summaryrefslogtreecommitdiff
path: root/modules/pam_access/README
diff options
context:
space:
mode:
authorSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:53:41 -0800
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 18:17:08 -0800
commit212b52cf29c06cc209bc8ac0540dbab1acdf1464 (patch)
tree58da0bf39f5c4122e4a1b4da20fdeea52b97a671 /modules/pam_access/README
parent9c52e721044e7501c3d4567b36d222dc7326224a (diff)
parent56c8282d128fb484ffc77dff73abf42229b291d3 (diff)
New upstream version 1.1.0
Diffstat (limited to 'modules/pam_access/README')
-rw-r--r--modules/pam_access/README13
1 files changed, 7 insertions, 6 deletions
diff --git a/modules/pam_access/README b/modules/pam_access/README
index ec0d67e0..3ab46871 100644
--- a/modules/pam_access/README
+++ b/modules/pam_access/README
@@ -25,7 +25,7 @@ accessfile=/path/to/access.conf
debug
- A lot of debug informations are printed with syslog(3).
+ A lot of debug information is printed with syslog(3).
noaudit
@@ -37,7 +37,7 @@ fieldsep=separators
recognize when parsing the access configuration file. For example: fieldsep
=| will cause the default `:' character to be treated as part of a field
value and `|' becomes the field separator. Doing this may be useful in
- conjuction with a system that wants to use pam_access with X based
+ conjunction with a system that wants to use pam_access with X based
applications, since the PAM_TTY item is likely to be of the form
"hostname:0" which includes a `:' character in its value. But you should
not need this.
@@ -54,8 +54,9 @@ listsep=separators
nodefgroup
- The group database will not be used for tokens not identified as account
- name.
+ User tokens which are not enclosed in parentheses will not be matched
+ against the group database. The backwards compatible default is to try the
+ group database match even for tokens not enclosed in parentheses.
EXAMPLES
@@ -103,11 +104,11 @@ all sources. This will only work if netgroup service is available.
User john and foo should get access from IPv6 host address.
-+ : john foo : 2001:4ca0:0:101::1
++ : john foo : 2001:db8:0:101::1
User john should get access from IPv6 net/mask.
-+ : john : 2001:4ca0:0:101::/64
++ : john : 2001:db8:0:101::/64
Disallow console logins to all but the shutdown, sync and all other accounts,
which are a member of the wheel group.