From 01ecfbef49a18b501927a8166fc92a6f3903cdf5 Mon Sep 17 00:00:00 2001
From: Dante Catalfamo
Date: Sun, 30 May 2021 13:56:36 -0400
Subject: bsd-auth: more on auth_approval... I'm getting confused about this
 one

---
 .../posts/WIP-how-bsd-authentication-works/index.org | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'content/posts')

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index ba56274..ab65930 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -2272,12 +2272,20 @@
   #+end_src
   @@html: </details> @@
 
-  =auth_approval= is used to check user =name= against approval script
-  for service =type=. According to the man pages, approval scripts are
-  generally much simpler than the full login modules used by the other
-  functions. They often run with limited information and instead of
-  explicitly allowing or denying users with specific conditions, they
-  may either exit with a zero or non-zero status to signal approval.
+  =auth_approval= is used to check a user against approval script for
+  service =type=.
+
+  It returns either =0= for disapproval, or non-zero for approval.
+
+  Approval scripts can be much simpler than the full login modules
+  used by the other functions. They may run with limited information
+  and instead of explicitly allowing or denying users with specific
+  conditions. They are given the same back-channel as auth modules,
+  but may also either exit with a zero status for approval, or
+  non-zero status to signal disapproval.
+
+  Approval scrips receive arguments in the same format as auth
+  modules.
 
   <<here>>
 
-- 
cgit v1.2.3