From d8ce9f1674e3b499d908791dd7bc258b6aa0ce7f Mon Sep 17 00:00:00 2001 From: Dante Catalfamo Date: Sun, 30 May 2021 13:34:59 -0400 Subject: bsd-auth: More docs for auth_approval, fix error in auth_call docs --- content/posts/WIP-how-bsd-authentication-works/index.org | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'content/posts/WIP-how-bsd-authentication-works') diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index 01919e8..ba56274 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -1449,8 +1449,8 @@ _add_rmlist(as, line); #+end_src - After scanning is complete, the resulting status is checked against - a bitmask to ensure the result is either only accept or only reject. + After scanning is complete, the exit status of the process is + checked. A non-zero exit status means the request will get denied. An =okay= value is then defined by masking the state with the value =AUTH_ALLOW=. @@ -2273,7 +2273,11 @@ @@html: @@ =auth_approval= is used to check user =name= against approval script - for service =type=. + for service =type=. According to the man pages, approval scripts are + generally much simpler than the full login modules used by the other + functions. They often run with limited information and instead of + explicitly allowing or denying users with specific conditions, they + may either exit with a zero or non-zero status to signal approval. <> -- cgit v1.2.3