Relevant BUGIDs: 533664

Purpose of commit: new feature

Commit summary:
---------------
document '%' domain for maxlogins limit and clarify how '*' and @group
domains work for login limiting

1 files changed, 24 insertions, 0 deletions

diff --git a/doc/modules/pam_limits.sgml b/doc/modules/pam_limits.sgml
index eaa16bd9..44f057c4 100644
--- a/doc/modules/pam_limits.sgml
+++ b/doc/modules/pam_limits.sgml
@@ -114,6 +114,8 @@ The fields listed above should be filled as follows...<newline>
 <item> a username
 <item> a groupname, with <tt>@group</tt> syntax
 <item> the wild-card <tt/*/, for default entry
+<item> the wild-card <tt/%/, for maxlogins limit only,
+can also be used with <tt>%group</tt> syntax
 </itemize>
 
 <p>
@@ -204,6 +206,28 @@ Note, the use of <tt/soft/ and <tt/hard/ limits for the same resource
 service-session.
 
 <p>
+Note, that wild-cards <tt/*/ and <tt/%/ have the following meaning when
+used for maxlogins limit
+<itemize>
+<item> <tt/*/ every user
+<item> <tt/%/ all users, or entire group when <tt>%group</tt> is specified 
+</itemize>
+See the following examples:
+<tscreen>
+<verb>
+# EXAMPLE /etc/security/limits.conf file:
+# <domain>	<type>	<item>		<value>
+*               -       maxlogins       2
+@faculty        -       maxlogins       4
+%               -       maxlogins       30
+%student        -       maxlogins       10
+</verb>
+</tscreen>
+Explanation: every user can login 2 times, members of the <tt/faculty/
+group can login 4 times, there can be only 30 logins, only 10 from
+<tt/students/ group.
+
+<p>
 For the services that need resources limits (login for example) put
 the following line in <tt>/etc/pam.conf</tt> as the last line for that
 service (usually after the pam_unix session line: