From 01ecfbef49a18b501927a8166fc92a6f3903cdf5 Mon Sep 17 00:00:00 2001 From: Dante Catalfamo Date: Sun, 30 May 2021 13:56:36 -0400 Subject: bsd-auth: more on auth_approval... I'm getting confused about this one --- .../posts/WIP-how-bsd-authentication-works/index.org | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'content') diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index ba56274..ab65930 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -2272,12 +2272,20 @@ #+end_src @@html: @@ - =auth_approval= is used to check user =name= against approval script - for service =type=. According to the man pages, approval scripts are - generally much simpler than the full login modules used by the other - functions. They often run with limited information and instead of - explicitly allowing or denying users with specific conditions, they - may either exit with a zero or non-zero status to signal approval. + =auth_approval= is used to check a user against approval script for + service =type=. + + It returns either =0= for disapproval, or non-zero for approval. + + Approval scripts can be much simpler than the full login modules + used by the other functions. They may run with limited information + and instead of explicitly allowing or denying users with specific + conditions. They are given the same back-channel as auth modules, + but may also either exit with a zero status for approval, or + non-zero status to signal disapproval. + + Approval scrips receive arguments in the same format as auth + modules. <> -- cgit v1.2.3