Hello, I'm very glad for IPv6 support in pam_access. However I met a problem that line -:user:ALL EXCEPT LOCAL allows logging via IPv6 protocol (PAM_RHOST is something like 2001:abcd::1). According manual page the LOCAL keyword matches all tokens without '.' (dot) character. The motivation is clear: domain names and IPv4 addresses contains dot, so local logins (from console or local X11 display) can be matched. Accidently, "new" IP protocol has addresses without dots. So, rigid semantic and human interception don't align. Thus, I ask: Should we change the dot rule or should we add remarks to documentation about it? -- Petr _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
