Hi Renauld, On 08/26/15 09:38, Renaud Allard wrote: > I rewrote a little bit the patch to remove a small kind-of typo in the > manpage and remove too long lines. > So with this patch, you add the user the right to choose the authentication > style and administratively, in login.conf, you can restrict it. > > Any comments? OK?
I left some comments inline > > Index: doas.1 > =================================================================== > RCS file: /cvs/src/usr.bin/doas/doas.1,v > retrieving revision 1.14 > diff -u -r1.14 doas.1 > --- doas.1 27 Jul 2015 17:57:06 -0000 1.14 > +++ doas.1 26 Aug 2015 13:34:14 -0000 > @@ -40,6 +40,16 @@ > .Pp > The options are as follows: > .Bl -tag -width tenletters > +.It Fl a Ar style The usage string under SYNOPSIS should be updated too. > +The > +.Fl a > +(authentication style) option causes > +.Nm > +to use the specified authentication style when validating the user, > +as allowed by /etc/login.conf. I think the two instances of `/etc/login.conf' should be specified using the Pa macro, so that doas(1) also shows up if `apropos Pa=/etc/login.conf' is executed, which currently gives plenty of results. > +The system administrator may specify a list of doas-specific > +authentication methods by adding an ``auth-doas'' Instead of ``...'', I think Sq or Dq should be used. > +entry in /etc/login.conf. > .It Fl C Ar config > Parse and check the configuration file > .Ar config , Regards, Michael
