summaryrefslogtreecommitdiff
path: root/modules/pam_succeed_if/README
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_succeed_if/README')
-rw-r--r--modules/pam_succeed_if/README10
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/pam_succeed_if/README b/modules/pam_succeed_if/README
index fdb278ef..e6e4f2aa 100644
--- a/modules/pam_succeed_if/README
+++ b/modules/pam_succeed_if/README
@@ -34,10 +34,16 @@ pam_succeed_if:
!~ - Wildcard mismatch.
ingroup - Group membership check. [*]
notingroup - Group non-membership check. [*]
+ innetgr - Netgroup membership check. [*][+]
+ notinnetgr - Netgroup non-membership check. [*][+]
- * The "ingroup" and "notingroup" operators should only be
- used with the USER attribute.
+ * The "ingroup", "notingroup", "innetgr" and "notinnetgr"
+ operators should only be used with the USER attribute.
+ + The "innetgr" and "notinnetgr" operators always match
+ both remote host and USER against the netgroup. If a remote
+ host is not set by the application it will be matched
+ against any host in the netgroup triplet.
Examples:
Deny authentication to all users except those in the wheel
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 23:44:48 +0000