.SH OPTIONS
.B \-h
\- show short description and exit.
-.sp
+.PP
.B \-o backend-option
\- option specific to the crypto-token.
The format is
At present, only Yubikey Neo
crypto-token is supported, and the only option is
.B ykneo:slot=[1|2].
-.sp
+.PP
.B \-f template
\- template for the auth file path. It may contain one character
.B '~'
which, if in the first position, is replaced with the userid's
home directory path, and if in any other position - with the userid
itself.
-.sp
+.PP
.B \-a secret
or
.B \-A file-with-secret
.B \-A -
means that the 40-character string is read from
.B stdin.
-.sp
+.PP
.B \-n nonce
\- initial nonce. Currently this must be a decimal representation of an
integer. It is subsequently incremented by one on every successful
authentication session.
-.sp
+.PP
.B \-l payload
\- a string that will be injected into the PAM framework as
.B AUTH_TOKEN
unlock password there. The payload is encrypted in the file, and only
exists in memory in decrypted form for a short period (unless leaked
by other PAM modules).
-.sp
+.PP
.B \-p password
\- login password that is used to create the challenge (not the one
from
.B noaskpass
argument. With empty password, login process requires only the presence
of the crypto-token, and does not involve any input from the user.
-.sp
+.PP
.B \-v
\- output the userid and payload from the auth file. Note that displaying
the payload on screen to be seen by passers by may not be a good idea.
-.sp
+.PP
.SH COPYRIGHT
2013 Eugene G. Crosser
.br
Released under zlib Open Source license.
.SH SEE ALSO
-.BR pam "(3), "ykpersonalize "(1)
+.BR pam "(3), "ykpersonalize "(1), "pam_pcsc_cr "(8)