-
Notifications
You must be signed in to change notification settings - Fork 0
/
pam_usb.conf
97 lines (89 loc) · 3.06 KB
/
pam_usb.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?xml version="1.0" ?><!--
pam_usb.conf: Configuration file for pam_usb.
See https://github.com/mcdope/pam_usb/wiki/Configuration
--><configuration>
<!-- Default options -->
<defaults>
<!-- Example:
<option name="debug">true</option>
<option name="deny_remote">true</option>
-->
<!-- <option name="quiet">true</option> -->
</defaults>
<!-- Device settings -->
<devices>
<!-- Example:
Note: You should use pamusb-conf to add devices automatically.
<device id="MyDevice">
<vendor>SanDisk Corp.</vendor>
<model>Cruzer Titanium</model>
<serial>SNDKXXXXXXXXXXXXXXXX</serial>
<volume_uuid>6F6B-42FC</volume_uuid>
<option name="probe_timeout">10</option>
</device>
-->
<device id="secrets-userauth">
<vendor>SanDisk</vendor>
<model>Ultra USB 3.0</model>
<serial>0101d8fb9229fee00501eaa0ec26e7148f771e8fda8c1fa162378e9cbd975560dc4c00000000000000000000282bf233009120009155810741a77293</serial>
<volume_uuid>4b11a4e4-140f-4d98-92a4-28219fc7eb63</volume_uuid>
</device></devices>
<!-- User settings -->
<users>
<!-- Note: Use pamusb-conf to add a user, then you can tweak
manually the configuration here if needed.
-->
<!-- Example:
Authenticate user scox using "MyDevice", and configure pamusb-agent
to automatically start/stop gnome-screensaver on key insertion and
removal:
<user id="scox">
<device>MyDevice</device>
<option name="quiet">true</option>
<agent event="lock">
<cmd>gnome-screensaver-command -\-lock</cmd>
<env>DISPLAY=:1</env>
<env>DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus</env>
<env>XAUTHORITY=/run/user/1000/gdm/Xauthority</env>
</agent>
<agent event="unlock">
<cmd>gnome-screensaver-command -\-deactivate</cmd>
<env>DISPLAY=:1</env>
<env>DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus</env>
<env>XAUTHORITY=/run/user/1000/gdm/Xauthority</env>
</Agent>
</user>
Configure user root to authenticate using MyDevice, but update one
time pads at every login (default is 1 hour):
<user id="root">
<device>MyDevice</device>
<option name="pad_expiration">0</option>
</user>
-->
<user id="dnw">
<device>secrets-userauth</device>
<agent event="lock">
<env>XSECURELOCK_AUTHPROTO=authproto_pam</env>
<env>XSECURELOCK_PAM_SERVICE=system-auth</env>
<env>XSECURELOCK_PASSWORD_PROMPT=time_hex</env>
<env>DISPLAY=:0.0</env> <!-- Possibly flaky. -->
<env>XAUTHORITY=/home/dnw/.Xauthority</env>
<cmd>xsecurelock</cmd>
</agent>
</user></users>
<!-- Services settings (e.g. gdm, su, sudo...) -->
<services>
<!-- Example: Speed up hotplugging by disabling one time pads -->
<!--
<service id="pamusb-agent">
<option name="one_time_pad">false</option>
</service>
-->
<!-- Disable output for 'su' (needed for gksu) -->
<!--
<service id="su">
<option name="quiet">true</option>
</service>
-->
</services>
</configuration>