squash! Update README file

Yubico · Dec 16, 2024 · 0096fbd · 0096fbd
1 parent 80c780d
commit 0096fbd
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 7 deletions.
diff --git a/README b/README
@@ -250,8 +250,6 @@ as SSH.
 conf_file=file::
 Set an alternative location for the <<confFile,configuration file>>.
 The supplied path must be absolute.
-This argument is special, in that it can only appear in a file under
-`/etc/pam.d/`, and not in a configuration file.
 
 
 IMPORTANT: On dynamic networks (e.g. where hostnames are set by DHCP),
@@ -422,12 +420,17 @@ restarts from the top of the list.
 == Configuration file
 
 A global configuration file can be supplied in order to override
-the hard-wired defaults for the module arguments.
+the hard-wired defaults for the `pam_u2f.so` module arguments.
 
-The file can contain, one per line, the same arguments as
-<<moduleArguments,defined above>>.
-Brackets around arguments are *not* needed in order to get spaces
-correctly recognized.
+The file can contain the same arguments as
+<<moduleArguments,defined above>> with a few caveats:
+- The `conf_file=` argument is special, in that it can only appear in a file
+  under `/etc/pam.d/`, and not in the `pam_u2f.so` configuration file itself.
+- Brackets around arguments are *not* needed in order to get spaces correctly
+  recognized.
+
+Arguments appear one per line.
+Heading whitespaces are ignored.
 Lines starting with `#` and empty lines are interpreted as comments.
 
 The default position of the configuration file is

diff --git a/man/pam_u2f.8.txt b/man/pam_u2f.8.txt
@@ -88,6 +88,7 @@ will be ignored.
 Set to prompt a message and wait before testing the presence of a U2F
 device. Recommended if your device doesn't have tactile trigger.
 
+
 *[prompt=your prompt here]*::
 Set individual prompt message for interactive mode. Watch the square
 brackets around this parameter to get spaces correctly recognized by
@@ -134,6 +135,11 @@ FIDO devices. It is not possible to mix native credentials and SSH
 credentials. Once this option is enabled all credentials will be parsed
 as SSH.
 
+*conf_file*=_path_::
+Set an alternative location for the configuration file.
+The supplied path must be absolute.
+See *CONFIGURATION FILE*.
+
 == EXAMPLES
 
 Second factor authentication deferring user verification configuration to the
@@ -162,6 +168,26 @@ mapping file in an encrypted home directory, will result in the
 impossibility of logging into the system. The partition is decrypted
 after login and the mapping file can not be accessed.
 
+== CONFIGURATION FILE
+A global configuration file can be supplied in order to override
+the hard-wired defaults for the `pam_u2f.so` module arguments.
+
+The file can contain the same arguments as defined above, with a few caveats:
+- The `conf_file=` argument is special, in that it can only appear in a file
+  under `/etc/pam.d/`, and not in the `pam_u2f.so` configuration file itself.
+- Brackets around arguments are *not* needed in order to get spaces correctly
+  recognized.
+
+Arguments appear one per line.
+Heading whitespaces are ignored.
+Lines starting with `#` and empty lines are interpreted as comments.
+
+The default position of the configuration file is
+`/etc/security/pam_u2f.conf`.
+Individual files under `/etc/pam.d/` can override such path
+file by means of the `conf_file=` argument.
+The override will not affect other `/etc/pam.d/` files.
+
 == NOTES
 
 *Nodetect*