summaryrefslogtreecommitdiff
path: root/modules/pam_access/access.conf.5.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_access/access.conf.5.xml')
-rw-r--r--modules/pam_access/access.conf.5.xml11
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
index f8eb7a4e..1b629afc 100644
--- a/modules/pam_access/access.conf.5.xml
+++ b/modules/pam_access/access.conf.5.xml
@@ -69,8 +69,11 @@
internet network numbers (end with "."), internet network addresses
with network mask (where network mask can be a decimal number or an
internet address also), <emphasis>ALL</emphasis> (which always matches)
- or <emphasis>LOCAL</emphasis> (which matches any string that does not
- contain a "." character). If supported by the system you can use
+ or <emphasis>LOCAL</emphasis>. <emphasis>LOCAL</emphasis>
+ keyword matches if and only if the <emphasis>PAM_RHOST</emphasis> is
+ not set and &lt;origin&gt; field is thus set from
+ <emphasis>PAM_TTY</emphasis> or <emphasis>PAM_SERVICE</emphasis>".
+ If supported by the system you can use
<emphasis>@netgroupname</emphasis> in host or user patterns.
</para>
@@ -158,12 +161,12 @@
User <emphasis>john</emphasis> and <emphasis>foo</emphasis>
should get access from IPv6 host address.
</para>
- <para>+ : john foo : 2001:4ca0:0:101::1</para>
+ <para>+ : john foo : 2001:db8:0:101::1</para>
<para>
User <emphasis>john</emphasis> should get access from IPv6 net/mask.
</para>
- <para>+ : john : 2001:4ca0:0:101::/64</para>
+ <para>+ : john : 2001:db8:0:101::/64</para>
<para>
Disallow console logins to all but the shutdown, sync and all
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 02:06:32 +0000