$OpenBSD: patch-login_duo_login_duo_8,v 1.3 2014/12/09 18:01:32 sthen Exp $
--- login_duo/login_duo.8.orig	Thu Sep 25 16:05:15 2014
+++ login_duo/login_duo.8	Tue Sep 30 22:06:31 2014
@@ -20,7 +20,7 @@ The following options are available:
 .Bl -tag -width ".Cm failmode"
 .It Fl c
 Specify an alternate configuration file to load. Default is
-.Pa /etc/duo/login_duo.conf
+.Pa ${SYSCONFDIR}/login_duo.conf
 .It Fl d
 Debug mode; send logs to stderr instead of syslog.
 .It Fl h
@@ -144,7 +144,7 @@ in 
 to capture any SSH remote login (including subsystems, remote
 commands, and interactive login):
 .Bd -literal -offset 8n
-ForceCommand /usr/local/sbin/login_duo
+ForceCommand ${PREFIX}/sbin/login_duo
 .Ed
 .Pp
 Similarly, a group of administrators could require two-factor
@@ -154,9 +154,9 @@ as the forced command for each public key in
 .Pa ~root/.ssh/authorized_keys :
 .Pp
 .Bd -literal -offset 8n
-command="/usr/local/sbin/login_duo \-f alice"
+command="${PREFIX}/sbin/login_duo \-f alice"
 ssh-rsa AAAAB2...19Q== alice@example.net
-command="/usr/local/sbin/login_duo \-f bob"
+command="${PREFIX}/sbin/login_duo \-f bob"
 ssh-dss AAAAC3...51R== bob@example.net
 .Ed
 .Pp
@@ -167,7 +167,7 @@ forced command mechanism and a user-installed (non-set
 .Nm .
 .Sh FILES
 .Bl -tag -width ".Cm failmode"
-.It Pa /etc/duo/login_duo.conf
+.It Pa ${SYSCONFDIR}/login_duo.conf
 Default configuration file path
 .El
 .Sh AUTHORS
