On Fri, Sep 19, 2003 at 07:23:03PM -0400, Christopher Todd wrote: > I *am* fairly new to OpenBSD, though I am experienced with other > *nixes, so if I have missed the appropriate section of the > documentation, please feel free to tell me to RTFM (though pointing me > to the right section would be helpful :)
No, authpf currently ignores users' groups when picking rulesets to load. I guess that could be a useful addition. If we can find an intuitive order. A user can be in several groups, one of which is his primary group. What order would you want for ruleset search? First try users/$USER/authpf.rules, if not found try groups/$GROUP/authpf.rules with the user's primary group, if not found try the user's other groups, and if not found, use the default authpf.rules? Right now, you could create such group rulesets, and put symlinks pointing to them into users/$USER/authpf.rules. If you edit a group ruleset, the change will affect all users symlinking to it. The downside is that you'll have to setup symlinks whenever you add users. Daniel
