diff options
Diffstat (limited to 'man/nslcd.conf.5.xml.in')
-rw-r--r-- | man/nslcd.conf.5.xml.in | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/man/nslcd.conf.5.xml.in b/man/nslcd.conf.5.xml.in index eefc0b7..b660aa1 100644 --- a/man/nslcd.conf.5.xml.in +++ b/man/nslcd.conf.5.xml.in @@ -224,43 +224,6 @@ </listitem> </varlistentry> - <varlistentry id="pam_authz_search"> <!-- since 0.7.4 --> - <term><option>pam_authz_search</option> - <replaceable>FILTER</replaceable></term> - <listitem> - <para> - This option allows flexible fine tuning of the authorisation check that - should be performed. The search filter specified is executed and - if any entries match, access is granted, otherwise access is denied. - </para> - <para> - The search filter can contain the following variable references: - <literal>$username</literal>, <literal>$service</literal>, - <literal>$ruser</literal>, <literal>$rhost</literal>, - <literal>$tty</literal>, <literal>$hostname</literal>, - <literal>$fqdn</literal>, <!-- since 0.8.1 --> - <literal>$dn</literal>, and <literal>$uid</literal>. - These references are substituted in the search filter using the - same syntax as described in the section on attribute mapping - expressions below. - </para> - <para> - For example, to check that the user has a proper <literal>authorizedService</literal> - value if the attribute is present (this almost emulates the - <option>pam_check_service_attr</option> option in PADL's pam_ldap): - <literallayout><literal>(&(objectClass=posixAccount)(uid=$username)(|(authorizedService=$service)(!(authorizedService=*))))</literal></literallayout> - </para> - <para> - The <option>pam_check_host_attr</option> option can be emulated with: - <literallayout><literal>(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))</literal></literallayout> - </para> - <para> <!-- since 0.8.9 --> - This option may be specified multiple times and all specified searches - should at least return one entry for access to be granted. - </para> - </listitem> - </varlistentry> - <varlistentry id="pam_password_prohibit_message"> <!-- since 0.8.11 --> <term><option>pam_password_prohibit_message</option> "<replaceable>MESSAGE</replaceable>"</term> |