rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-19 16:52:17 +01:00
Code Issues Projects Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
Henrik Stråth 2014-10-29 14:57:34 +01:00
parent 6ddea6426d
commit acaf01ba0d
1 changed files with 22 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
README
View File

@ -171,18 +171,18 @@ ykclient_set_url_bases. The list should be in the format :
`https://server/wsapi/2.0/verify;https://server/wsapi/2.0/verify` `https://server/wsapi/2.0/verify;https://server/wsapi/2.0/verify`
url:: url::
This option should not be used, please use the urllist This option should not be used, please use the urllist
option instead. option instead.
Specify the URL template to use, this is set by calling Specify the URL template to use, this is set by calling
yubikey_client_set_url_template, which defaults to: yubikey_client_set_url_template, which defaults to:
https://api.yubico.com/wsapi/verify?id=%d&otp=%s `https://api.yubico.com/wsapi/verify?id=%d&otp=%s`
or or
https://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s `https://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s`
depending on your version of yubico-c-client. depending on your version of yubico-c-client.
capath:: capath::
specify the path where X509 certificates are stored. This is specify the path where X509 certificates are stored. This is
@ -190,15 +190,15 @@ required if 'https' or 'ldaps' are used in 'url' and 'ldap_uri'
respectively. respectively.
verbose_otp:: verbose_otp::
This argument is used to show the OTP (One Time Password) when it This argument is used to show the OTP (One Time Password) when it
is entered, i.e. to enable terminal echo of entered characters. is entered, i.e. to enable terminal echo of entered characters.
You are advised to not use this, if you are using two factor You are advised to not use this, if you are using two factor
authentication because that will display your password on the authentication because that will display your password on the
screen. screen.
This requires the service using the PAM module to This requires the service using the PAM module to
display custom fields. For example, OpenSSH requires display custom fields. For example, OpenSSH requires
you to configure `ChallengeResponseAuthentication no`. you to configure `ChallengeResponseAuthentication no`.
ldap_uri:: specify the LDAP server URI (e.g. ldap://localhost). ldap_uri:: specify the LDAP server URI (e.g. ldap://localhost).
@ -231,8 +231,6 @@ with HMAC-SHA-1 Challenge-Response configurations. See the
man-page ykpamcfg(1) for further details on how to configure man-page ykpamcfg(1) for further details on how to configure
offline Challenge-Response validation. offline Challenge-Response validation.
------
If you are using "debug" you may find it useful to create a If you are using "debug" you may find it useful to create a
world-writable log file: world-writable log file:
@ -280,9 +278,9 @@ Each user creates a ~/.yubico/authorized_yubikeys file inside of their home
directory and places the mapping in that file, the file must have only one directory and places the mapping in that file, the file must have only one
line: line:
------
<user name>:<Yubikey token ID1>:<Yubikey token ID2> <user name>:<Yubikey token ID1>:<Yubikey token ID2>
------
This is much the same concept as the SSH authorized_keys file. This is much the same concept as the SSH authorized_keys file.