Skip to content

Commit

Permalink
Update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@willfurnell
willfurnell committed Aug 13, 2020
1 parent 4bb537e commit d9ff7a7
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ cp pam_oauth2_device.so /lib/security/
vim /etc/pam_oauth2_device/config.json
```

See `config_template.json` (LDAP section is optional).
See `config_template.json` (LDAP, cloud and group sections are optional).

## Example Configuration (SSH, Ubuntu 18.04)

Expand All @@ -36,12 +36,18 @@ systemctl restart sshd

## Configuration config.json

**oauth** - required section for your OAuth2 client configuration. The ```local_username_suffix``` option is used within the cloud and group configuration sections. If added, it appends this suffix to all username checks

**qr** - allowed correction levels are

* 0 - low
* 1 - medium
* 2 - high

**group** - if enabled, on login the users IAM groups will be checked against the group specified. If they are in this group, they will be allowed in with their IAM username (plus a suffix if appropriate).

**cloud** - for the STFC cloud - if enabled, the VM that has this module on will be part of an OpenStack project which is checked against the IRIS IAM group mappings at the endpoint specified. If the user logging in is in an IRIS IAM group which the VM project is a part of, then they will be allowed into the shared account specified.

**users** - user mapping. From claim configured in *username_attribute* to the local account name

## Development
Expand Down

0 comments on commit d9ff7a7

Please sign in to comment.