Changeset View
Standalone View
lib/libpam/modules/pam_login_access/pam_login_access.8
Show All 28 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd January 24, 2002 | .Dd March 2, 2019 | ||||
.Dt PAM_LOGIN_ACCESS 8 | .Dt PAM_LOGIN_ACCESS 8 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm pam_login_access | .Nm pam_login_access | ||||
.Nd login.access PAM module | .Nd login.access PAM module | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Op Ar service-name | .Op Ar service-name | ||||
.Ar module-type | .Ar module-type | ||||
.Ar control-flag | .Ar control-flag | ||||
.Pa pam_login_access | .Pa pam_login_access | ||||
.Op Ar options | .Op Ar options | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
The | The | ||||
.Pa login.access | .Pa login.access | ||||
service module for PAM, | service module for PAM, | ||||
.Nm | .Nm | ||||
provides functionality for only one PAM category: | provides functionality for only one PAM category: | ||||
account management. | account management. | ||||
In terms of the | In terms of the | ||||
.Ar module-type | .Ar module-type | ||||
parameter, this is the | parameter, this is the | ||||
.Dq Li account | .Dq Li account | ||||
feature. | feature. | ||||
.Bl -tag -width ".Cm nodefgroup" | |||||
.It Cm accessfile Ns = Ns Ar pathname | |||||
specifies a non-standard location for the | |||||
.Pa login.access | |||||
configuration file | |||||
(normally located in | |||||
.Pa /etc/login.access ) . | |||||
.It Cm nodefgroup | |||||
only matches users not enclosed in parentheses, requiring groups be | |||||
specified in parentheses. This is not backwards compatible with legacy | |||||
bcr: Another line break is needed here after the sentence stop. | |||||
.Pa login.access | |||||
configuration files. However this mitigates confusion between users and | |||||
bcrUnsubmitted Done Inline ActionsAnother line break needed here. bcr: Another line break needed here.
s/However/However,/ | |||||
groups of the same name. | |||||
.It Cm debug | |||||
sends additional debugging information to | |||||
.Xr syslog 3 . | |||||
.It Cm fieldsep Ns = Ns Ar separators | |||||
Not Done Inline ActionsThere are Po and Pc macros for open- and close-parenthesis, though style takes no stance on their use versus the literal characters. bjk: There are Po and Pc macros for open- and close-parenthesis, though style takes no stance on… | |||||
Done Inline ActionsThere are a number of parentheses in both man pages. If these are to be changed I should have a commit that converts the existing parentheses before this commit. I'm leaning toward not changing them. cy: There are a number of parentheses in both man pages. If these are to be changed I should have a… | |||||
changes the field separator from the default ":". More than one separator | |||||
bcrUnsubmitted Done Inline ActionsSentence stop = break the line. bcr: Sentence stop = break the line. | |||||
may be specified. | |||||
Done Inline ActionsI think this could be misinterpreted. Perhaps "makes tokens not enclosed in parentheses only match users, requiring groups to be specified in parentheses. This is not [...], which intermingle user and group names, with user entries taking precedence over group entries." is better, at the risk of being verbose. bjk: I think this could be misinterpreted. Perhaps "makes tokens not enclosed in parentheses only… | |||||
.It Cm listsep Ns = Ns Ar separators | |||||
changes the field separator from the default space (''), tab (\\t) and | |||||
comma (,). More than one separator may be specified. For example, listsep=; | |||||
bcrUnsubmitted Done Inline ActionsLine break needed here after the sentence stop. bcr: Line break needed here after the sentence stop. | |||||
will replace the default with a semicolon (;). This option may be useful | |||||
bcrUnsubmitted Done Inline Actions... and one more time here. bcr: ... and one more time here. | |||||
when specifying Active Directory groupnames which typically contain spaces. | |||||
.Ss Login.access Account Management Module | .Ss Login.access Account Management Module | ||||
The | The | ||||
Done Inline ActionsI'm not sure what this is doing here. bjk: I'm not sure what this is doing here. | |||||
Done Inline ActionsThat was due to a git mismerge. Thanks for catching this. This as originally one large commit but I've separated it out into smaller commits. cy: That was due to a git mismerge. Thanks for catching this. This as originally one large commit… | |||||
.Pa login.access | .Pa login.access | ||||
account management component | account management component | ||||
.Pq Fn pam_sm_acct_mgmt , | .Pq Fn pam_sm_acct_mgmt , | ||||
returns success if and only the user is allowed to log in on the | returns success if and only the user is allowed to log in on the | ||||
specified tty (in the case of a local login) or from the specified | specified tty (in the case of a local login) or from the specified | ||||
remote host (in the case of a remote login), according to the | remote host (in the case of a remote login), according to the | ||||
restrictions listed in | restrictions listed in | ||||
.Xr login.access 5 . | .Xr login.access 5 . | ||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
Done Inline ActionsThe width is supposed to be of the widest element, which is now IIUC "accessfile=pathname". bjk: The width is supposed to be of the widest element, which is now IIUC "accessfile=pathname".
It… | |||||
.Xr syslog 3 , | |||||
.Xr login.access 5 , | .Xr login.access 5 , | ||||
.Xr pam.conf 5 , | .Xr pam.conf 5 , | ||||
.Xr pam 8 | .Xr pam 8 | ||||
.Sh AUTHORS | .Sh AUTHORS | ||||
The | The | ||||
.Xr login.access 5 | .Xr login.access 5 | ||||
access control scheme was designed and implemented by | access control scheme was designed and implemented by | ||||
.An Wietse Venema . | .An Wietse Venema . | ||||
Show All 10 Lines |
Another line break is needed here after the sentence stop.