SYNOPSIS

pamu2fcfg [OPTION]…

DESCRIPTION

Perform a FIDO2/U2F registration procedure using a connected authenticator and output a configuration line that can be used with the U2F PAM module.

OPTIONS

-d, --debug

Print debug information (highly verbose)

-h, --help

Print help and exit

-o, --origin=STRING

Set the FIDO2 relying party ID to use during registration. Defaults to pam://hostname. Before pamu2fcfg v1.1.0, this set the U2F origin URL.

-i, --appid=STRING

Set the FIDO2 relying party name to use during registration. Defaults to origin. Before pamu2fcfg v1.1.0, this set the U2F application ID.

-r, --resident

Generate a resident credential. Defaults to off.

-t, --type=STRING

COSE type to use during registration (ES256, EDDSA, or RS256). Defaults to ES256.

-P, --no-user-presence

Allow using the credential without ensuring the user’s presence. Defaults to off.

-N, --pin-verification

Require PIN verification during authentication. Defaults to off.

-V, --user-verification

Require user verification during authentication. Defaults to off.

--version: Print version and exit

Group: user (mutually exclusive)

-u, --username=STRING

The name of the user registering the device. Defaults to the current user name

-n, --nouser

Print only registration information (keyHandle and public key). Useful for appending

BUGS

Report pamu2fcfg bugs in the issue tracker: https://github.com/Yubico/pam-u2f/issues

SEE ALSO

pam_u2f(8), pam(7)

YubiKeys can be obtained from Yubico: https://www.yubico.com/