diff options
author | Andreas Schneider <asn@samba.org> | 2020-07-17 12:14:16 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-08-06 12:18:20 +0000 |
commit | c8507d0af5c382b7a90294cd921a5b919869b12b (patch) | |
tree | 62186e494e6f4eb122c625cdf999806ada055289 | |
parent | 76d466f579f13fa116ecd0b5c2395387415cae55 (diff) | |
download | samba-c8507d0af5c382b7a90294cd921a5b919869b12b.tar.gz |
docs: Fix documentation for require_membership_of of pam_winbind.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit 71b7140fd0a33e7e8c5bf37c2897cea8224b3f01)
-rw-r--r-- | docs-xml/manpages/pam_winbind.conf.5.xml | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml index 193a0dc971c..ea35d3f6245 100644 --- a/docs-xml/manpages/pam_winbind.conf.5.xml +++ b/docs-xml/manpages/pam_winbind.conf.5.xml @@ -69,9 +69,12 @@ If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or - <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that - NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a - user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default. + <parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of + <parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form + <parameter>user@REALM</parameter> or <parameter>group@REALM</parameter>. pam_winbind will, in that case, lookup + the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can + verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>. + This setting is empty by default. </para> <para>This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login).</para> </listitem> |