path: root/modules/pam_access/README
diff options
authorThorsten Kukuk <>2007-06-22 09:49:03 +0000
committerThorsten Kukuk <>2007-06-22 09:49:03 +0000
commit4b951f0e7dea276cafa87cb344847ff1ae44fb9c (patch)
treeab80b95332d647d6d89f64a5598677e87fedf04e /modules/pam_access/README
parent2cffe6c172c372ac6ddf4c948c92373f69ed7def (diff)
Relevant BUGIDs: 411390
Purpose of commit: new feature Commit summary: --------------- 2007-06-22 Thorsten Kukuk <> * modules/pam_access/pam_access.c: Add new syntax for groups in access.conf to differentiate group names from account names. Based on patch from Julien Lecomte <>, solves feature request [#411390]. * modules/pam_access/access.conf: Add example for new group syntax. * modules/pam_access/access.conf.5.xml: Document new syntax.
Diffstat (limited to 'modules/pam_access/README')
1 files changed, 10 insertions, 0 deletions
diff --git a/modules/pam_access/README b/modules/pam_access/README
index c3561da0..a3adcc8f 100644
--- a/modules/pam_access/README
+++ b/modules/pam_access/README
@@ -45,6 +45,11 @@ listsep=separators
information obtained from a Windows domain, where the default built-in
groups "Domain Users", "Domain Admins" contain a space.
+ The group database will not be used for tokens not identified as account
+ name.
These are some example lines which might be specified in /etc/security/
@@ -97,6 +102,11 @@ User john should get access from IPv6 net/mask.
+ : john : 2001:4ca0:0:101::/64
+Disallow console logins to all but the shutdown, sync and all other accounts,
+which are a member of the wheel group.
+-:ALL EXCEPT (wheel) shutdown sync:LOCAL
All other users should be denied to get access from all sources.
- : ALL : ALL