diff options
Diffstat (limited to 'modules/pam_access/access.conf.5.xml')
-rw-r--r-- | modules/pam_access/access.conf.5.xml | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml index f8eb7a4e..1b629afc 100644 --- a/modules/pam_access/access.conf.5.xml +++ b/modules/pam_access/access.conf.5.xml @@ -69,8 +69,11 @@ internet network numbers (end with "."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also), <emphasis>ALL</emphasis> (which always matches) - or <emphasis>LOCAL</emphasis> (which matches any string that does not - contain a "." character). If supported by the system you can use + or <emphasis>LOCAL</emphasis>. <emphasis>LOCAL</emphasis> + keyword matches if and only if the <emphasis>PAM_RHOST</emphasis> is + not set and <origin> field is thus set from + <emphasis>PAM_TTY</emphasis> or <emphasis>PAM_SERVICE</emphasis>". + If supported by the system you can use <emphasis>@netgroupname</emphasis> in host or user patterns. </para> @@ -158,12 +161,12 @@ User <emphasis>john</emphasis> and <emphasis>foo</emphasis> should get access from IPv6 host address. </para> - <para>+ : john foo : 2001:4ca0:0:101::1</para> + <para>+ : john foo : 2001:db8:0:101::1</para> <para> User <emphasis>john</emphasis> should get access from IPv6 net/mask. </para> - <para>+ : john : 2001:4ca0:0:101::/64</para> + <para>+ : john : 2001:db8:0:101::/64</para> <para> Disallow console logins to all but the shutdown, sync and all |