As third argument of a pam.d file, it's possible to specify some arguments.
The following is a list of recognized options:

name type description default value
mntpoint string Tells pam_usb the form of the temporary directory. XXXXXX (6 times) will be replaced by a temporary value. /tmp/pam_usbXXXXXX
proc_basename string the device's procfile. You usually don't have to change this, it's where pam_usb searches for devices. /proc/scsi/usb-storage-%d/%d
pwfile string The path pam_usb will search for public and private keys (~user/ and mntpoint/) /.auth/
pubkey string The name of the public key located in the user's home id_pub
snfile string the serial number file contains the allowed SN. If it doesn't exists, the default behaviour is to grant everything. /etc/pam_usb/serials.conf
fs string comma-separated list of filesystems used to mount the device ext2,vfat
utmp string location of the utmp file /var/run/utmp
mount_opts string comma-separated list of mount options (including: ro,bind,sync,remount,nosuid,noexec,nodev)
log_file string print debug messages to that file instead of stdout
local_consoles string comma-separated list of consoles which be able to login when allow_remote=-1 /dev/vc/,/dev/tty,:
direct_open boolean Attempt to open the private key using O_DIRECT to avoid disk caching: will work only on devices that support this feature.
local_hosts string comma-separated list of hosts that will be able to login when allow_remote=-1 :
force_device string Using this option, you can force pam_usb to use a specified device. If it fails mounting, it'll switch back to auto guess mode
allow_remote boolean When set to false (!allow_remote) it will allow only local_hosts and local_consoles to login. false
check_device boolean If unset (!check_device), pam_usb will not check neither if the device is attached, nor its serial number. true
check_if_mounted boolean if the usb device is already mounted pam_usb will use its mountpoint (avoid using it) false
keep_mounted boolean When set to true, it'll keep mntpoint mounted. Useful if combined with check_if_mounted. false
sign_times integer Number of times pam_usb will do the sign/check challenge. 3
debug boolean enable debug mode false

Boolean variables can be set true by putting them as is (e.g. option), and to false by adding ! in front of them (e.g. !option).

The syntax is of the name=value form for string and integer options, for example the following will tell pam_usb to use either ext3 or reiserfs as filesystem, to enable debug mode, to disable device checking and that the serial number file is located at /etc/serials:
auth    requisite       pam_usb.so      fs=ext3,reiserfs debug !check_device snfile=/etc/serials

Copyright © 2003,2004 Andrea Luzzardi <scox@gentoo.org>