1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
'\" t
.\" Title: pamu2fcfg
.\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
.\" Date: Version 1.3.1
.\" Manual: PAM U2F Configuration Tool
.\" Source: pamu2fcfg
.\" Language: English
.\"
.TH "PAMU2FCFG" "1" "Version 1\&.3\&.1" "pamu2fcfg" "PAM U2F Configuration Tool"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pamu2fcfg \- Configuration tool for the U2F PAM module\&.
.SH "SYNOPSIS"
.sp
\fBpamu2fcfg\fR [\fIOPTION\fR]\&...
.SH "DESCRIPTION"
.sp
Perform a FIDO2/U2F registration procedure using a connected authenticator and output a configuration line that can be used with the U2F PAM module\&.
.SH "OPTIONS"
.PP
\fB\-d\fR, \fB\-\-debug\fR
.RS 4
Print debug information (highly verbose)
.RE
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Print help and exit
.RE
.PP
\fB\-o\fR, \fB\-\-origin\fR=\fISTRING\fR
.RS 4
Set the FIDO2 relying party ID to use during registration\&. Defaults to pam://hostname\&. Before pamu2fcfg v1\&.1\&.0, this set the U2F origin URL\&.
.RE
.PP
\fB\-i\fR, \fB\-\-appid\fR=\fISTRING\fR
.RS 4
Set the FIDO2 relying party name to use during registration\&. Defaults to
\fBorigin\fR\&. Before pamu2fcfg v1\&.1\&.0, this set the U2F application ID\&.
.RE
.PP
\fB\-r\fR, \fB\-\-resident\fR
.RS 4
Generate a resident credential\&. Defaults to off\&.
.RE
.PP
\fB\-t\fR, \fB\-\-type\fR=\fISTRING\fR
.RS 4
COSE type to use during registration (ES256, EDDSA, or RS256)\&. Defaults to ES256\&.
.RE
.PP
\fB\-P\fR, \fB\-\-no\-user\-presence\fR
.RS 4
Allow using the credential without ensuring the user\(cqs presence\&. Defaults to off\&.
.RE
.PP
\fB\-N\fR, \fB\-\-pin\-verification\fR
.RS 4
Require PIN verification during authentication\&. Defaults to off\&.
.RE
.PP
\fB\-V\fR, \fB\-\-user\-verification\fR
.RS 4
Require user verification during authentication\&. Defaults to off\&.
.RE
.sp
\fB\-\-version\fR: \fBPrint version and exit\fR
.PP
\fB\-u\fR, \fB\-\-username\fR=\fISTRING\fR
.RS 4
The name of the user registering the device\&. Defaults to the current user name\&.
.RE
.PP
\fB\-n\fR, \fB\-\-nouser\fR
.RS 4
Print only registration information (key handle, public key, and options)\&. Useful for appending\&.
.RE
.SH "BUGS"
.sp
Report pamu2fcfg bugs in the issue tracker: https://github\&.com/Yubico/pam\-u2f/issues
.SH "SEE ALSO"
.sp
\fBpam_u2f\fR(8), \fBpam\fR(7), \fBfido2\-token\fR(1)
.sp
The pam\-u2f home page: https://developers\&.yubico\&.com/pam\-u2f/
.sp
YubiKeys can be obtained from Yubico: https://www\&.yubico\&.com/
|
