Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2006-06-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_securetty/Makefile.am: Include Make.xml.rules.
        * modules/pam_securetty/pam_securetty.8.xml: New.
        * modules/pam_securetty/pam_securetty.8: Regenerated from xml file.
        * modules/pam_securetty/README.xml: New.
        * modules/pam_securetty/README: Regenerated from xml file.

7 files changed, 321 insertions, 89 deletions

diff --git a/ChangeLog b/ChangeLog
index 1371a5f5..a0901fa1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2006-06-04  Thorsten Kukuk  <kukuk@thkukuk.de>
 
+	* modules/pam_securetty/Makefile.am: Include Make.xml.rules.
+	* modules/pam_securetty/pam_securetty.8.xml: New.
+	* modules/pam_securetty/pam_securetty.8: Regenerated from xml file.
+	* modules/pam_securetty/README.xml: New.
+	* modules/pam_securetty/README: Regenerated from xml file.
+
 	* modules/pam_rootok/Makefile.am: Include Make.xml.rules.
 	* modules/pam_rootok/pam_rootok.8.xml: New.
 	* modules/pam_rootok/pam_rootok.8: New, generated from xml file.
diff --git a/NEWS b/NEWS
index 47cd3b9e..c68e0865 100644
--- a/NEWS
+++ b/NEWS
@@ -6,7 +6,7 @@ Linux-PAM NEWS -- history of user-visible changes.
 * Add manual page for pam_mkhomedir, pam_umask, pam_filter,
   pam_issue, pam_ftp, pam_group, pam_lastlog, pam_listfile,
   pam_localuser, pam_mail, pam_motd, pam_nologin, pam_permit,
-  pam_rootok
+  pam_rootok, pam_securetty
 
 Release 0.99.4.0
 
diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am
index 1562a937..ca97ef4d 100644
--- a/modules/pam_securetty/Makefile.am
+++ b/modules/pam_securetty/Makefile.am
@@ -4,11 +4,12 @@
 
 CLEANFILES = *~
 
-EXTRA_DIST = README $(MANS) tst-pam_securetty
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty
 
 TESTS = tst-pam_securetty
 
 man_MANS = pam_securetty.8
+XMLS = README.xml pam_securetty.8.xml
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
@@ -21,3 +22,9 @@ if HAVE_VERSIONING
 endif
 
 securelib_LTLIBRARIES = pam_securetty.la
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_securetty.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_securetty/README b/modules/pam_securetty/README
index 1df095c9..d4ee5f97 100644
--- a/modules/pam_securetty/README
+++ b/modules/pam_securetty/README
@@ -1,9 +1,33 @@
-pam_securetty:
-	Allows root logins only if the user is logging in on a
-	"secure" tty, as defined by the listing in /etc/securetty
+pam_securetty — Limit root login to special devices
 
-	Also checks to make sure that /etc/securetty is a plain
-	file and not world writable.
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+pam_securetty is a PAM module that allows root logins only if the user is
+logging in on a "secure" tty, as defined by the listing in /etc/securetty.
+pam_securetty also checks to make sure that /etc/securetty is a plain file and
+not world writable.
+
+This module has no effect on non-root users and requires that the application
+fills in the PAM_TTY item correctly.
+
+For canonical usage, should be listed as a required authentication method
+before any sufficient authentication methods.
+
+OPTIONS
+
+debug
+
+    Print debug information.
+
+EXAMPLES
+
+auth  required  pam_securetty.so
+auth  required  pam_unix.so
+
+
+AUTHOR
+
+pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
 
-	- Elliot Lee <sopwith@redhat.com>, Red Hat Software.
-		July 25, 1996.
diff --git a/modules/pam_securetty/README.xml b/modules/pam_securetty/README.xml
new file mode 100644
index 00000000..a8c098a0
--- /dev/null
+++ b/modules/pam_securetty/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_securetty.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_securetty.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_securetty-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-options"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-author"]/*)'/>
+  </section>
+
+</article>
diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8
index 2364a312..f72e611f 100644
--- a/modules/pam_securetty/pam_securetty.8
+++ b/modules/pam_securetty/pam_securetty.8
@@ -1,98 +1,85 @@
-.\" Copyright (C) 2003 International Business Machines Corp.
-.\" This file is distributed according to the GNU General Public License.
-.\" See the file COPYING in the top level source directory for details.
+.\"     Title: pam_securetty
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\"      Date: 06/04/2006
+.\"    Manual: Linux\-PAM Manual
+.\"    Source: Linux\-PAM Manual
 .\"
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "PAM_SECURETTY" 8 "2003-02-21" "Linux 2.4" "System Administrator's Manual"
-.SH NAME
-pam_securetty \- Limits root to logging in on devices listed in /etc/securetty
-.SH "SYNOPSIS"
+.TH "PAM_SECURETTY" "8" "06/04/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
 .ad l
-.hy 0
-
-/usr/security/pam_securetty
-.sp
-.ad
-.hy
-
+.SH "NAME"
+pam_securetty \- Limit root login to special devices
+.SH "SYNOPSIS"
+.HP 17
+\fBpam_securetty.so\fR [debug]
 .SH "DESCRIPTION"
-
 .PP
-\fBpam_securetty\fR is a PAM module that allows root logins only if the 
-user is logging in on a "secure" tty, as defined by the listing in 
-\fI/etc/securetty\fR. 
-\fBpam_securetty\fR also checks to make sure that \fI/etc/securetty\fR 
+pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
+\fI/etc/securetty\fR. pam_securetty also checks to make sure that
+\fI/etc/securetty\fR
 is a plain file and not world writable.
-
 .PP
-This module has no effect on non-root users.
-
-.SH "OPTIONS"
+This module has no effect on non\-root users and requires that the application fills in the
+\fBPAM_TTY\fR
+item correctly.
 .PP
-\fBpam_securetty\fR has no options.
-
-.SH "RETURN CODES"
+For canonical usage, should be listed as a
+\fBrequired\fR
+authentication method before any
+\fBsufficient\fR
+authentication methods.
+.SH "OPTIONS"
+.TP 3n
+\fBdebug\fR
+Print debug information.
+.SH "MODULE SERVICES PROVIDED"
 .PP
-\fBpam_securetty\fR has the following return codes:
-.TP
+Only the
+\fBauth\fR
+service is supported.
+.SH "RETURN VALUES"
+.TP 3n
 PAM_SUCCESS
-The user is allowed to continue authentication. 
-Either the user is not root, or the root user is trying to log in on 
-an acceptable device.
-
-.TP
+The user is allowed to continue authentication. Either the user is not root, or the root user is trying to log in on an acceptable device.
+.TP 3n
 PAM_AUTH_ERR
-Authentication is rejected. 
-Either root is attempting to log in via an unacceptable device, 
-or the \fI/etc/securetty\fR file is world writable or not a normal file.
-
-.TP
+Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the
+\fI/etc/securetty\fR
+file is world writable or not a normal file.
+.TP 3n
 PAM_INCOMPLETE
-An application error occurred. \fBpam_securetty\fR was not able to get 
-information it required from the application that called it.
-
-.TP
+An application error occurred. pam_securetty was not able to get information it required from the application that called it.
+.TP 3n
 PAM_SERVICE_ERR
-An error occurred while the module was determining the user's name or tty, 
-or the module could not open \fI/etc/securetty\fR.
-
-.TP
+An error occurred while the module was determining the user's name or tty, or the module could not open
+\fI/etc/securetty\fR.
+.TP 3n
 PAM_IGNORE
-The module could not find the user name in the 
-\fI/etc/passwd\fR file to verify whether the user had a UID of 0. 
-Therefore, the results of running this module are ignored.
-
-.SH "HISTORY"
-
+The module could not find the user name in the
+\fI/etc/passwd\fR
+file to verify whether the user had a UID of 0. Therefore, the results of running this module are ignored.
+.SH "EXAMPLES"
 .PP
-\fBpam_securetty\fR was written by Elliot Lee.
-
-.SH "FILES"
-
-.PP
- \fI/etc/securetty\fR 
 
+.sp
+.RS 3n
+.nf
+auth  required  pam_securetty.so
+auth  required  pam_unix.so
+      
+.fi
+.RE
+.sp
 .SH "SEE ALSO"
-
 .PP
-\fBpam.conf\fR(8), \fBpam.d\fR(8), \fBpam\fR(8), \fBsecuretty\fR(8).
 
-.SH AUTHOR
-Emily Ratliff.
+\fBsecuretty\fR(5),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml
new file mode 100644
index 00000000..56348d78
--- /dev/null
+++ b/modules/pam_securetty/pam_securetty.8.xml
@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_securetty">
+
+  <refmeta>
+    <refentrytitle>pam_securetty</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_securetty-name">
+    <refname>pam_securetty</refname>
+    <refpurpose>Limit root login to special devices</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_securetty-cmdsynopsis">
+      <command>pam_securetty.so</command>
+      <arg choice="opt">
+        debug
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_securetty-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      pam_securetty is a PAM module that allows root logins only if the
+      user is logging in on a "secure" tty, as defined by the listing
+      in <filename>/etc/securetty</filename>. pam_securetty also checks
+      to make sure that <filename>/etc/securetty</filename> is a plain
+      file and not world writable.
+    </para>
+    <para>
+      This module has no effect on non-root users and requires that the
+      application fills in the <emphasis remap='B'>PAM_TTY</emphasis>
+      item correctly.
+    </para>
+    <para>
+      For canonical usage, should be listed as a
+      <emphasis remap='B'>required</emphasis> authentication method
+      before any <emphasis remap='B'>sufficient</emphasis>
+      authentication methods.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_securetty-options">
+    <title>OPTIONS</title>
+        <variablelist>
+      <varlistentry>
+        <term>
+          <option>debug</option>
+        </term>
+        <listitem>
+          <para>
+            Print debug information.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_securetty-services">
+    <title>MODULE SERVICES PROVIDED</title>
+    <para>
+      Only the <option>auth</option> service is supported.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_securetty-return_values'>
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+        <term>PAM_SUCCESS</term>
+        <listitem>
+          <para>
+            The user is allowed to continue authentication.
+            Either the user is not root, or the root user is
+            trying to log in on an acceptable device.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_AUTH_ERR</term>
+        <listitem>
+          <para>
+            Authentication is rejected. Either root is attempting to
+            log in via an unacceptable device, or the
+            <filename>/etc/securetty</filename> file is world writable or
+            not a normal file.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_INCOMPLETE</term>
+        <listitem>
+          <para>
+            An application error occurred. pam_securetty was not able
+            to get information it required from the application that
+            called it.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SERVICE_ERR</term>
+        <listitem>
+          <para>
+            An error occurred while the module was determining the
+            user's name or tty, or the module could not open
+            <filename>/etc/securetty</filename>.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_IGNORE</term>
+        <listitem>
+          <para>
+            The module could not find the user name in the
+            <filename>/etc/passwd</filename> file to verify whether
+            the user had a UID of 0. Therefore, the results of running
+            this module are ignored.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_securetty-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      <programlisting>
+auth  required  pam_securetty.so
+auth  required  pam_unix.so
+      </programlisting>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_securetty-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>securetty</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_securetty-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_securetty was written by Elliot Lee &lt;sopwith@cuc.edu&gt;.
+      </para>
+  </refsect1>
+
+</refentry>