PAM_U2F(8)
==========
:doctype:      manpage
:man source:   pam-u2f
:man manual:   PAM U2F Module Manual

== NAME
pam_u2f - Module for U2F authentication

== SYNOPSIS
*pam_u2f* [...]

== DESCRIPTION
The module provides U2F authentication against Yubikeys and other compliant authenticators.

== OPTIONS
*debug*::
Turns on debugging to STDOUT

*origin*=_origin_::
Set the origin for the U2F authentication procedure. If no value is specified, the origin "pam://$HOSTNAME" is used.

*appid*=_appid_::
Set the application ID for the U2F authentication procedure. If no value is specified, the same value used for origin is taken ("pam://$HOSTNAME" if also origin is not specified).

*authfile*=_file_::
Set the location of the file that holds the mappings of user names to keyHandles and user keys. The format is username:keyHandle1,public_key1:keyHandle2,public_key2:... the default location of the file is $XDG_CONFIG_HOME/Yubico/u2f_keys. If the environment variable is not set, $HOME/.config/Yubico/u2f_keys is used.

*nouserok*::
Set to enable authentication attempts to succeed even if the user trying to authenticate is not found inside authfile.

*alwaysok*::
Set to enable all authentication attempts to succeed (aka presentation mode).

*max_devices*=_n_devices_::
Maximum number of devices allowed per user (default is 24). Devices specified
in the authentication file that exceed this value will be ignored.

*interactive*::
Set to prompt a message and wait before testing the presence of a U2F device. Recommended if your device doesn't have tactile trigger.

*manual*::
Set to drop to a manual console where challenges are printed on screen and response read from standard input. Useful for debugging and SSH sessions without U2F-support from the SSH client/server. If enabled, interactive mode becomes redundant and has no effect.

*cue*::
Set to prompt a message to remind to touch the device.

== EXAMPLES

auth sufficient pam_u2f.so debug origin=pam://$HOSTNAME appid=pam://$HOSTNAME

auth required pam_u2f.so origin=http://example.com appid=http://example.com authfile=/etc/yubikey_mappings

== BUGS
Report pam-u2f bugs in the issue tracker: https://github.com/Yubico/pam-u2f/issues

== SEE ALSO
*pam*(7)

The pam-u2f home page: https://developers.yubico.com/pam-u2f/

YubiKeys can be obtained from Yubico: http://www.yubico.com/
