Merge pull request #17251 from keszybz/two-man-pages-tweaks
The remaining man page issues listed in #17177
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
GitHub
commit
bf645844f7
|
|
@ -357,11 +357,11 @@
|
||||||
|
|
||||||
<listitem><para>Takes a path to a Linux <literal>hidraw</literal> device
|
<listitem><para>Takes a path to a Linux <literal>hidraw</literal> device
|
||||||
(e.g. <filename>/dev/hidraw1</filename>), referring to a FIDO2 security token implementing the
|
(e.g. <filename>/dev/hidraw1</filename>), referring to a FIDO2 security token implementing the
|
||||||
<literal>hmac-secret</literal> extension, that shall be able to unlock the user account. If used, a
|
<literal>hmac-secret</literal> extension that shall be able to unlock the user account. A random salt
|
||||||
random salt value is generated on the host, which is passed to the FIDO2 device, which calculates a
|
value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the
|
||||||
HMAC hash of it, keyed by its internal secret key. The result is then used as key for unlocking the
|
salt using an internal secret key. The result is then used as the key to unlock the user account. The
|
||||||
user account. The random salt is included in the user record, so that whenever authentication is
|
random salt is included in the user record, so that whenever authentication is needed it can be
|
||||||
needed it can be passed again to the FIDO2 token, to retrieve the actual key.</para>
|
passed to the FIDO2 token again.</para>
|
||||||
|
|
||||||
<para>Instead of a valid path to a FIDO2 <literal>hidraw</literal> device the special strings
|
<para>Instead of a valid path to a FIDO2 <literal>hidraw</literal> device the special strings
|
||||||
<literal>list</literal> and <literal>auto</literal> may be specified. If <literal>list</literal> is
|
<literal>list</literal> and <literal>auto</literal> may be specified. If <literal>list</literal> is
|
||||||
|
|
|
||||||
|
|
@ -125,16 +125,16 @@
|
||||||
<term><varname>KillOnlyUsers=</varname></term>
|
<term><varname>KillOnlyUsers=</varname></term>
|
||||||
<term><varname>KillExcludeUsers=</varname></term>
|
<term><varname>KillExcludeUsers=</varname></term>
|
||||||
|
|
||||||
<listitem><para>These settings take space-separated lists of usernames that override
|
<listitem><para>These settings take space-separated lists of usernames that override the
|
||||||
the <varname>KillUserProcesses=</varname> setting. A user name may be added to
|
<varname>KillUserProcesses=</varname> setting. A user name may be added to
|
||||||
<varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
|
<varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of that user from
|
||||||
that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
|
being killed even if <varname>KillUserProcesses=yes</varname> is set. If
|
||||||
<varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
|
<varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is excluded by
|
||||||
excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
|
default. <varname>KillExcludeUsers=</varname> may be set to an empty value to override this
|
||||||
to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
|
default. If a user is not excluded, <varname>KillOnlyUsers=</varname> is checked next. If this
|
||||||
is checked next. If this setting is specified, only the session scopes of those users
|
setting is specified, only the processes in the session scopes of those users will be
|
||||||
will be killed. Otherwise, users are subject to the
|
killed. Otherwise, users are subject to the <varname>KillUserProcesses=yes</varname> setting.
|
||||||
<varname>KillUserProcesses=yes</varname> setting.</para></listitem>
|
</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
||||||
|
|
@ -711,20 +711,16 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>DestinationPort=</varname></term>
|
<term><varname>DestinationPort=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Configures the default destination UDP port on a per-device basis.
|
<para>Configures the default destination UDP port. If the destination port is not specified then
|
||||||
If destination port is not specified then Linux kernel default will be used.
|
Linux kernel default will be used. Set to 4789 to get the IANA assigned value.</para>
|
||||||
Set destination port 4789 to get the IANA assigned value. If not set or if the
|
|
||||||
destination port is assigned the empty string the default port of 4789 is used.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>PortRange=</varname></term>
|
<term><varname>PortRange=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Configures VXLAN port range. VXLAN bases source
|
<para>Configures the source port range for the VXLAN. The kernel assigns the source UDP port based
|
||||||
UDP port based on flow to help the receiver to be able
|
on the flow to help the receiver to do load balancing. When this option is not set, the normal
|
||||||
to load balance based on outer header flow. It
|
range of local UDP ports is used.</para>
|
||||||
restricts the port range to the normal UDP local
|
|
||||||
ports, and allows overriding via configuration.</para>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue