diff options
author | Andreas Schneider <asn@samba.org> | 2020-07-17 12:14:16 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2020-08-10 09:25:17 +0000 |
commit | 983b35fdcf85826d3b667c8c5b0234402a6863c7 (patch) | |
tree | 2f65efb65eaeda33e775946b213d74f8ff92b0b3 /docs-xml | |
parent | f2f122d65a7e9377772a6ce0dca97a2e45bb22fc (diff) | |
download | samba-983b35fdcf85826d3b667c8c5b0234402a6863c7.tar.gz |
docs: Fix documentation for require_membership_of of pam_winbind.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit 71b7140fd0a33e7e8c5bf37c2897cea8224b3f01)
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/manpages/pam_winbind.conf.5.xml | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml index c4a7771fb31..0bc288f91a1 100644 --- a/docs-xml/manpages/pam_winbind.conf.5.xml +++ b/docs-xml/manpages/pam_winbind.conf.5.xml @@ -69,9 +69,12 @@ If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or - <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that - NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a - user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default. + <parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of + <parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form + <parameter>user@REALM</parameter> or <parameter>group@REALM</parameter>. pam_winbind will, in that case, lookup + the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can + verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>. + This setting is empty by default. </para> <para>This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login).</para> </listitem> |