1*46988a0eSchristospam-u2f can be tested as follows: 2*46988a0eSchristos 3*46988a0eSchristos1. Build a Docker image containing everything needed to run pam-u2f. 4*46988a0eSchristos This can be achieved through the command: 5*46988a0eSchristos 6*46988a0eSchristos $ docker build -t pam-u2f-test -f tests/bionic/Dockerfile . 7*46988a0eSchristos 8*46988a0eSchristos2. Connect a YubiKey to the host OS and take note of the path of the 9*46988a0eSchristos device's U2F endpoint (e.g. /dev/hidraw6). 10*46988a0eSchristos3. Execute tests/bionic/run.sh in a container, exposing the YubiKey 11*46988a0eSchristos to the guest OS. This can be done through the command: 12*46988a0eSchristos 13*46988a0eSchristos $ docker run -it --rm=true --device=/dev/hidraw6 \ 14*46988a0eSchristos pam-u2f-test /pam-u2f/tests/bionic/run.sh 15*46988a0eSchristos 16*46988a0eSchristos To test U2F devices, pass -e U2F_TOKEN=1 to docker-run. To test 17*46988a0eSchristos FIDO2 devices configured with a PIN, pass -e FIDO2_PIN=1 to 18*46988a0eSchristos docker-run. 19