[root@localhost ~]# pamusb-conf --add-device usbkey
Please select the device you wish to add.
* Using "Kingston DataTraveler G3 (001CC05FE935BC40992800C1)" (only option)

Which volume would you like to use for storing data ?
* Using "/dev/sdb1 (UUID: B89F-BCA3)" (only option)

Name		: usbkey
Vendor		: Kingston
Model		: DataTraveler G3
Serial		: 001CC05FE935BC40992800C1
UUID		: B89F-BCA3

Save to /etc/pamusb.conf ?
[Y/n] y
Done.
[root@localhost ~]# # pamusb-conf --add-user root
[root@localhost ~]# pamusb-conf --add-user root
Which device would you like to use for authentication ?
0) my-usb-stic
1) usbkey

[0-1]: 1

User		: root
Device		: usbkey

Save to /etc/pamusb.conf ?
[Y/n] y
Done.
[root@localhost ~]# pamusb-check root
* No device configured for user "root".
[root@localhost ~]# 

<?xml version="1.0" ?><!--
pamusb.conf: Configuration file for pam_usb.

See http://www.pamusb.org/doc/configuring
--><configuration>
	<!-- Default options -->
	<defaults>
		<!-- Example:
			<option name="debug">true</option>
		-->
	</defaults>

	<!-- Device settings -->
	<devices>
		<!-- Example:
		Note: You should use pamusb-conf to add devices automatically.
		<device id="MyDevice">
			<vendor>SanDisk Corp.</vendor>
			<model>Cruzer Titanium</model>
			<serial>SNDKXXXXXXXXXXXXXXXX</serial>
			<volume_uuid>6F6B-42FC</volume_uuid>
			<option name="probe_timeout">10</option>
		</device>
		-->
	<device id="usbkey">
	<vendor>
		Kingston
	</vendor>
	<model>
		DataTraveler G3
	</model>
	<serial>
		001CC05FE935BC40992800C1
	</serial>
	<volume_uuid>
		B89F-BCA3
	</volume_uuid>
</device></devices>


	<!-- User settings -->
	<users>
		<!-- Note: Use pamusb-conf to add a user, then you can tweak
		 	manually the configuration here if needed.
		-->


	<user id="root">
	<device>
		usbkey
	</device>
</user></users>

	<!-- Services settings (e.g. gdm, su, sudo...) -->
	<services>
		<!-- Example: Speed up hotplugging by disabling one time pads -->
		<!--
		<service id="pamusb-agent">
			<option name="one_time_pad">false</option>
		</service>
		-->

		<!-- Disable output for 'su' (needed for gksu) -->
		<!--
		<service id="su">
			<option name="quiet">true</option>
		</service>
		-->
	</services>
</configuration>

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so

auth        sufficient    pam_fprintd.so
auth        sufficient    pam_usb.so
auth        sufficient    pam_unix.so try_first_pass likeauth nullok
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so
account     required      pam_access.so
account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

[root@localhost ~]# pamusb-check
Usage: pamusb-check [--help] [--debug] [--config=path] [--service=name] [--dump] [--quiet] [--debug] <username>
[root@localhost ~]# 

root@localhost ~]# pamusb-check root
* Authentication request for user "root" (pamusb-check)
* Device "usbkey" is connected (good).
* Performing one time pad verification...
* Regenerating new pads...
* Access granted.
[root@localhost ~]# su
[root@localhost ~]# 
[root@localhost ~]#