Relevant BUGIDs:

Purpose of commit: new feature Commit summary: --------------- * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup), (evaluate_notingroup): Simplified. (evaluate_innetgr), (evaluate_notinnetgr): New functions. (evaluate): Added calls to evaluate_(not)innetgr(). * modules/pam_succeed_if/README: Documented netgroup matching. * NEWS: Mentioned the added netgroup matching support.
author: Tomas Mraz <tm@t8m.info> 2005-12-21 10:04:09 +0000
committer: Tomas Mraz <tm@t8m.info> 2005-12-21 10:04:09 +0000
commit: e4cbefcdd253ae67503268014ef39e849cb31b7b (patch)
tree: b195e2efc56b504be956b6bcb4fe465f69251098 /modules/pam_succeed_if/README
parent: b1d9b2322daa439194aaa53037fe27a0ccc0596b (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/pam_succeed_if/README b/modules/pam_succeed_if/README
index fdb278ef..e6e4f2aa 100644
--- a/modules/pam_succeed_if/README
+++ b/modules/pam_succeed_if/README
@@ -34,10 +34,16 @@ pam_succeed_if:
 		!~		- Wildcard mismatch.
 		ingroup		- Group membership check. [*]
 		notingroup	- Group non-membership check. [*]
+		innetgr		- Netgroup membership check. [*][+]
+		notinnetgr	- Netgroup non-membership check. [*][+]
 
-		* The "ingroup" and "notingroup" operators should only be
-		  used with the USER attribute.
+		* The "ingroup", "notingroup", "innetgr" and "notinnetgr"
+		  operators should only be used with the USER attribute.
 
+		+ The "innetgr" and "notinnetgr" operators always match
+		  both remote host and USER against the netgroup. If a remote
+		  host is not set by the application it will be matched
+		  against any host in the netgroup triplet.
 	Examples:
 
 		Deny authentication to all users except those in the wheel
author	Tomas Mraz <tm@t8m.info>	2005-12-21 10:04:09 +0000
committer	Tomas Mraz <tm@t8m.info>	2005-12-21 10:04:09 +0000
commit	e4cbefcdd253ae67503268014ef39e849cb31b7b (patch)
tree	b195e2efc56b504be956b6bcb4fe465f69251098 /modules/pam_succeed_if/README
parent	b1d9b2322daa439194aaa53037fe27a0ccc0596b (diff)