rlm_passwd - etc_group

Synopsis

An example of the passwd configuration, which reads the /etc/group file.

Adds an Etc-Group-Name attribute for every group of which the user is member. The Etc-Group-Name in the dictionary file must be defined as an attribute of string type.

The Group and Group-Name attributes are automatically created by the Unix module, and they are checked against the /etc/group automatically. This means that Group or Group-Name cannot be used to do any other kind of grouping in the server.

A new group attribute must be defined, i.e., this module should not be used as-is, but should be edited to point to a different group file.

Default configuration

Processing Sections

Any.

Expansions

None.

Directives

allowmultiplekeys
Syntax

allowmultiplekeys = boolean

Default

yes

Description

Multiple keys are allowed for each record.

delimiter
Syntax

delimiter = string

Default

:

Description

Field delimiter which separates the records.

filename
Syntax

filename = string

Default

/etc/group

Description

Name of the file to read.

format
Syntax

format = string

Default

=Etc-Group-Name:::*,User-Name

Description

The format used by the /etc/group file. The format string and delimiter define how each line of the /etc/group file is read. The above configuration means:

  • The /etc/group file has lines with fields delimited by colons (:).

  • The first field maps to the Etc-Group-Name attribute.

  • The next two fields are ignored

  • The final field is composed of one or more names, separated by commas (,)

  • The names are interpreted as User-Name attributes

When the server receives a request, the etc_group module looks up the User-Name attribute in the cached copy of the /etc/group file. For each entry that matches, a Etc-Group-Name attribute is added to the control list, which contains the name of the group the user is a member of.

hashsize
Syntax

hashsize = integer

Default

50

Description

The size of the hash table. It should be set to a large value. Future versions of the server will remove this entry.

ignorenislike
Syntax

ignorenislike = boolean

Default

yes

Description

Ignore NIS related records.