bsd-auth: more on auth_approval... I'm getting confused about this one

1 files changed, 14 insertions, 6 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index ba56274..ab65930 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -2272,12 +2272,20 @@
   #+end_src
   @@html: </details> @@
 
-  =auth_approval= is used to check user =name= against approval script
-  for service =type=. According to the man pages, approval scripts are
-  generally much simpler than the full login modules used by the other
-  functions. They often run with limited information and instead of
-  explicitly allowing or denying users with specific conditions, they
-  may either exit with a zero or non-zero status to signal approval.
+  =auth_approval= is used to check a user against approval script for
+  service =type=.
+
+  It returns either =0= for disapproval, or non-zero for approval.
+
+  Approval scripts can be much simpler than the full login modules
+  used by the other functions. They may run with limited information
+  and instead of explicitly allowing or denying users with specific
+  conditions. They are given the same back-channel as auth modules,
+  but may also either exit with a zero status for approval, or
+  non-zero status to signal disapproval.
+
+  Approval scrips receive arguments in the same format as auth
+  modules.
 
   <<here>>