diff options
Diffstat (limited to 'modules/pam_succeed_if/README')
-rw-r--r-- | modules/pam_succeed_if/README | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/pam_succeed_if/README b/modules/pam_succeed_if/README index fdb278ef..e6e4f2aa 100644 --- a/modules/pam_succeed_if/README +++ b/modules/pam_succeed_if/README @@ -34,10 +34,16 @@ pam_succeed_if: !~ - Wildcard mismatch. ingroup - Group membership check. [*] notingroup - Group non-membership check. [*] + innetgr - Netgroup membership check. [*][+] + notinnetgr - Netgroup non-membership check. [*][+] - * The "ingroup" and "notingroup" operators should only be - used with the USER attribute. + * The "ingroup", "notingroup", "innetgr" and "notinnetgr" + operators should only be used with the USER attribute. + + The "innetgr" and "notinnetgr" operators always match + both remote host and USER against the netgroup. If a remote + host is not set by the application it will be matched + against any host in the netgroup triplet. Examples: Deny authentication to all users except those in the wheel |