diff options
Diffstat (limited to 'pam_usb.conf')
-rw-r--r-- | pam_usb.conf | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/pam_usb.conf b/pam_usb.conf new file mode 100644 index 0000000..0ad4f67 --- /dev/null +++ b/pam_usb.conf @@ -0,0 +1,97 @@ +<?xml version="1.0" ?><!-- +pam_usb.conf: Configuration file for pam_usb. + +See https://github.com/mcdope/pam_usb/wiki/Configuration +--><configuration> + <!-- Default options --> + <defaults> + <!-- Example: + <option name="debug">true</option> + <option name="deny_remote">true</option> + --> + <!-- <option name="quiet">true</option> --> + </defaults> + + <!-- Device settings --> + <devices> + <!-- Example: + Note: You should use pamusb-conf to add devices automatically. + <device id="MyDevice"> + <vendor>SanDisk Corp.</vendor> + <model>Cruzer Titanium</model> + <serial>SNDKXXXXXXXXXXXXXXXX</serial> + <volume_uuid>6F6B-42FC</volume_uuid> + <option name="probe_timeout">10</option> + </device> + --> +<device id="secrets-userauth"> + <vendor>SanDisk</vendor> + <model>Ultra USB 3.0</model> + <serial>0101d8fb9229fee00501eaa0ec26e7148f771e8fda8c1fa162378e9cbd975560dc4c00000000000000000000282bf233009120009155810741a77293</serial> + <volume_uuid>4b11a4e4-140f-4d98-92a4-28219fc7eb63</volume_uuid> +</device></devices> + + + <!-- User settings --> + <users> + <!-- Note: Use pamusb-conf to add a user, then you can tweak + manually the configuration here if needed. + --> + + <!-- Example: + Authenticate user scox using "MyDevice", and configure pamusb-agent + to automatically start/stop gnome-screensaver on key insertion and + removal: + <user id="scox"> + <device>MyDevice</device> + <option name="quiet">true</option> + <agent event="lock"> + <cmd>gnome-screensaver-command -\-lock</cmd> + <env>DISPLAY=:1</env> + <env>DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus</env> + <env>XAUTHORITY=/run/user/1000/gdm/Xauthority</env> + </agent> + <agent event="unlock"> + <cmd>gnome-screensaver-command -\-deactivate</cmd> + <env>DISPLAY=:1</env> + <env>DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus</env> + <env>XAUTHORITY=/run/user/1000/gdm/Xauthority</env> + </Agent> + </user> + + Configure user root to authenticate using MyDevice, but update one + time pads at every login (default is 1 hour): + <user id="root"> + <device>MyDevice</device> + <option name="pad_expiration">0</option> + </user> + --> + <user id="dnw"> + <device>secrets-userauth</device> + <agent event="lock"> + <env>XSECURELOCK_AUTHPROTO=authproto_pam</env> + <env>XSECURELOCK_PAM_SERVICE=system-auth</env> + <env>XSECURELOCK_PASSWORD_PROMPT=time_hex</env> + <env>DISPLAY=:0.0</env> <!-- Possibly flaky. --> + <env>XAUTHORITY=/home/dnw/.Xauthority</env> + <cmd>xsecurelock</cmd> + </agent> +</user></users> + + <!-- Services settings (e.g. gdm, su, sudo...) --> + <services> + <!-- Example: Speed up hotplugging by disabling one time pads --> + <!-- + <service id="pamusb-agent"> + <option name="one_time_pad">false</option> + </service> + --> + + <!-- Disable output for 'su' (needed for gksu) --> + <!-- + <service id="su"> + <option name="quiet">true</option> + </service> + --> + </services> +</configuration> |