diff options
Diffstat (limited to 'modules/pam_access/README')
-rw-r--r-- | modules/pam_access/README | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/modules/pam_access/README b/modules/pam_access/README index ec0d67e0..3ab46871 100644 --- a/modules/pam_access/README +++ b/modules/pam_access/README @@ -25,7 +25,7 @@ accessfile=/path/to/access.conf debug - A lot of debug informations are printed with syslog(3). + A lot of debug information is printed with syslog(3). noaudit @@ -37,7 +37,7 @@ fieldsep=separators recognize when parsing the access configuration file. For example: fieldsep =| will cause the default `:' character to be treated as part of a field value and `|' becomes the field separator. Doing this may be useful in - conjuction with a system that wants to use pam_access with X based + conjunction with a system that wants to use pam_access with X based applications, since the PAM_TTY item is likely to be of the form "hostname:0" which includes a `:' character in its value. But you should not need this. @@ -54,8 +54,9 @@ listsep=separators nodefgroup - The group database will not be used for tokens not identified as account - name. + User tokens which are not enclosed in parentheses will not be matched + against the group database. The backwards compatible default is to try the + group database match even for tokens not enclosed in parentheses. EXAMPLES @@ -103,11 +104,11 @@ all sources. This will only work if netgroup service is available. User john and foo should get access from IPv6 host address. -+ : john foo : 2001:4ca0:0:101::1 ++ : john foo : 2001:db8:0:101::1 User john should get access from IPv6 net/mask. -+ : john : 2001:4ca0:0:101::/64 ++ : john : 2001:db8:0:101::/64 Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group. |