pamu2fcfg − Configuration tool for the U2F PAM module.
Perform a FIDO2/U2F registration procedure using a connected authenticator and output a configuration line that can be used with the U2F PAM module.
Print debug information (highly verbose)
Print help and exit
Set the FIDO2 relying party ID to use during registration. Defaults to pam://hostname. Before pamu2fcfg v1.1.0, this set the U2F origin URL.
Set the FIDO2 relying party name to use during registration. Defaults to origin. Before pamu2fcfg v1.1.0, this set the U2F application ID.
Generate a resident credential. Defaults to off.
COSE type to use during registration (ES256, EDDSA, or RS256). Defaults to ES256.
Allow using the credential without ensuring the user’s presence. Defaults to off.
Require PIN verification during authentication. Defaults to off.
Require user verification during authentication. Defaults to off.
−−version: Print version and exit
The name of the user registering the device. Defaults to the current user name.
Print only registration information (key handle, public key, and options). Useful for appending.
Report pamu2fcfg bugs in the issue tracker: https://github.com/Yubico/pam−u2f/issues
The pam−u2f home page: https://developers.yubico.com/pam−u2f/
YubiKeys can be obtained from Yubico: https://www.yubico.com/