docs: Fix documentation for require_membership_of of pam_winbind.conf

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 17 13:07:44 UTC 2020 on sn-devel-184

docs-xml/manpages/pam_winbind.conf.5.xml

@@ -69,9 +69,12 @@
 		If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
 		can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
 		SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
-		<parameter>MYDOMAIN\myuser</parameter>.  pam_winbind will, in that case, lookup the SID internally. Note that
-		NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
-		user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default.
+		<parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+		<parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+		<parameter>user@REALM</parameter> or <parameter>group@REALM</parameter>. pam_winbind will, in that case, lookup
+		the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+		verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
+		This setting is empty by default.
 		</para>
 		<para>This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login).</para>
 		</listitem>