mirrors/pam-modules
1
0
Fork 0
mirror of git://git.gnu.org.ua/pam-modules.git synced 2025-04-26 00:19:52 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Document user-keys-boundary

Browse source
This commit is contained in:
Sergey Poznyakoff 2015-01-30 14:45:25 +02:00
parent 946c85c169
commit 30d6e72e17
3 changed files with 50 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

18
NEWS
View file

@ -1,4 +1,4 @@
pam-modules -- history of user-visible changes. 2015-01-28
pam-modules -- history of user-visible changes. 2015-01-30
Copyright (C) 2001, 2004-2005, 2007-2012, 2015 Sergey Poznyakoff
See the end of file for copying conditions.
@ -16,6 +16,22 @@ This is in addition to its regular configuration file.
To run the command with root privileges, the configuration
variable initrc-root must be set to true.
* New pam_ldaphome variable: user-keys-boundary
User key files can contain both keys managed by pam_ldaphome and
added by the user. These two groups of keys must be separated by
a special comment line, which informs pam_ldaphome that all keys
below it must be retained.
This feature is enabled by the user-keys-boundary configuration
setting. Its value defines a string which, when used after a
'#' character, forms the delimiting comment. E.g. if the
configuration file contains:
user-keys-boundary :user
then the line '#:user' can be used to delimit ldap-synchronized
and user-specific keys.
Version 1.9, 2014-05-21

19
doc/pam-modules.texi
View file

@ -1338,6 +1338,25 @@ later with @command{ldappubkey} as @samp{AuthorizedKeysCommand}.
Sets the mode (octal) for the created authorized keys file.
@end deffn
@deffn {pam_ldaphome config} user-keys-boundary @var{string}
User key files can contain both keys managed by @command{pam_ldaphome}
and added by the user. These two groups of keys must be separated by
a special comment line, which informs the module that all keys
below it must be retained.
This feature is enabled by the @code{user-keys-boundary} setting.
The delimiting comment is formed as @samp{#@var{string}}. E.g. if the
configuration file contains:
@example
user-keys-boundary :user-defined
@end example
@noindent
then the line @samp{#:user-defined} can be used to delimit
ldap-synchronized and user-specific keys.
@end deffn
@subheading Access control
@deffn {pam_ldaphome config} allow-groups @var{group} [@var{group}...]
Only handle members of the listed groups.

15
doc/pam_ldaphome.8in
View file

@ -14,7 +14,7 @@
.\" You should have received a copy of the GNU General Public License
.\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>.
.so config.so
.TH PAM_LDAPHOME 8 "January 28, 2015" "PAM-MODULES" "Pam-Modules User Reference"
.TH PAM_LDAPHOME 8 "January 30, 2015" "PAM-MODULES" "Pam-Modules User Reference"
.SH NAME
pam_ldaphome \- create and populate user home directories
.SH SYNOPSIS
@ -149,6 +149,19 @@ later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR.
.TP
.BI keyfile\-mode " MODE"
Defines the file mode (octal) for creation of authorized keys files.
.TP
.BI user\-keys\-boundary " STRING"
User key files can contain both keys managed by \fBpam_ldaphome\fR and
added by the user. These two groups of keys must be separated by
a special comment line, which informs the module that all keys
below it must be retained.
This feature is enabled by the \fBuser\-keys\-boundary\fR setting.
The delimiting comment is formed by \fB#\fR character immediately
followed by \fISTRING\fR. E.g. if the configuration file contains
.BR "user\-keys\-boundary :user-defined" ,
then the line \fB#:user-defined\fR can be used to delimit ldap-synchronized
and user-specific keys.
.SS Access control
.TP
\fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...]