| security.pam.services.<name>.p11Auth | If set, keys listed in
~/.ssh/authorized_keys and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
|
| security.pam.services.<name>.u2fAuth | If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| security.pam.services.<name>.text | Contents of the PAM service file.
|
| security.pam.services.<name>.otpwAuth | If set, the OTPW system will be used (if
~/.otpw exists).
|
| security.pam.services.<name>.unixAuth | Whether users can log in with passwords defined in
/etc/shadow.
|
| security.pam.services.<name>.updateWtmp | Whether to update /var/log/wtmp.
|
| security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| security.pam.services.<name>.logFailures | Whether to log authentication failures in /var/log/faillog.
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| security.pam.services.<name>.setLoginUid | Set the login uid of the process
(/proc/self/loginuid) for auditing
purposes
|