AIXNoRLogin
In Bug#1896,
support for checking some AIX-specific functions for whether a login
should be accepted was added; this happens only on AIX servers, of course.
However, some AIX admins like to configure "rlogin=false", yet still want
to allow FTP logins. To enable this specific behavior, a new
AuthUnixOptions
setting (only honored on AIX) was added:
AuthUnixOptions AIXNoRLogin
If this setting is used on any other server, it is silently ignored.
Bug#3300 has
the full details.
MagicTokenChroot
This option causes mod_auth_unix
to examine the home
directory retrieved for a user for the magic "/./" token. If found,
the portion of the directory before the token will be used for the
chroot()
for the process; the portion after the token
will be the default directory for the process.
Note that this will override any configured DefaultRoot
and DefaultChdir
directives.
This option is intended for use for sites which are migrating from
old wuftpd
-based installations.
NoGetgrouplist
On systems which support it, the getgrouplist(3)
function
can be used to get the group membership list of a user in a much
faster way. However, use of this function can have strange interactions
with NSS modules, depending on the NSS modules used (see
Bug#3475).
Use this option to disable use of the getgrouplist(3)
function, e.g.:
AuthUnixOptions NoGetgrouplist
This setting has no effect on systems which do not support the
getgrouplist(3)
function.
NoInitgroups
On systems which support it, the initgroups(3)
function
can be used to get the group membership list of a user in a much
faster way. However, there are limits to the number of groups to which
a user can belong, use of this function means that groups which exceed
that limit will be silently ignored. Thus for sites which need
users to belong to a large number of groups, use this option to
disable the use of the initgroups(3)
function, e.g.:
AuthUnixOptions NoInitgroups
This setting has no effect on systems which do not support the
initgroups(3)
function.