diff options
Diffstat (limited to 'modules/pam_succeed_if/README')
-rw-r--r-- | modules/pam_succeed_if/README | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/modules/pam_succeed_if/README b/modules/pam_succeed_if/README index 82102605..3d2f3d50 100644 --- a/modules/pam_succeed_if/README +++ b/modules/pam_succeed_if/README @@ -94,13 +94,13 @@ field notin item:item:... Field is not contained in the list of items separated by colons. -user ingroup group +user ingroup group[:group:....] - User is in given group. + User is in given group(s). -user notingroup group +user notingroup group[:group:....] - User is not in given group. + User is not in given group(s). user innetgr netgroup @@ -112,9 +112,10 @@ user notinnetgr group EXAMPLES -To emulate the behaviour of pam_wheel, except there is no fallback to group 0: +To emulate the behaviour of pam_wheel, except there is no fallback to group 0 +being only approximated by checking also the root group membership: -auth required pam_succeed_if.so quiet user ingroup wheel +auth required pam_succeed_if.so quiet user ingroup wheel:root Given that the type matches, only loads the othermodule rule if the UID is over |