doc: Add Account plugin documentation from m4z

Signed-off-by: Sol Jerome <sol.jerome@gmail.com>

1 files changed, 90 insertions, 5 deletions

diff --git a/doc/server/plugins/generators/account.txt b/doc/server/plugins/generators/account.txt
index 3bae157cc..99c35c814 100644
--- a/doc/server/plugins/generators/account.txt
+++ b/doc/server/plugins/generators/account.txt
@@ -8,11 +8,11 @@ Account
 
 The account plugin manages authentication data, including
 
-* /etc/passwd
-* /etc/group
-* /etc/security/limits.conf
-* /etc/sudoers
-* /root/.ssh/authorized_keys
+* ``/etc/passwd``
+* ``/etc/group``
+* ``/etc/security/limits.conf``
+* ``/etc/sudoers``
+* ``/root/.ssh/authorized_keys``
 
 User access data is stored in three files in the Account directory:
 
@@ -28,3 +28,88 @@ Authentication data is read in from (static|dyn).(passwd|group) The static
 ones are for system local ones, while the dyn. versions are for external
 synchronization (from ldap/nis/etc). There is also a static.limits.conf
 that provides the limits.conf header and any static entries.
+
+Files in the Account directory:
+
+``<username>.key``
+
+    **Format**: The SSH public key for user <username>.
+
+        If the user is in the "rootlike" or "superusers" group, these
+        keys will be appended to ``/root/.ssh/auth``
+
+``useraccess``
+
+    **Format**: "user:hostname" on each line.
+
+        Describes who may login where (via PAMs
+        ``/etc/security/limits.conf``). Everybody else will be denied
+        access.(?)
+
+    **Example**:
+
+        If Alice should be able to access host "foo", Bob should access
+        "foo" and "bar"::
+
+                 alice:foo.example.com
+                 bob:foo.example.com
+                 bob:bar.example.com
+
+``rootlike``
+
+    **Format**: "user:hostname" on each line.
+
+        Describes who will be allowed root access where. The user may
+        login via public key and use sudo.
+
+    **Example**:
+
+        If Chris should be root only on host "foo"::
+
+                 chris:foo.example.com
+
+``superusers``
+
+    **Format**: usernames, separated by spaces or newlines. (Any whitespace that makes pythons split() happy.)
+
+        Describes who will be allowed root access on all hosts. The user
+        may login via public key and use sudo.
+
+    **Example**:
+
+        Daniel, Eve and Faith are global admins::
+
+                 daniel eve
+                 faith
+
+``static.passwd``, ``static.group``
+
+    **Format**: Lines from ``/etc/passwd`` or ``/etc/group``
+
+        These entries are appended to the passwd and group files
+        (in addition to the auto-generated entries from "useraccess",
+        "rootlike" and "superusers" above) without doing anything else.
+
+``dyn.passwd``, ``dyn.group``
+
+    **Format**: Lines from ``/etc/passwd`` or ``/etc/group``
+
+        Similar to "static.*" above, but for entries that are managed "on
+        the network" (yp, LDAP, ...), so it is most likely periodically
+        (re)filled.
+
+``static.limits.conf``
+
+    **Format**: Lines from ``/etc/security/limit.conf``
+
+        These limits will be appended to limits.conf (in addition to
+        the auto-generated entries from "useraccess", "rootlike" and
+        "superusers" above).
+
+``static.sudoers``
+
+    **Format**: Lines from ``/etc/sudoers``
+
+        These lines will be appended to to sudoers file (in addition
+        to the auto-generated entries from "useraccess", "rootlike" and
+        "superusers" above).