Set to drop to a manual console where challenges are printed on screen and response read from
           standard input. Useful for debugging and SSH sessions without U2F-support from the SSH client/server.
           If enabled, interactive mode becomes redundant and has no effect.

       cue
           Set to prompt a message to remind to touch the device.


EXAMPLES
       auth sufficient pam_u2f.so debug origin=pam://$HOSTNAME appid=pam://$HOSTNAME

       auth required pam_u2f.so origin=http://example.com appid=http://example.com
       authfile=/etc/yubikey_mappings


BUGS
       Report pam-u2f bugs in the issue tracker: https://github.com/Yubico/pam-u2f/issues


SEE ALSO
       pam(7)

       The pam-u2f home page: https://developers.yubico.com/pam-u2f/

       YubiKeys can be obtained from Yubico: http://www.yubico.com/