8fc5e81cde
- pam_access-doc-IPv6-link-local.patch:
Document only partial supported IPv6 link local addresses
- pam_access-hostname-debug.patch:
Don't print error if we cannot resolve a hostname, does not
need to be a hostname
- pam_shells-fix-econf-memory-leak.patch:
Free econf keys variable
- disable-examples.patch:
Don't build examples
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=278
64 lines
2.2 KiB
Diff
64 lines
2.2 KiB
Diff
From 4ba3105511c3a55fc750a790f7310c6d7ebfdfda Mon Sep 17 00:00:00 2001
|
|
From: Thorsten Kukuk <kukuk@suse.com>
|
|
Date: Thu, 3 Aug 2023 17:11:32 +0200
|
|
Subject: [PATCH] pam_access: document IPv6 link-local addresses (#582)
|
|
|
|
* modules/pam_access/access.conf.5.xml: Add example and note for IPv6
|
|
link-local addresses
|
|
* modules/pam_access/access.conf: Add example for IPv6 link-local
|
|
addresses
|
|
---
|
|
modules/pam_access/access.conf | 3 +++
|
|
modules/pam_access/access.conf.5.xml | 12 +++++++++++-
|
|
2 files changed, 14 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf
|
|
index 47b6b84c1..9c8e21716 100644
|
|
--- a/modules/pam_access/access.conf
|
|
+++ b/modules/pam_access/access.conf
|
|
@@ -115,6 +115,9 @@
|
|
# User "john" should get access from ipv6 host address (same as above)
|
|
#+:john:2001:4ca0:0:101:0:0:0:1
|
|
#
|
|
+# User "john" should get access from ipv6 local link host address
|
|
+#+:john:fe80::de95:818c:1b55:7e42%eth0
|
|
+#
|
|
# User "john" should get access from ipv6 net/mask
|
|
#+:john:2001:4ca0:0:101::/64
|
|
#
|
|
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
|
|
index ff1cb2237..2dc5d477c 100644
|
|
--- a/modules/pam_access/access.conf.5.xml
|
|
+++ b/modules/pam_access/access.conf.5.xml
|
|
@@ -188,6 +188,12 @@
|
|
</para>
|
|
<para>+:john foo:2001:db8:0:101::1</para>
|
|
|
|
+ <para>
|
|
+ User <emphasis>john</emphasis> and <emphasis>foo</emphasis>
|
|
+ should get access from IPv6 link local host address.
|
|
+ </para>
|
|
+ <para>+:john foo:fe80::de95:818c:1b55:7e42%eth1</para>
|
|
+
|
|
<para>
|
|
User <emphasis>john</emphasis> should get access from IPv6 net/mask.
|
|
</para>
|
|
@@ -222,6 +228,10 @@
|
|
item and the line will be most probably ignored. For this reason, it is not
|
|
recommended to put spaces around the ':' characters.
|
|
</para>
|
|
+ <para>
|
|
+ An IPv6 link local host address must contain the interface
|
|
+ identifier. IPv6 link local network/netmask is not supported.
|
|
+ </para>
|
|
</refsect1>
|
|
|
|
<refsect1 xml:id="access.conf-see_also">
|
|
@@ -246,4 +256,4 @@
|
|
introduced by Mike Becher <mike.becher@lrz-muenchen.de>.
|
|
</para>
|
|
</refsect1>
|
|
-</refentry>
|
|
\ No newline at end of file
|
|
+</refentry>
|