From 940747f88c16e029b69a74e80a2e94f65cb3e628 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@suse.com>
Date: Thu, 14 Nov 2024 10:27:28 +0100
Subject: pam_access: rework resolving of tokens as hostname

* modules/pam_access/pam_access.c: separate resolving of IP addresses
  from hostnames. Don't resolve TTYs or display variables as hostname
  (#834).
  Add "nodns" option to disallow resolving of tokens as hostname.
* modules/pam_access/pam_access.8.xml: document nodns option
* modules/pam_access/access.conf.5.xml: document that hostnames should
  be written as FQHN.
---
 modules/pam_access/access.conf.5.xml | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'modules/pam_access/access.conf.5.xml')

diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
index 0b93db00..10b8ba92 100644
--- a/modules/pam_access/access.conf.5.xml
+++ b/modules/pam_access/access.conf.5.xml
@@ -233,6 +233,10 @@
       An IPv6 link local host address must contain the interface
       identifier. IPv6 link local network/netmask is not supported.
     </para>
+    <para>
+      Hostnames should be written as Fully-Qualified Host Name (FQHN) to avoid
+      confusion with device names or PAM service names.
+    </para>
   </refsect1>
 
   <refsect1 xml:id="access.conf-see_also">
-- 
cgit v1.2.3