diff --git a/data/Makefile.am b/data/Makefile.am index 964329f..9e19fbe 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -30,13 +30,16 @@ conf_DATA = fprintd.conf man_MANS = if BUILD_MAN -man_MANS += fprintd.1 +man_MANS += fprintd.1 pam_fprintd.8 fprintd.1: fprintd.pod $(AM_V_GEN) pod2man -c "" -s 1 -q none -n fprintd -r freedesktop $< > $@ + +pam_fprintd.8: pam_fprintd.pod + $(AM_V_GEN) pod2man -c "" -s 8 -q none -n pam_fprintd -r freedesktop $< > $@ endif -EXTRA_DIST = $(dbus_services_in_files) $(dbus_conf_DATA) $(polkit_in_files) $(conf_DATA) $(systemdservice_in_files) fprintd.pod -CLEANFILES = $(polkit_DATA) $(dbus_services_DATA) $(systemdservice_DATA) fprintd.1 +EXTRA_DIST = $(dbus_services_in_files) $(dbus_conf_DATA) $(polkit_in_files) $(conf_DATA) $(systemdservice_in_files) fprintd.pod pam_fprintd.pod +CLEANFILES = $(polkit_DATA) $(dbus_services_DATA) $(systemdservice_DATA) fprintd.1 pam_fprintd.8 check: @$(XMLLINT) --noout $(polkit_DATA) diff --git a/data/pam_fprintd.pod b/data/pam_fprintd.pod new file mode 100644 index 0000000..d73ec4f --- /dev/null +++ b/data/pam_fprintd.pod @@ -0,0 +1,63 @@ +=head1 NAME + +pam_fprintd - PAM module to authenticate against fprintd, the fingerprint daemon + +=head1 SYNOPSIS + +B [debug|debug=[I|I|I|I|I<1>|I<0>]] [max-tries=I] [timeout=I] + +=head1 DESCRIPTION + +The pam_fprintd module is used to verify a user's fingerprints against fingerprints +enrolled using fprintd, the fingerprint management daemon. + +=head1 OPTIONS + +=over 8 + +=item B + +=item B|I|I|I|I<1>|I<0>]> + +Whether debug should be turned on or off. Debug messages will be generated using +pam_syslog which means that they will be saved in the systemd journal by default. + +=item B> + +The number of attempts at fingerprint authentication to try before returning an +authentication failure. The minimum, and default, number of tries is 3. + +=item B> + +The amount of time before returning an authentication failure. The default timeout +is 30 seconds, with 10 seconds being the minimum. + +=back + +=head1 LIMITATIONS + +=over 8 + +=back + +The PAM stack is by design a serialised authentication, so it is not +possible for pam_fprintd to allow authentication through passwords and +fingerprints at the same time. + +It is up to the application using the PAM services to implement separate +PAM processes and run separate authentication stacks separately. This +is the way multiple authentication methods are made available to users +of gdm for example. + +=head1 AUTHOR + +B was written by Bastien Nocera. + +=head1 SEE ALSO + +=over 8 + +=item B, B + +=back +