From 4ba3105511c3a55fc750a790f7310c6d7ebfdfda Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 3 Aug 2023 17:11:32 +0200 Subject: pam_access: document IPv6 link-local addresses (#582) * modules/pam_access/access.conf.5.xml: Add example and note for IPv6 link-local addresses * modules/pam_access/access.conf: Add example for IPv6 link-local addresses --- modules/pam_access/access.conf | 3 +++ modules/pam_access/access.conf.5.xml | 12 +++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'modules/pam_access') diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf index 47b6b84c..9c8e2171 100644 --- a/modules/pam_access/access.conf +++ b/modules/pam_access/access.conf @@ -115,6 +115,9 @@ # User "john" should get access from ipv6 host address (same as above) #+:john:2001:4ca0:0:101:0:0:0:1 # +# User "john" should get access from ipv6 local link host address +#+:john:fe80::de95:818c:1b55:7e42%eth0 +# # User "john" should get access from ipv6 net/mask #+:john:2001:4ca0:0:101::/64 # diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml index ff1cb223..2dc5d477 100644 --- a/modules/pam_access/access.conf.5.xml +++ b/modules/pam_access/access.conf.5.xml @@ -188,6 +188,12 @@ +:john foo:2001:db8:0:101::1 + + User john and foo + should get access from IPv6 link local host address. + + +:john foo:fe80::de95:818c:1b55:7e42%eth1 + User john should get access from IPv6 net/mask. @@ -222,6 +228,10 @@ item and the line will be most probably ignored. For this reason, it is not recommended to put spaces around the ':' characters. + + An IPv6 link local host address must contain the interface + identifier. IPv6 link local network/netmask is not supported. + @@ -246,4 +256,4 @@ introduced by Mike Becher <mike.becher@lrz-muenchen.de>. - \ No newline at end of file + -- cgit v1.2.3