|author||Steve Langasek <email@example.com>||2019-01-03 17:53:41 -0800|
|committer||Steve Langasek <firstname.lastname@example.org>||2019-01-03 18:17:08 -0800|
New upstream version 1.1.0
Diffstat (limited to 'modules/pam_access/README')
1 files changed, 7 insertions, 6 deletions
diff --git a/modules/pam_access/README b/modules/pam_access/README
index ec0d67e0..3ab46871 100644
@@ -25,7 +25,7 @@ accessfile=/path/to/access.conf
- A lot of debug informations are printed with syslog(3).
+ A lot of debug information is printed with syslog(3).
@@ -37,7 +37,7 @@ fieldsep=separators
recognize when parsing the access configuration file. For example: fieldsep
=| will cause the default `:' character to be treated as part of a field
value and `|' becomes the field separator. Doing this may be useful in
- conjuction with a system that wants to use pam_access with X based
+ conjunction with a system that wants to use pam_access with X based
applications, since the PAM_TTY item is likely to be of the form
"hostname:0" which includes a `:' character in its value. But you should
not need this.
@@ -54,8 +54,9 @@ listsep=separators
- The group database will not be used for tokens not identified as account
+ User tokens which are not enclosed in parentheses will not be matched
+ against the group database. The backwards compatible default is to try the
+ group database match even for tokens not enclosed in parentheses.
@@ -103,11 +104,11 @@ all sources. This will only work if netgroup service is available.
User john and foo should get access from IPv6 host address.
-+ : john foo : 2001:4ca0:0:101::1
++ : john foo : 2001:db8:0:101::1
User john should get access from IPv6 net/mask.
-+ : john : 2001:4ca0:0:101::/64
++ : john : 2001:db8:0:101::/64
Disallow console logins to all but the shutdown, sync and all other accounts,
which are a member of the wheel group.