man: update with info about conf file

dacav · dacav · commit 98fdb4d27cdf · 2024-12-18T21:55:30.000+01:00
diff --git a/man/pam_u2f.8.txt b/man/pam_u2f.8.txt
@@ -134,6 +134,12 @@ FIDO devices. It is not possible to mix native credentials and SSH
 credentials. Once this option is enabled all credentials will be parsed
 as SSH.
 
+*conf*=_path/to/pam_u2f.conf_::
+Set an alternative location for the configuration file.
+The supplied path must be absolute and must correspond to an existing
+regular file.
+See *CONFIGURATION FILE*.
+
 == EXAMPLES
 
 Second factor authentication deferring user verification configuration to the
@@ -162,6 +168,28 @@ mapping file in an encrypted home directory, will result in the
 impossibility of logging into the system. The partition is decrypted
 after login and the mapping file can not be accessed.
 
+== CONFIGURATION FILE
+
+A configuration file can be used to set the default module arguments.
+
+- Argument appear one per line
+
+- Any `conf_file=` argument in the configuration file is ignored.
+
+- Lines starting with `#` are interpreted as comments.
+
+- Leading white space is ignored. Everything from the first
+  non-white-space character until the end of line is interpreted verbatim.
+  For this reason, trailing comments are disallowed.
+
+The default path for the configuration file is
+`/etc/security/pam_u2f.conf`. Note that it may have been set to another
+value by the distribution. The default file is allowed to not exist. An
+alternative path may be set in the module command line options.
+
+The options specified on the module command line override the values
+from the configuration file.
+
 == NOTES
 
 *Nodetect*
