diff options
Diffstat (limited to 'modules/pam_access/pam_access.8.xml')
-rw-r--r-- | modules/pam_access/pam_access.8.xml | 92 |
1 files changed, 58 insertions, 34 deletions
diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml index 9a6556cc..cc01d5ca 100644 --- a/modules/pam_access/pam_access.8.xml +++ b/modules/pam_access/pam_access.8.xml @@ -1,16 +1,13 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_access'> +<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_access"> <refmeta> <refentrytitle>pam_access</refentrytitle> <manvolnum>8</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + <refmiscinfo class="source">Linux-PAM</refmiscinfo> + <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> </refmeta> - <refnamediv id='pam_access-name'> + <refnamediv xml:id="pam_access-name"> <refname>pam_access</refname> <refpurpose> PAM module for logdaemon style login access control @@ -20,31 +17,31 @@ <!-- body begins here --> <refsynopsisdiv> - <cmdsynopsis id="pam_access-cmdsynopsis"> + <cmdsynopsis xml:id="pam_access-cmdsynopsis" sepchar=" "> <command>pam_access.so</command> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> debug </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> nodefgroup </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> noaudit </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> accessfile=<replaceable>file</replaceable> </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> fieldsep=<replaceable>sep</replaceable> </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> listsep=<replaceable>sep</replaceable> </arg> </cmdsynopsis> </refsynopsisdiv> - <refsect1 id="pam_access-description"> + <refsect1 xml:id="pam_access-description"> <title>DESCRIPTION</title> <para> The pam_access PAM module is mainly for access management. @@ -53,7 +50,7 @@ or on terminal line names, X <varname>$DISPLAY</varname> values, or PAM service names in case of non-networked logins. </para> - <para> + <para condition="without_vendordir"> By default rules for access management are taken from config file <filename>/etc/security/access.conf</filename> if you don't specify another file. @@ -66,19 +63,39 @@ If a config file is explicitly specified with the <option>accessfile</option> option the files in the above directory are not parsed. </para> + <para condition="with_vendordir"> + By default rules for access management are taken from config file + <filename>/etc/security/access.conf</filename> or, if that one is not + present, the file <filename>%vendordir%/security/access.conf</filename>. + These settings can be overruled by setting in a config file explicitly + specified with the <option>accessfile</option> option. + Then individual <filename>*.conf</filename> files from the + <filename>/etc/security/access.d/</filename> and + <filename>%vendordir%/security/access.d</filename> directories are read. + If <filename>/etc/security/access.d/@filename@.conf</filename> exists, then + <filename>%vendordir%/security/access.d/@filename@.conf</filename> will not be used. + All <filename>access.d/*.conf</filename> files are sorted by their + <filename>@filename@.conf</filename> in lexicographic order regardless of which + of the directories they reside in. + The effect of the individual files is the same as if all the files were + concatenated together in the order of parsing. This means that once + a pattern is matched in some file no further files are parsed. + If a config file is explicitly specified with the <option>accessfile</option> + option the files in the above directories are not parsed. + </para> <para> If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host, tty, etc.). </para> </refsect1> - <refsect1 id="pam_access-options"> + <refsect1 xml:id="pam_access-options"> <title>OPTIONS</title> <variablelist> <varlistentry> <term> - <option>accessfile=<replaceable>/path/to/access.conf</replaceable></option> + accessfile=/path/to/access.conf </term> <listitem> <para> @@ -91,7 +108,7 @@ <varlistentry> <term> - <option>debug</option> + debug </term> <listitem> <para> @@ -103,7 +120,7 @@ <varlistentry> <term> - <option>noaudit</option> + noaudit </term> <listitem> <para> @@ -114,19 +131,19 @@ <varlistentry> <term> - <option>fieldsep=<replaceable>separators</replaceable></option> + fieldsep=separators </term> <listitem> <para> This option modifies the field separator character that pam_access will recognize when parsing the access configuration file. For example: - <emphasis remap='B'>fieldsep=|</emphasis> will cause the + <emphasis remap="B">fieldsep=|</emphasis> will cause the default `:' character to be treated as part of a field value and `|' becomes the field separator. Doing this may be useful in conjunction with a system that wants to use pam_access with X based applications, since the - <emphasis remap='B'>PAM_TTY</emphasis> item is likely to be + <emphasis remap="B">PAM_TTY</emphasis> item is likely to be of the form "hostname:0" which includes a `:' character in its value. But you should not need this. </para> @@ -135,14 +152,14 @@ <varlistentry> <term> - <option>listsep=<replaceable>separators</replaceable></option> + listsep=separators </term> <listitem> <para> This option modifies the list separator character that pam_access will recognize when parsing the access configuration file. For example: - <emphasis remap='B'>listsep=,</emphasis> will cause the + <emphasis remap="B">listsep=,</emphasis> will cause the default ` ' (space) and `\t' (tab) characters to be treated as part of a list element value and `,' becomes the only list element separator. Doing this may be useful on a system @@ -155,7 +172,7 @@ <varlistentry> <term> - <option>nodefgroup</option> + nodefgroup </term> <listitem> <para> @@ -170,7 +187,7 @@ </variablelist> </refsect1> - <refsect1 id="pam_access-types"> + <refsect1 xml:id="pam_access-types"> <title>MODULE TYPES PROVIDED</title> <para> All module types (<option>auth</option>, <option>account</option>, @@ -178,7 +195,7 @@ </para> </refsect1> - <refsect1 id="pam_access-return_values"> + <refsect1 xml:id="pam_access-return_values"> <title>RETURN VALUES</title> <variablelist> <varlistentry> @@ -224,19 +241,26 @@ </variablelist> </refsect1> - <refsect1 id="pam_access-files"> + <refsect1 xml:id="pam_access-files"> <title>FILES</title> <variablelist> <varlistentry> - <term><filename>/etc/security/access.conf</filename></term> + <term>/etc/security/access.conf</term> <listitem> <para>Default configuration file</para> </listitem> </varlistentry> + <varlistentry condition="with_vendordir"> + <term>%vendordir%/security/access.conf</term> + <listitem> + <para>Default configuration file if + <filename>/etc/security/access.conf</filename> does not exist.</para> + </listitem> + </varlistentry> </variablelist> </refsect1> - <refsect1 id="pam_access-see_also"> + <refsect1 xml:id="pam_access-see_also"> <title>SEE ALSO</title> <para> <citerefentry> @@ -246,12 +270,12 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> </citerefentry>. </para> </refsect1> - <refsect1 id="pam_access-authors"> + <refsect1 xml:id="pam_access-authors"> <title>AUTHORS</title> <para> The logdaemon style login access control scheme was designed and implemented by @@ -262,4 +286,4 @@ was developed and provided by Mike Becher <mike.becher@lrz-muenchen.de>. </para> </refsect1> -</refentry> +</refentry>
\ No newline at end of file |