svn commit: samba-docs r328 - in trunk/manpages: .

Andrew Bartlett abartlet at samba.org
Thu Jan 20 22:39:59 GMT 2005


On Thu, 2005-01-20 at 22:28 +0000, gd at samba.org wrote:
> Author: gd
> Date: 2005-01-20 22:28:27 +0000 (Thu, 20 Jan 2005)
> New Revision: 328
> 
> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=328
> 
> Log:
> Start documenting pam_winbind's options. Maybe someone more fluent in
> english can look over it...

> +		<varlistentry>
> +		<term>require_membership_of=[SID or NAME]</term>
> +		<listitem><para>
> +		If this option is set, pam_winbind will only succeed if the
> +		user is a member of the given SID or NAME. A SID can be either a group-SID, a
> +		alias-SID or even a user-SID. It is also possible to give a NAME instead of the
> +		SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
> +		<parameter>MYDOMAIN\myuser</parameter>.  pam_winbind will, in that case, lookup
> +		the SID internally. You can verify the list of SIDs a user is a member of with
> +		wbinfo --user-sids=SID.
> +		</para></listitem>
> +		</varlistentry>

Just watch out that PAM does not allow us to have spaces in options, and
even quotes are ignored.  That means that for practical purposes, that
option parameter must be a SID.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050121/ff4264b1/attachment.bin


More information about the samba-technical mailing list