diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2016-05-11 15:22:33 +0200 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2016-05-11 15:22:33 +0200 |
| commit | 9f26c65fb1009c51dbc53d8b590041d81e60809b (patch) | |
| tree | b30294a56ce0aff36baa68fb01d49877c6d37f14 | |
| parent | b44a749e84249a05fbfd8db58bb42af6dd6fa425 (diff) | |
| download | pam-9f26c65fb1009c51dbc53d8b590041d81e60809b.tar.gz pam-9f26c65fb1009c51dbc53d8b590041d81e60809b.tar.bz2 pam-9f26c65fb1009c51dbc53d8b590041d81e60809b.zip | |
Remove spaces in examples for access.conf.
The spaces are ignored only with the default listsep. To remove confusion
if non-default listsep is used they are removed from the examples.
* modules/pam_access/access.conf: Remove all spaces around ':' in examples.
* modules/pam_access/access.conf.5.xml: Likewise.
| -rw-r--r-- | modules/pam_access/access.conf | 28 | ||||
| -rw-r--r-- | modules/pam_access/access.conf.5.xml | 22 |
2 files changed, 25 insertions, 25 deletions
diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf index 74c5fbe8..47b6b84c 100644 --- a/modules/pam_access/access.conf +++ b/modules/pam_access/access.conf @@ -18,7 +18,7 @@ # pam_access with X applications that provide PAM_TTY values that are # the display variable like "host:0".] # -# permission : users : origins +# permission:users:origins # # The first field should be a "+" (access granted) or "-" (access denied) # character. @@ -79,44 +79,44 @@ ############################################################################## # # User "root" should be allowed to get access via cron .. tty5 tty6. -#+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 +#+:root:cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 # # User "root" should be allowed to get access from hosts with ip addresses. -#+ : root : 192.168.200.1 192.168.200.4 192.168.200.9 -#+ : root : 127.0.0.1 +#+:root:192.168.200.1 192.168.200.4 192.168.200.9 +#+:root:127.0.0.1 # # User "root" should get access from network 192.168.201. # This term will be evaluated by string matching. # comment: It might be better to use network/netmask instead. # The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0 -#+ : root : 192.168.201. +#+:root:192.168.201. # # User "root" should be able to have access from domain. # Uses string matching also. -#+ : root : .foo.bar.org +#+:root:.foo.bar.org # # User "root" should be denied to get access from all other sources. -#- : root : ALL +#-:root:ALL # # User "foo" and members of netgroup "nis_group" should be # allowed to get access from all sources. # This will only work if netgroup service is available. -#+ : @nis_group foo : ALL +#+:@nis_group foo:ALL # # User "john" should get access from ipv4 net/mask -#+ : john : 127.0.0.0/24 +#+:john:127.0.0.0/24 # # User "john" should get access from ipv4 as ipv6 net/mask -#+ : john : ::ffff:127.0.0.0/127 +#+:john:::ffff:127.0.0.0/127 # # User "john" should get access from ipv6 host address -#+ : john : 2001:4ca0:0:101::1 +#+:john:2001:4ca0:0:101::1 # # User "john" should get access from ipv6 host address (same as above) -#+ : john : 2001:4ca0:0:101:0:0:0:1 +#+:john:2001:4ca0:0:101:0:0:0:1 # # User "john" should get access from ipv6 net/mask -#+ : john : 2001:4ca0:0:101::/64 +#+:john:2001:4ca0:0:101::/64 # # All other users should be denied to get access from all sources. -#- : ALL : ALL +#-:ALL:ALL diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml index d686d92b..7ae512e5 100644 --- a/modules/pam_access/access.conf.5.xml +++ b/modules/pam_access/access.conf.5.xml @@ -139,7 +139,7 @@ <emphasis>tty1</emphasis>, ..., <emphasis>tty5</emphasis>, <emphasis>tty6</emphasis>. </para> - <para>+ : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6</para> + <para>+:root:crond :0 tty1 tty2 tty3 tty4 tty5 tty6</para> <para> User <emphasis>root</emphasis> should be allowed to get access from @@ -147,8 +147,8 @@ connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too. </para> - <para>+ : root : 192.168.200.1 192.168.200.4 192.168.200.9</para> - <para>+ : root : 127.0.0.1</para> + <para>+:root:192.168.200.1 192.168.200.4 192.168.200.9</para> + <para>+:root:127.0.0.1</para> <para> User <emphasis>root</emphasis> should get access from network @@ -158,44 +158,44 @@ <emphasis>192.168.201.0/24</emphasis> or <emphasis>192.168.201.0/255.255.255.0</emphasis>. </para> - <para>+ : root : 192.168.201.</para> + <para>+:root:192.168.201.</para> <para> User <emphasis>root</emphasis> should be able to have access from hosts <emphasis>foo1.bar.org</emphasis> and <emphasis>foo2.bar.org</emphasis> (uses string matching also). </para> - <para>+ : root : foo1.bar.org foo2.bar.org</para> + <para>+:root:foo1.bar.org foo2.bar.org</para> <para> User <emphasis>root</emphasis> should be able to have access from domain <emphasis>foo.bar.org</emphasis> (uses string matching also). </para> - <para>+ : root : .foo.bar.org</para> + <para>+:root:.foo.bar.org</para> <para> User <emphasis>root</emphasis> should be denied to get access from all other sources. </para> - <para>- : root : ALL</para> + <para>-:root:ALL</para> <para> User <emphasis>foo</emphasis> and members of netgroup <emphasis>admins</emphasis> should be allowed to get access from all sources. This will only work if netgroup service is available. </para> - <para>+ : @admins foo : ALL</para> + <para>+:@admins foo:ALL</para> <para> User <emphasis>john</emphasis> and <emphasis>foo</emphasis> should get access from IPv6 host address. </para> - <para>+ : john foo : 2001:db8:0:101::1</para> + <para>+:john foo:2001:db8:0:101::1</para> <para> User <emphasis>john</emphasis> should get access from IPv6 net/mask. </para> - <para>+ : john : 2001:db8:0:101::/64</para> + <para>+:john:2001:db8:0:101::/64</para> <para> Disallow console logins to all but the shutdown, sync and all @@ -206,7 +206,7 @@ <para> All other users should be denied to get access from all sources. </para> - <para>- : ALL : ALL</para> + <para>-:ALL:ALL</para> </refsect1> |