From 940747f88c16e029b69a74e80a2e94f65cb3e628 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 14 Nov 2024 10:27:28 +0100 Subject: pam_access: rework resolving of tokens as hostname * modules/pam_access/pam_access.c: separate resolving of IP addresses from hostnames. Don't resolve TTYs or display variables as hostname (#834). Add "nodns" option to disallow resolving of tokens as hostname. * modules/pam_access/pam_access.8.xml: document nodns option * modules/pam_access/access.conf.5.xml: document that hostnames should be written as FQHN. --- modules/pam_access/pam_access.8.xml | 46 +++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 15 deletions(-) (limited to 'modules/pam_access/pam_access.8.xml') diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml index c991d7a0..71a4f7ee 100644 --- a/modules/pam_access/pam_access.8.xml +++ b/modules/pam_access/pam_access.8.xml @@ -22,11 +22,14 @@ debug + + noaudit + nodefgroup - noaudit + nodns quiet_log @@ -132,6 +135,33 @@ + + + nodefgroup + + + + User tokens which are not enclosed in parentheses will not be + matched against the group database. The backwards compatible default is + to try the group database match even for tokens not enclosed + in parentheses. + + + + + + + nodns + + + + Do not try to resolve tokens as hostnames, only IPv4 and IPv6 + addresses will be resolved. Which means to allow login from a + remote host, the IP addresses need to be specified in access.conf. + + + + quiet_log @@ -185,20 +215,6 @@ - - - nodefgroup - - - - User tokens which are not enclosed in parentheses will not be - matched against the group database. The backwards compatible default is - to try the group database match even for tokens not enclosed - in parentheses. - - - - -- cgit v1.2.3