Created Configuration (markdown)

Configuration.md

@@ -0,0 +1,39 @@
+# Configuration
+
+## What pam_panic flags exist?
+
+### Authentication type flags
+- `password`
+  - Sets the "ask for password" mode active.
+  - You should set your password using `pam_panic_pw`, running as root.
+- `allow=<Partition UUID>` and `reject=<Partition UUID>`
+  - `allow`: Sets the removable media with the specified partition UUID as authentication media.
+  - `reject`: Sets the removable media with the specified partition UUID as panic media.
+  - Note: You need **both** to have it working.
+
+### Panic flags
+- `serious=<Partition UUID>`
+  - Assuming you have an [encrypted LUKS partition](https://wiki.archlinux.org/index.php/Dm-crypt), this will shred the luksHeader rendering the data within this LUKS container unreadable.
+- `poweroff`
+  - Powers the device off. It would happen after `serious=<Partition UUID>`.
+- `reboot`
+  - Reboots the device. It would happen after `serious=<Partition UUID>`.
+
+
+## Partition UUID?!
+You can determine the partition UUID through `ls -l /dev/disk/by-partuuid/`. This is the device directory where pam_panic is going to look for the partition UUID.
+Note, your devices you are using for the `auth=<Partition UUID>` and `reject=<Partition UUID>` flags must formated with a GUID Partition Table (GPT).
+
+
+## Configuration examples
+To configure the module, add the following to the appropriate PAM configuration file(s): (see pam.conf(5) for details on these files)
+Using the removable media:
+```
+auth       requisite    /usr/local/lib/security/pam_panic.so auth=<UUID> reject=<UUID> reboot serious=<UUID>
+account    requisite    /usr/local/lib/security/pam_panic.so
+```
+Using the two passwords:
+```
+auth       requisite    /usr/local/lib/security/pam_panic.so password reboot serious=<UUID>
+account    requisite    /usr/local/lib/security/pam_panic.so
+```