diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 12:44:11 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 12:44:11 -0800 |
| commit | efd31890b5ed496a5a00c08a262da240e66a4ddc (patch) | |
| tree | 22a7aab22b3a491bb58df250d7d6409e0c160bcc /Linux-PAM/modules/pam_access/README | |
| parent | 067affee9267fa0d1c21835182ba639ba33e820f (diff) | |
| download | pam-efd31890b5ed496a5a00c08a262da240e66a4ddc.tar.gz pam-efd31890b5ed496a5a00c08a262da240e66a4ddc.tar.bz2 pam-efd31890b5ed496a5a00c08a262da240e66a4ddc.zip | |
New upstream version 0.76
Diffstat (limited to 'Linux-PAM/modules/pam_access/README')
| -rw-r--r-- | Linux-PAM/modules/pam_access/README | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/Linux-PAM/modules/pam_access/README b/Linux-PAM/modules/pam_access/README new file mode 100644 index 00000000..ddd4725f --- /dev/null +++ b/Linux-PAM/modules/pam_access/README @@ -0,0 +1,44 @@ +# Description of its configuration file +# +# (The default config file is "/etc/security/access.conf". This +# default can be overridden with a module config argument +# 'accessfile=<full-path>'): +# +# Login access control table. +# +# When someone logs in, the table is scanned for the first entry that +# matches the (user, host) combination, or, in case of non-networked +# logins, the first entry that matches the (user, tty) combination. The +# permissions field of that table entry determines whether the login will +# be accepted or refused. +# +# Format of the login access control table is three fields separated by a +# ":" character: +# +# permission : users : origins +# +# The first field should be a "+" (access granted) or "-" (access denied) +# character. +# +# The second field should be a list of one or more login names, group +# names, or ALL (always matches). A pattern of the form user@host is +# matched when the login name matches the "user" part, and when the +# "host" part matches the local machine name. +# +# The third field should be a list of one or more tty names (for +# non-networked logins), host names, domain names (begin with "."), host +# addresses, internet network numbers (end with "."), ALL (always +# matches) or LOCAL (matches any string that does not contain a "." +# character). +# +# If you run NIS you can use @netgroupname in host or user patterns; this +# even works for @usergroup@@hostgroup patterns. Weird. +# +# The EXCEPT operator makes it possible to write very compact rules. +# +# The group file is searched only when a name does not match that of the +# logged-in user. Both the user's primary group is matched, as well as +# groups in which users are explicitly listed. +# +# Alexei Nogin <alexei@nogin.dnttm.ru> 1997/06/15 +############################################################################ |