Add ACL scheme for checking that user belongs to nss group

* Add documentation for *unxgrp* ACL scheme * Add *unxgrp* in supported ACL scheme in usage message * Add test suite for acl-unxgrp Change-Id: I7ed3008953e7751c02d81323e3c08cc9dddb9e49 Reviewed-on: https://gerrit.stanford.edu/1492 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
author: Remi Ferrand <remi.ferrand@cc.in2p3.fr> 2014-03-31 15:18:54 +0200
committer: Russ Allbery <rra@stanford.edu> 2014-06-16 10:56:13 -0700
commit: f92a381dbdaf753a90235a9f1e33b193a752c1c4 (patch)
tree: 8a3f52c0c471d2a08baad2811513adbb8a203dc0 /docs
parent: b6b2009aa32869a2a988ba458b45b044264cfd78 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/remctld.pod b/docs/remctld.pod
index 432c8ab..24ebd62 100644
--- a/docs/remctld.pod
+++ b/docs/remctld.pod
@@ -420,6 +420,12 @@ identity.  To deny access, use the C<deny:regex:I<regex>> syntax.
 This method is supported only if a library for POSIX-compatible regular
 expressions was found when B<remctld> was built.
 
+=item unxgrp
+
+This method is used to grant or deny access based on Unix group.
+The user name is first sanitized (instances and REALM are removed from principal name),
+and then compared to members of B<group>.
+
 =back
 
 To see the list of ACL types supported by a particular build of
author	Remi Ferrand <remi.ferrand@cc.in2p3.fr>	2014-03-31 15:18:54 +0200
committer	Russ Allbery <rra@stanford.edu>	2014-06-16 10:56:13 -0700
commit	f92a381dbdaf753a90235a9f1e33b193a752c1c4 (patch)
tree	8a3f52c0c471d2a08baad2811513adbb8a203dc0 /docs
parent	b6b2009aa32869a2a988ba458b45b044264cfd78 (diff)