aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam Hartman <hartmans@debian.org>2025-01-14 15:52:15 -0700
committerSam Hartman <hartmans@debian.org>2025-01-14 15:52:15 -0700
commit4b5550d19d33e748a144700bb7f105e588bae29c (patch)
treea97cea59e7487d46e5e9beab6f9f616dc2b4853c
parent4ff277973391ae6879656bb534665e3a4f1f1a1a (diff)
downloadpam-4b5550d19d33e748a144700bb7f105e588bae29c.tar.gz
pam-4b5550d19d33e748a144700bb7f105e588bae29c.tar.bz2
pam-4b5550d19d33e748a144700bb7f105e588bae29c.zip
Rebuild patches
-rw-r--r--debian/patches/0003-pam_unix-obscure-checks.patch190
-rw-r--r--debian/patches/0018-Libpam-is-both-shared-and-static.patch21
-rw-r--r--debian/patches/008_modules_pam_limits_chroot52
-rw-r--r--debian/patches/022_pam_unix_group_time_miscfixes4
-rw-r--r--debian/patches/026_pam_unix_passwd_unknown_user38
-rw-r--r--debian/patches/027_pam_limits_better_init_allow_explicit_root65
-rw-r--r--debian/patches/031_pam_include20
-rw-r--r--debian/patches/032_pam_limits_EPERM_NOT_FATAL4
-rw-r--r--debian/patches/036_pam_wheel_getlogin_considered_harmful22
-rw-r--r--debian/patches/040_pam_limits_log_failure4
-rw-r--r--debian/patches/045_pam_dispatch_jump_is_ignore2
-rw-r--r--debian/patches/PAM-manpage-section1855
-rw-r--r--debian/patches/fix-autoreconf.patch27
-rw-r--r--debian/patches/ftbfs-implicit-function-declaration23
-rw-r--r--debian/patches/lib_security_multiarch_compat24
-rw-r--r--debian/patches/make_documentation_reproducible.patch68
-rw-r--r--debian/patches/no_PATH_MAX_on_hurd28
-rw-r--r--debian/patches/nullok_secure-compat.patch6
-rw-r--r--debian/patches/pam-limits-nofile-fd-setsize-cap8
-rw-r--r--debian/patches/pam_mkhomedir_stat_before_opendir10
-rw-r--r--debian/patches/pam_namespace_o_directory58
-rw-r--r--debian/patches/pam_unix_dont_trust_chkpwd_caller.patch32
-rw-r--r--debian/patches/series7
-rw-r--r--debian/patches/update-motd51
24 files changed, 687 insertions, 1932 deletions
diff --git a/debian/patches/0003-pam_unix-obscure-checks.patch b/debian/patches/0003-pam_unix-obscure-checks.patch
index 12651a0b..e14d7af3 100644
--- a/debian/patches/0003-pam_unix-obscure-checks.patch
+++ b/debian/patches/0003-pam_unix-obscure-checks.patch
@@ -3,85 +3,33 @@ Date: Mon, 11 Sep 2023 14:00:42 -0600
Subject: pam_unix: obscure checks
* Bring in the obscure checks that used to live in shadow so we can still support them
-
-* Set default minimum password length to 6
---
- modules/pam_unix/Makefile.am | 2 +-
- modules/pam_unix/README | 36 ++++++-
- modules/pam_unix/obscure.c | 198 +++++++++++++++++++++++++++++++++++++
- modules/pam_unix/pam_unix.8 | 33 ++++++-
- modules/pam_unix/pam_unix.8.xml | 77 ++++++++++++++-
+ modules/module-meson.build | 1 +
+ modules/pam_unix/obscure.c | 199 +++++++++++++++++++++++++++++++++++++
+ modules/pam_unix/pam_unix.8.xml | 75 +++++++++++++-
modules/pam_unix/pam_unix_passwd.c | 10 +-
- modules/pam_unix/support.h | 78 ++++++++-------
- 7 files changed, 389 insertions(+), 45 deletions(-)
+ modules/pam_unix/support.h | 79 ++++++++-------
+ 5 files changed, 324 insertions(+), 40 deletions(-)
create mode 100644 modules/pam_unix/obscure.c
-diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am
-index a1dfe44..ddba63c 100644
---- a/modules/pam_unix/Makefile.am
-+++ b/modules/pam_unix/Makefile.am
-@@ -43,7 +43,7 @@ noinst_PROGRAMS = bigcrypt
-
- pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
- pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
-- passverify.c md5_good.c md5_broken.c
-+ passverify.c md5_good.c md5_broken.c obscure.c
- if HAVE_NIS
- pam_unix_la_SOURCES += yppasswd_xdr.c
- endif
-diff --git a/modules/pam_unix/README b/modules/pam_unix/README
-index 67a2d21..be11095 100644
---- a/modules/pam_unix/README
-+++ b/modules/pam_unix/README
-@@ -171,8 +171,40 @@ broken_shadow
-
- minlen=n
-
-- Set a minimum password length of n characters. The max. for DES crypt based
-- passwords are 8 characters.
-+ Set a minimum password length of n characters. The default value is 6. The
-+ maximum for DES crypt-based passwords is 8 characters.
-+
-+obscure
-+
-+ Enable some extra checks on password strength. These checks are based on
-+ the "obscure" checks in the original shadow package. The behavior is
-+ similar to the pam_cracklib module, but for non-dictionary-based checks.
-+ The following checks are implemented:
-+
-+ Palindrome
-+
-+ Verifies that the new password is not a palindrome of (i.e., the
-+ reverse of) the previous one.
-+
-+ Case Change Only
-+
-+ Verifies that the new password isn't the same as the old one with a
-+ change of case.
-+
-+ Similar
-+
-+ Verifies that the new password isn't too much like the previous one.
-+
-+ Simple
-+
-+ Is the new password too simple? This is based on the length of the
-+ password and the number of different types of characters (alpha,
-+ numeric, etc.) used.
-+
-+ Rotated
-+
-+ Is the new password a rotated version of the old password? (E.g.,
-+ "billy" and "illyb")
-
- no_pass_expiry
-
+diff --git a/modules/module-meson.build b/modules/module-meson.build
+index d55dad2..edf9d57 100644
+--- a/modules/module-meson.build
++++ b/modules/module-meson.build
+@@ -106,6 +106,7 @@ if module == 'pam_unix'
+ 'pam_unix_auth.c',
+ 'pam_unix_passwd.c',
+ 'pam_unix_sess.c',
++ 'obscure.c',
+ 'support.c',
+ 'passverify.c',
+ 'md5_good.c',
diff --git a/modules/pam_unix/obscure.c b/modules/pam_unix/obscure.c
new file mode 100644
-index 0000000..2ffac92
+index 0000000..9dbbe6e
--- /dev/null
+++ b/modules/pam_unix/obscure.c
-@@ -0,0 +1,198 @@
+@@ -0,0 +1,199 @@
+/*
+ * Copyright 1989 - 1994, Julianne Frances Haugh
+ * All rights reserved.
@@ -123,6 +71,7 @@ index 0000000..2ffac92
+#include <security/_pam_macros.h>
+
+
++#include "pam_i18n.h"
+#include "support.h"
+
+/* can't be a palindrome - like `R A D A R' or `M A D A M' */
@@ -280,65 +229,14 @@ index 0000000..2ffac92
+
+ return msg;
+}
-diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
-index 438717f..6f5f19b 100644
---- a/modules/pam_unix/pam_unix.8
-+++ b/modules/pam_unix/pam_unix.8
-@@ -216,7 +216,38 @@ minlen=n
- .RS 4
- Set a minimum password length of
- \fIn\fR
--characters\&. The max\&. for DES crypt based passwords are 8 characters\&.
-+characters\&. The default value is 6\&. The maximum for DES crypt\-based passwords is 8 characters\&.
-+.RE
-+.PP
-+\fBobscure\fR
-+.RS 4
-+Enable some extra checks on password strength\&. These checks are based on the "obscure" checks in the original shadow package\&. The behavior is similar to the pam_cracklib module, but for non\-dictionary\-based checks\&. The following checks are implemented:
-+.PP
-+\fBPalindrome\fR
-+.RS 4
-+Verifies that the new password is not a palindrome of (i\&.e\&., the reverse of) the previous one\&.
-+.RE
-+.PP
-+\fBCase Change Only\fR
-+.RS 4
-+Verifies that the new password isn\*(Aqt the same as the old one with a change of case\&.
-+.RE
-+.PP
-+\fBSimilar\fR
-+.RS 4
-+Verifies that the new password isn\*(Aqt too much like the previous one\&.
-+.RE
-+.PP
-+\fBSimple\fR
-+.RS 4
-+Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc\&.) used\&.
-+.RE
-+.PP
-+\fBRotated\fR
-+.RS 4
-+Is the new password a rotated version of the old password? (E\&.g\&., "billy" and "illyb")
-+.RE
-+.sp
- .RE
- .PP
- no_pass_expiry
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
-index dfc0427..4e63a49 100644
+index d2cd198..d02320b 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
-@@ -397,8 +397,81 @@
- <listitem>
- <para>
- Set a minimum password length of <replaceable>n</replaceable>
-- characters. The max. for DES crypt based passwords are 8
-- characters.
-+ characters. The default value is 6. The maximum for DES
-+ crypt-based passwords is 8 characters.
-+ </para>
-+ </listitem>
-+ </varlistentry>
+@@ -402,6 +402,79 @@
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>obscure</option>
@@ -409,14 +307,24 @@ index dfc0427..4e63a49 100644
+ </listitem>
+ </varlistentry>
+ </variablelist>
- </para>
- </listitem>
- </varlistentry>
++ </para>
++ </listitem>
++ </varlistentry>
+ <varlistentry>
+ <term>
+ no_pass_expiry
+@@ -495,4 +568,4 @@ session required pam_unix.so
+ </para>
+ </refsect1>
+
+-</refentry>
+\ No newline at end of file
++</refentry>
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
-index c341741..652f3c5 100644
+index 4a3784a..ea941fe 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
-@@ -86,6 +86,9 @@ extern int getrpcport(const char *host, unsigned long prognum,
+@@ -87,6 +87,9 @@ extern int getrpcport(const char *host, unsigned long prognum,
# endif /* GNU libc 2.1 */
#endif
@@ -426,7 +334,7 @@ index c341741..652f3c5 100644
/*
How it works:
Gets in username (has to be done) from the calling program
-@@ -584,6 +587,11 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
+@@ -588,6 +591,11 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
return retval;
}
}
@@ -438,20 +346,28 @@ index c341741..652f3c5 100644
}
if (remark) {
_make_remark(pamh, ctrl, PAM_ERROR_MSG, remark);
-@@ -599,7 +607,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
+@@ -603,7 +611,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
int retval;
int remember = -1;
int rounds = 0;
- int pass_min_len = 0;
+ int pass_min_len = 6;
+ struct passwd *pwd;
/* <DO NOT free() THESE> */
- const char *user;
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
-index 8105400..91e7478 100644
+index e8f629d..425ff66 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
-@@ -101,50 +101,52 @@ typedef struct {
+@@ -6,6 +6,7 @@
+ #define _PAM_UNIX_SUPPORT_H
+
+ #include <pwd.h>
++#include "pam_inline.h"
+
+ /*
+ * File to read value of ENCRYPT_METHOD from.
+@@ -101,50 +102,52 @@ typedef struct {
#define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */
#define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */
#define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */
diff --git a/debian/patches/0018-Libpam-is-both-shared-and-static.patch b/debian/patches/0018-Libpam-is-both-shared-and-static.patch
new file mode 100644
index 00000000..c50cffee
--- /dev/null
+++ b/debian/patches/0018-Libpam-is-both-shared-and-static.patch
@@ -0,0 +1,21 @@
+From: Sam Hartman <hartmans@debian.org>
+Date: Tue, 14 Jan 2025 15:04:41 -0700
+Subject: Libpam is both shared and static
+
+---
+ libpam/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libpam/meson.build b/libpam/meson.build
+index 3e8a531..95a6054 100644
+--- a/libpam/meson.build
++++ b/libpam/meson.build
+@@ -43,7 +43,7 @@ libpam_map_path = meson.current_source_dir() / libpam_map
+ libpam_link_deps = [libpam_map]
+ libpam_link_args = ['-Wl,--version-script=' + libpam_map_path]
+
+-libpam = shared_library(
++libpam = both_libraries(
+ 'pam',
+ sources: libpam_src,
+ include_directories: [libpam_inc],
diff --git a/debian/patches/008_modules_pam_limits_chroot b/debian/patches/008_modules_pam_limits_chroot
index 5466536f..e25debec 100644
--- a/debian/patches/008_modules_pam_limits_chroot
+++ b/debian/patches/008_modules_pam_limits_chroot
@@ -5,10 +5,9 @@ Subject: _modules_pam_limits_chroot
===================================================================
---
modules/pam_limits/limits.conf | 2 ++
- modules/pam_limits/limits.conf.5 | 5 +++++
modules/pam_limits/limits.conf.5.xml | 6 ++++++
- modules/pam_limits/pam_limits.c | 25 ++++++++++++++++++++++---
- 4 files changed, 35 insertions(+), 3 deletions(-)
+ modules/pam_limits/pam_limits.c | 26 ++++++++++++++++++++++----
+ 3 files changed, 30 insertions(+), 4 deletions(-)
diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf
index c6b058a..6b3865c 100644
@@ -30,24 +29,8 @@ index c6b058a..6b3865c 100644
#@student - maxlogins 4
# End of file
-diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5
-index 32c4b2f..ce0ca35 100644
---- a/modules/pam_limits/limits.conf.5
-+++ b/modules/pam_limits/limits.conf.5
-@@ -283,6 +283,11 @@ rtprio
- .RS 4
- maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher)
- .RE
-+.PP
-+\fBchroot\fR
-+.RS 4
-+the directory to chroot the user to
-+.RE
- .RE
- .PP
- All items support the values
diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml
-index 9f2662a..f6f7d87 100644
+index 803cb4e..348758a 100644
--- a/modules/pam_limits/limits.conf.5.xml
+++ b/modules/pam_limits/limits.conf.5.xml
@@ -271,6 +271,12 @@
@@ -64,10 +47,10 @@ index 9f2662a..f6f7d87 100644
</listitem>
</varlistentry>
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
-index 746c441..529d2fc 100644
+index be0b637..5c9cdc8 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
-@@ -104,6 +104,7 @@ struct pam_limit_s {
+@@ -109,6 +109,7 @@ struct pam_limit_s {
specific user or to count all logins */
int priority; /* the priority to run user process with */
int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */
@@ -75,24 +58,27 @@ index 746c441..529d2fc 100644
struct user_limits_struct limits[RLIM_NLIMITS];
const char *conf_file;
int utmp_after_pam_call;
-@@ -115,6 +116,7 @@ struct pam_limit_s {
+@@ -117,9 +118,9 @@ struct pam_limit_s {
- #define LIMIT_PRI RLIM_NLIMITS+3
- #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4
-+#define LIMIT_CHROOT RLIM_NLIMITS+5
+ #define LIMIT_LOGIN (RLIM_NLIMITS+1)
+ #define LIMIT_NUMSYSLOGINS (RLIM_NLIMITS+2)
+-
+ #define LIMIT_PRI (RLIM_NLIMITS+3)
+ #define LIMIT_NONEWPRIVS (RLIM_NLIMITS+4)
++#define LIMIT_CHROOT (RLIM_NLIMITS+5)
#define LIMIT_SOFT 1
#define LIMIT_HARD 2
-@@ -570,6 +572,8 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
- pl->login_limit = -2;
+@@ -652,6 +653,8 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
pl->login_limit_def = LIMITS_DEF_NONE;
+ pl->login_group = NULL;
+ pl->chroot_dir[0] = '\0';
+
return retval;
}
-@@ -677,6 +681,8 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
+@@ -762,6 +765,8 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
limit_item = LIMIT_PRI;
} else if (strcmp(lim_item, "nonewprivs") == 0) {
limit_item = LIMIT_NONEWPRIVS;
@@ -101,7 +87,7 @@ index 746c441..529d2fc 100644
} else {
pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item);
return;
-@@ -726,9 +732,9 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
+@@ -811,9 +816,9 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
pam_syslog(pamh, LOG_DEBUG,
"wrong limit value '%s' for limit type '%s'",
lim_value, lim_type);
@@ -113,7 +99,7 @@ index 746c441..529d2fc 100644
#ifdef __USE_FILE_OFFSET64
rlimit_value = strtoull (lim_value, &endptr, 10);
#else
-@@ -803,7 +809,11 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
+@@ -888,7 +893,11 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
break;
}
@@ -126,8 +112,8 @@ index 746c441..529d2fc 100644
&& (limit_item != LIMIT_NUMSYSLOGINS)
&& (limit_item != LIMIT_PRI)
&& (limit_item != LIMIT_NONEWPRIVS) ) {
-@@ -1163,6 +1173,15 @@ static int setup_limits(pam_handle_t *pamh,
- }
+@@ -1306,6 +1315,15 @@ static int setup_limits(pam_handle_t *pamh,
+ #endif
}
+ if (!retval && pl->chroot_dir[0]) {
diff --git a/debian/patches/022_pam_unix_group_time_miscfixes b/debian/patches/022_pam_unix_group_time_miscfixes
index 1c8c3b67..922778a7 100644
--- a/debian/patches/022_pam_unix_group_time_miscfixes
+++ b/debian/patches/022_pam_unix_group_time_miscfixes
@@ -9,10 +9,10 @@ http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
-index 6877849..7d11f59 100644
+index 21c04d7..7d89dd0 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
-@@ -773,9 +773,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
+@@ -772,9 +772,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
unsigned setting;
/* only interested in establishing credentials */
diff --git a/debian/patches/026_pam_unix_passwd_unknown_user b/debian/patches/026_pam_unix_passwd_unknown_user
deleted file mode 100644
index 45967e1d..00000000
--- a/debian/patches/026_pam_unix_passwd_unknown_user
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Martin Schwenke <martin@meltin.net>
-Date: Mon, 11 Sep 2023 14:00:42 -0600
-Subject: distinguish between password manipulation failure and missing user.
-
----
- modules/pam_unix/passverify.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
-index 81b10d8..7ff8bf0 100644
---- a/modules/pam_unix/passverify.c
-+++ b/modules/pam_unix/passverify.c
-@@ -804,7 +804,7 @@ PAMH_ARG_DECL(int unix_update_passwd,
- struct passwd *tmpent = NULL;
- struct stat st;
- FILE *pwfile, *opwfile;
-- int err = 1;
-+ int err = 1, found = 0;
- int oldmask;
- #ifdef WITH_SELINUX
- char *prev_context_raw = NULL;
-@@ -875,6 +875,7 @@ PAMH_ARG_DECL(int unix_update_passwd,
-
- tmpent->pw_passwd = assigned_passwd.charp;
- err = 0;
-+ found = 1;
- }
- if (putpwent(tmpent, pwfile)) {
- D(("error writing entry to password file: %m"));
-@@ -917,7 +918,7 @@ done:
- return PAM_SUCCESS;
- } else {
- unlink(PW_TMPFILE);
-- return PAM_AUTHTOK_ERR;
-+ return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN;
- }
- }
-
diff --git a/debian/patches/027_pam_limits_better_init_allow_explicit_root b/debian/patches/027_pam_limits_better_init_allow_explicit_root
index 7d0fdded..a0975548 100644
--- a/debian/patches/027_pam_limits_better_init_allow_explicit_root
+++ b/debian/patches/027_pam_limits_better_init_allow_explicit_root
@@ -16,25 +16,11 @@ Also, don't apply wildcard limits to the root account; only apply limits to
root that reference root by name.
===================================================================
---
- modules/pam_limits/README | 1 +
modules/pam_limits/limits.conf | 4 ++
- modules/pam_limits/limits.conf.5 | 5 ++
modules/pam_limits/limits.conf.5.xml | 6 +++
modules/pam_limits/pam_limits.c | 89 ++++++++++++++++++++++++++++++++----
- 5 files changed, 96 insertions(+), 9 deletions(-)
+ 3 files changed, 90 insertions(+), 9 deletions(-)
-diff --git a/modules/pam_limits/README b/modules/pam_limits/README
-index 98264b9..dc560ef 100644
---- a/modules/pam_limits/README
-+++ b/modules/pam_limits/README
-@@ -68,6 +68,7 @@ These are some example lines which might be specified in /etc/security/
- limits.conf.
-
- * soft core 0
-+root hard core 100000
- * hard nofile 512
- @student hard nproc 20
- @faculty soft nproc 20
diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf
index e8a746c..c6b058a 100644
--- a/modules/pam_limits/limits.conf
@@ -57,31 +43,8 @@ index e8a746c..c6b058a 100644
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
-diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5
-index 25f4459..32c4b2f 100644
---- a/modules/pam_limits/limits.conf.5
-+++ b/modules/pam_limits/limits.conf.5
-@@ -145,6 +145,10 @@ a gid specified as
- \fB%:\fR\fI<gid>\fR
- applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&.
- .RE
-+.sp
-+\fBNOTE:\fR
-+group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username
-+\fBroot\fR\&.
- .RE
- .PP
- <type>
-@@ -322,6 +326,7 @@ These are some example lines which might be specified in
- .\}
- .nf
- * soft core 0
-+root hard core 100000
- * hard nofile 512
- @student hard nproc 20
- @faculty soft nproc 20
diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml
-index 2177da1..9f2662a 100644
+index dd8d68b..803cb4e 100644
--- a/modules/pam_limits/limits.conf.5.xml
+++ b/modules/pam_limits/limits.conf.5.xml
@@ -89,6 +89,11 @@
@@ -105,10 +68,10 @@ index 2177da1..9f2662a 100644
@student hard nproc 20
@faculty soft nproc 20
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
-index 87bb4b7..adda08b 100644
+index 1e4dfa3..7e2d93d 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
-@@ -47,10 +47,19 @@
+@@ -54,10 +54,19 @@
#include <libaudit.h>
#endif
@@ -126,9 +89,9 @@ index 87bb4b7..adda08b 100644
+#endif
+
/* Module defines */
- #define LINE_LENGTH 1024
-
-@@ -88,6 +97,7 @@ struct user_limits_struct {
+ #define LIMITS_DEF_USER 0 /* limit was set by a user entry */
+ #define LIMITS_DEF_GROUP 1 /* limit was set by a group entry */
+@@ -93,6 +102,7 @@ struct user_limits_struct {
/* internal data */
struct pam_limit_s {
@@ -136,7 +99,7 @@ index 87bb4b7..adda08b 100644
int login_limit; /* the max logins limit */
int login_limit_def; /* which entry set the login limit */
int flag_numsyslogins; /* whether to limit logins only for a
-@@ -455,9 +465,18 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
+@@ -536,9 +546,18 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
{
int i;
int retval = PAM_SUCCESS;
@@ -155,7 +118,7 @@ index 87bb4b7..adda08b 100644
for(i = 0; i < RLIM_NLIMITS; i++) {
int r = getrlimit(i, &pl->limits[i].limit);
if (r == -1) {
-@@ -473,18 +492,68 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
+@@ -554,18 +573,68 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
}
#ifdef __linux__
@@ -230,16 +193,16 @@ index 87bb4b7..adda08b 100644
errno = 0;
pl->priority = getpriority (PRIO_PROCESS, 0);
-@@ -885,7 +954,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
+@@ -1020,7 +1089,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
- if (strcmp(uname, domain) == 0) /* this user have a limit */
+ if (strcmp(uname, domain) == 0) /* this user has a limit */
process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl);
- else if (domain[0]=='@') {
+ else if (domain[0]=='@' && !pl->root) {
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG,
"checking if %s is in group %s",
-@@ -911,7 +980,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
+@@ -1046,7 +1115,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl,
pl);
}
@@ -248,7 +211,7 @@ index 87bb4b7..adda08b 100644
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG,
"checking if %s is in group %s",
-@@ -945,7 +1014,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
+@@ -1081,7 +1150,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
} else {
switch(rngtype) {
case LIMIT_RANGE_NONE:
@@ -257,7 +220,7 @@ index 87bb4b7..adda08b 100644
process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl,
pl);
break;
-@@ -1228,6 +1297,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
+@@ -1372,6 +1441,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
return PAM_ABORT;
}
diff --git a/debian/patches/031_pam_include b/debian/patches/031_pam_include
index 5b632e2a..1a91c325 100644
--- a/debian/patches/031_pam_include
+++ b/debian/patches/031_pam_include
@@ -6,16 +6,18 @@ Patch to implement an @include directive for use in pam.d config files.
Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
+Updated for pam 1.7.0 by Sam Hartman <hartmans@debian.org>
+
Upstream status: not yet submitted
---
libpam/pam_handlers.c | 36 ++++++++++++++++++++++++++++++++----
1 file changed, 32 insertions(+), 4 deletions(-)
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
-index 1f1917b..c7045d2 100644
+index 7fd6ce8..1df5e40 100644
--- a/libpam/pam_handlers.c
+++ b/libpam/pam_handlers.c
-@@ -123,6 +123,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
+@@ -127,6 +127,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
module_type = PAM_T_ACCT;
} else if (!strcasecmp("password", tok)) {
module_type = PAM_T_PASS;
@@ -25,27 +27,27 @@ index 1f1917b..c7045d2 100644
+ goto parsing_done;
} else {
/* Illegal module type */
- D(("_pam_init_handlers: bad module type: %s", tok));
-@@ -193,8 +197,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
+ D(("bad module type: %s", tok));
+@@ -197,8 +201,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
_pam_set_default_control(actions, _PAM_ACTION_BAD);
}
+parsing_done:
- tok = _pam_StrTok(NULL, " \n\t", &nexttok);
+ tok = _pam_tokenize(NULL, &nexttok);
if (pam_include) {
+ struct stat include_dir;
if (substack) {
res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other,
stack_level, module_type, actions, tok,
-@@ -205,13 +211,35 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
+@@ -209,13 +215,35 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
return PAM_ABORT;
}
}
- if (_pam_load_conf_file(pamh, tok, this_service, module_type,
-- stack_level + substack
+- include_level + 1, stack_level + substack
+ if (tok[0] == '/') {
+ if (_pam_load_conf_file(pamh, tok, this_service,
-+ module_type, stack_level + substack
++ module_type, include_level+1, stack_level + substack
+#ifdef PAM_READ_BOTH_CONFS
+ , !other
+#endif /* PAM_READ_BOTH_CONFS */
@@ -61,7 +63,7 @@ index 1f1917b..c7045d2 100644
+ return PAM_ABORT;
+ }
+ if (_pam_load_conf_file(pamh, include_file, this_service,
-+ module_type, stack_level + substack
++ module_type, include_level+1, stack_level + substack
#ifdef PAM_READ_BOTH_CONFS
, !other
#endif /* PAM_READ_BOTH_CONFS */
diff --git a/debian/patches/032_pam_limits_EPERM_NOT_FATAL b/debian/patches/032_pam_limits_EPERM_NOT_FATAL
index 62656746..e4d35418 100644
--- a/debian/patches/032_pam_limits_EPERM_NOT_FATAL
+++ b/debian/patches/032_pam_limits_EPERM_NOT_FATAL
@@ -15,10 +15,10 @@ Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net>
1 file changed, 2 insertions(+)
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
-index a58d424..746c441 100644
+index 2603028..be0b637 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
-@@ -1124,6 +1124,8 @@ static int setup_limits(pam_handle_t *pamh,
+@@ -1263,6 +1263,8 @@ static int setup_limits(pam_handle_t *pamh,
if (res != 0)
pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m",
rlimit2str(i));
diff --git a/debian/patches/036_pam_wheel_getlogin_considered_harmful b/debian/patches/036_pam_wheel_getlogin_considered_harmful
index 43979153..0983f23d 100644
--- a/debian/patches/036_pam_wheel_getlogin_considered_harmful
+++ b/debian/patches/036_pam_wheel_getlogin_considered_harmful
@@ -12,28 +12,10 @@ Authors: Ben Collins <bcollins@debian.org>
Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net>
---
- modules/pam_wheel/README | 6 ------
modules/pam_wheel/pam_wheel.8.xml | 17 +--------------
modules/pam_wheel/pam_wheel.c | 45 ++++++++-------------------------------
- 3 files changed, 10 insertions(+), 58 deletions(-)
+ 2 files changed, 10 insertions(+), 52 deletions(-)
-diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README
-index 5dae4b6..ec9e7d7 100644
---- a/modules/pam_wheel/README
-+++ b/modules/pam_wheel/README
-@@ -39,12 +39,6 @@ trust
- modules the wheel members may be able to su to root without being prompted
- for a passwd).
-
--use_uid
--
-- The check will be done against the real uid of the calling process, instead
-- of trying to obtain the user from the login session associated with the
-- terminal in use.
--
- EXAMPLES
-
- The root account gains access by default (rootok), only wheel members can
diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml
index af0fd61..b42e27d 100644
--- a/modules/pam_wheel/pam_wheel.8.xml
@@ -75,7 +57,7 @@ index af0fd61..b42e27d 100644
\ No newline at end of file
+</refentry>
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
-index 179f56b..5eb7b82 100644
+index dd047af..93000ce 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -47,9 +47,8 @@
diff --git a/debian/patches/040_pam_limits_log_failure b/debian/patches/040_pam_limits_log_failure
index acb79450..c0848c27 100644
--- a/debian/patches/040_pam_limits_log_failure
+++ b/debian/patches/040_pam_limits_log_failure
@@ -15,10 +15,10 @@ Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net>
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
-index 529d2fc..da83b70 100644
+index 5c9cdc8..47f59ef 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
-@@ -1131,9 +1131,19 @@ static int setup_limits(pam_handle_t *pamh,
+@@ -1269,9 +1269,19 @@ static int setup_limits(pam_handle_t *pamh,
if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max)
pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max;
res = setrlimit(i, &pl->limits[i].limit);
diff --git a/debian/patches/045_pam_dispatch_jump_is_ignore b/debian/patches/045_pam_dispatch_jump_is_ignore
index af08a9e4..fb0f780f 100644
--- a/debian/patches/045_pam_dispatch_jump_is_ignore
+++ b/debian/patches/045_pam_dispatch_jump_is_ignore
@@ -11,7 +11,7 @@ to be consistent.
1 file changed, 1 insertion(+), 16 deletions(-)
diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c
-index 974104a..15cad01 100644
+index 3a1d59e..b341774 100644
--- a/libpam/pam_dispatch.c
+++ b/libpam/pam_dispatch.c
@@ -260,22 +260,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
diff --git a/debian/patches/PAM-manpage-section b/debian/patches/PAM-manpage-section
index 705ce58e..944a91cd 100644
--- a/debian/patches/PAM-manpage-section
+++ b/debian/patches/PAM-manpage-section
@@ -9,508 +9,91 @@ Authors: Steve Langasek <vorlon@debian.org>
Upstream status: maybe provide a backwards-compatibility link first?
---
- doc/man/Makefile.am | 5 +-
- doc/man/Makefile.in | 58 +++++-----
- doc/man/PAM.7 | 138 ++++++++++++++++++++++++
- doc/man/misc_conv.3 | 2 +-
+ doc/man/meson.build | 2 +-
doc/man/misc_conv.3.xml | 2 +-
- doc/man/pam.7 | 1 +
- doc/man/pam.8.xml | 2 +-
- doc/man/pam_acct_mgmt.3 | 2 +-
+ doc/man/pam.7.xml | 212 ++++++++++++++++++++++++
+ doc/man/pam.8.xml | 212 ------------------------
doc/man/pam_acct_mgmt.3.xml | 2 +-
- doc/man/pam_authenticate.3 | 2 +-
doc/man/pam_authenticate.3.xml | 2 +-
- doc/man/pam_chauthtok.3 | 2 +-
doc/man/pam_chauthtok.3.xml | 2 +-
- doc/man/pam_conv.3 | 2 +-
doc/man/pam_conv.3.xml | 2 +-
- doc/man/pam_error.3 | 2 +-
doc/man/pam_error.3.xml | 2 +-
- doc/man/pam_get_authtok.3 | 2 +-
doc/man/pam_get_authtok.3.xml | 2 +-
- doc/man/pam_get_item.3 | 4 +-
- doc/man/pam_getenv.3 | 2 +-
doc/man/pam_getenv.3.xml | 2 +-
- doc/man/pam_getenvlist.3 | 2 +-
doc/man/pam_getenvlist.3.xml | 2 +-
- doc/man/pam_info.3 | 2 +-
doc/man/pam_info.3.xml | 2 +-
- doc/man/pam_misc_drop_env.3 | 2 +-
doc/man/pam_misc_drop_env.3.xml | 2 +-
- doc/man/pam_misc_paste_env.3 | 2 +-
doc/man/pam_misc_paste_env.3.xml | 2 +-
- doc/man/pam_misc_setenv.3 | 2 +-
doc/man/pam_misc_setenv.3.xml | 2 +-
- doc/man/pam_prompt.3 | 6 +-
doc/man/pam_prompt.3.xml | 2 +-
- doc/man/pam_putenv.3 | 2 +-
doc/man/pam_putenv.3.xml | 2 +-
- doc/man/pam_strerror.3 | 2 +-
doc/man/pam_strerror.3.xml | 2 +-
- doc/man/pam_syslog.3 | 2 +-
doc/man/pam_syslog.3.xml | 2 +-
- modules/pam_access/access.conf.5 | 2 +-
modules/pam_access/access.conf.5.xml | 2 +-
- modules/pam_access/pam_access.8 | 2 +-
modules/pam_access/pam_access.8.xml | 2 +-
- modules/pam_debug/pam_debug.8 | 2 +-
modules/pam_debug/pam_debug.8.xml | 2 +-
- modules/pam_deny/pam_deny.8 | 2 +-
modules/pam_deny/pam_deny.8.xml | 2 +-
- modules/pam_echo/pam_echo.8 | 2 +-
modules/pam_echo/pam_echo.8.xml | 2 +-
- modules/pam_env/pam_env.8 | 6 +-
modules/pam_env/pam_env.8.xml | 2 +-
- modules/pam_env/pam_env.conf.5 | 2 +-
modules/pam_env/pam_env.conf.5.xml | 2 +-
- modules/pam_exec/pam_exec.8 | 2 +-
modules/pam_exec/pam_exec.8.xml | 2 +-
- modules/pam_faildelay/pam_faildelay.8 | 2 +-
modules/pam_faildelay/pam_faildelay.8.xml | 2 +-
- modules/pam_filter/pam_filter.8 | 2 +-
modules/pam_filter/pam_filter.8.xml | 2 +-
- modules/pam_ftp/pam_ftp.8 | 2 +-
modules/pam_ftp/pam_ftp.8.xml | 2 +-
- modules/pam_group/group.conf.5 | 2 +-
modules/pam_group/group.conf.5.xml | 2 +-
- modules/pam_group/pam_group.8 | 2 +-
modules/pam_group/pam_group.8.xml | 2 +-
- modules/pam_issue/pam_issue.8 | 2 +-
modules/pam_issue/pam_issue.8.xml | 2 +-
- modules/pam_keyinit/pam_keyinit.8 | 2 +-
modules/pam_keyinit/pam_keyinit.8.xml | 2 +-
- modules/pam_lastlog/pam_lastlog.8 | 2 +-
modules/pam_lastlog/pam_lastlog.8.xml | 2 +-
- modules/pam_limits/limits.conf.5 | 2 +-
modules/pam_limits/limits.conf.5.xml | 2 +-
- modules/pam_limits/pam_limits.8 | 2 +-
modules/pam_limits/pam_limits.8.xml | 2 +-
- modules/pam_listfile/pam_listfile.8 | 2 +-
modules/pam_listfile/pam_listfile.8.xml | 2 +-
- modules/pam_localuser/pam_localuser.8 | 2 +-
modules/pam_localuser/pam_localuser.8.xml | 2 +-
- modules/pam_loginuid/pam_loginuid.8 | 2 +-
modules/pam_loginuid/pam_loginuid.8.xml | 2 +-
- modules/pam_mail/pam_mail.8 | 2 +-
modules/pam_mail/pam_mail.8.xml | 2 +-
- modules/pam_mkhomedir/pam_mkhomedir.8 | 2 +-
modules/pam_mkhomedir/pam_mkhomedir.8.xml | 2 +-
- modules/pam_motd/pam_motd.8 | 2 +-
modules/pam_motd/pam_motd.8.xml | 2 +-
- modules/pam_namespace/namespace.conf.5 | 2 +-
modules/pam_namespace/namespace.conf.5.xml | 2 +-
- modules/pam_namespace/pam_namespace.8 | 2 +-
modules/pam_namespace/pam_namespace.8.xml | 2 +-
- modules/pam_nologin/pam_nologin.8 | 2 +-
modules/pam_nologin/pam_nologin.8.xml | 2 +-
- modules/pam_permit/pam_permit.8 | 2 +-
modules/pam_permit/pam_permit.8.xml | 2 +-
- modules/pam_pwhistory/pam_pwhistory.8 | 2 +-
modules/pam_pwhistory/pam_pwhistory.8.xml | 2 +-
- modules/pam_rhosts/pam_rhosts.8 | 2 +-
modules/pam_rhosts/pam_rhosts.8.xml | 2 +-
- modules/pam_rootok/pam_rootok.8 | 2 +-
modules/pam_rootok/pam_rootok.8.xml | 2 +-
- modules/pam_securetty/pam_securetty.8 | 2 +-
modules/pam_securetty/pam_securetty.8.xml | 2 +-
- modules/pam_selinux/pam_selinux.8 | 6 +-
modules/pam_selinux/pam_selinux.8.xml | 2 +-
- modules/pam_sepermit/pam_sepermit.8 | 2 +-
modules/pam_sepermit/pam_sepermit.8.xml | 2 +-
- modules/pam_sepermit/sepermit.conf.5 | 2 +-
modules/pam_sepermit/sepermit.conf.5.xml | 2 +-
- modules/pam_shells/pam_shells.8 | 2 +-
modules/pam_shells/pam_shells.8.xml | 2 +-
- modules/pam_succeed_if/pam_succeed_if.8 | 2 +-
modules/pam_succeed_if/pam_succeed_if.8.xml | 2 +-
- modules/pam_time/pam_time.8 | 2 +-
modules/pam_time/pam_time.8.xml | 2 +-
- modules/pam_time/time.conf.5 | 2 +-
modules/pam_time/time.conf.5.xml | 2 +-
- modules/pam_timestamp/pam_timestamp.8 | 2 +-
modules/pam_timestamp/pam_timestamp.8.xml | 2 +-
- modules/pam_timestamp/pam_timestamp_check.8 | 2 +-
modules/pam_timestamp/pam_timestamp_check.8.xml | 2 +-
- modules/pam_tty_audit/pam_tty_audit.8 | 2 +-
modules/pam_tty_audit/pam_tty_audit.8.xml | 2 +-
- modules/pam_umask/pam_umask.8 | 2 +-
modules/pam_umask/pam_umask.8.xml | 2 +-
- modules/pam_unix/pam_unix.8 | 2 +-
modules/pam_unix/pam_unix.8.xml | 2 +-
- modules/pam_userdb/pam_userdb.8 | 2 +-
modules/pam_userdb/pam_userdb.8.xml | 2 +-
- modules/pam_warn/pam_warn.8 | 2 +-
modules/pam_warn/pam_warn.8.xml | 2 +-
- modules/pam_wheel/pam_wheel.8 | 13 +--
modules/pam_wheel/pam_wheel.8.xml | 2 +-
- modules/pam_xauth/pam_xauth.8 | 2 +-
modules/pam_xauth/pam_xauth.8.xml | 2 +-
- 136 files changed, 315 insertions(+), 176 deletions(-)
- create mode 100644 doc/man/PAM.7
- create mode 100644 doc/man/pam.7
+ 68 files changed, 278 insertions(+), 278 deletions(-)
+ create mode 100644 doc/man/pam.7.xml
+ delete mode 100644 doc/man/pam.8.xml
-diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
-index aec365c..b81ca72 100644
---- a/doc/man/Makefile.am
-+++ b/doc/man/Makefile.am
-@@ -7,7 +7,7 @@ MAINTAINERCLEANFILES = $(MANS)
+diff --git a/doc/man/meson.build b/doc/man/meson.build
+index b90b157..71650ec 100644
+--- a/doc/man/meson.build
++++ b/doc/man/meson.build
+@@ -35,7 +35,7 @@ foreach man: [['misc_conv.3', []],
+ ['pam_syslog.3', ['pam_vsyslog.3']],
+ ['pam_xauth_data.3', []],
+ ['pam.conf.5', ['pam.d.5']],
+- ['pam.8', ['PAM.8']],
++ ['pam.7', ['PAM.7']],
+ ]
+ xml = man[0] + '.xml'
- EXTRA_DIST = $(MANS) $(XMLS)
-
--man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \
-+man_MANS = pam.3 PAM.7 pam.7 pam.conf.5 pam.d.5 \
- pam_acct_mgmt.3 pam_authenticate.3 \
- pam_chauthtok.3 pam_close_session.3 pam_conv.3 \
- pam_end.3 pam_error.3 \
-@@ -46,7 +46,8 @@ XMLS = pam.3.xml pam.8.xml pam.conf.5.xml \
-
-
- if ENABLE_REGENERATE_MAN
--PAM.8: pam.8
-+pam.8: pam.8.xml
-+PAM.7 pam.7: pam.8
- pam_get_authtok_noverify.3: pam_get_authtok.3
- pam_get_authtok_verify.3: pam_get_authtok.3
- pam_verror.3: pam_error.3
-diff --git a/doc/man/Makefile.in b/doc/man/Makefile.in
-index d18dc7d..30da4d0 100644
---- a/doc/man/Makefile.in
-+++ b/doc/man/Makefile.in
-@@ -1,7 +1,7 @@
--# Makefile.in generated by automake 1.16.3 from Makefile.am.
-+# Makefile.in generated by automake 1.16.5 from Makefile.am.
- # @configure_input@
-
--# Copyright (C) 1994-2020 Free Software Foundation, Inc.
-+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
- # This Makefile.in is free software; the Free Software Foundation
- # gives unlimited permission to copy and/or distribute it,
-@@ -163,9 +163,9 @@ am__uninstall_files_from_dir = { \
- }
- man3dir = $(mandir)/man3
- am__installdirs = "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
-- "$(DESTDIR)$(man8dir)"
-+ "$(DESTDIR)$(man7dir)"
- man5dir = $(mandir)/man5
--man8dir = $(mandir)/man8
-+man7dir = $(mandir)/man7
- NROFF = nroff
- MANS = $(man_MANS)
- am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-@@ -192,6 +192,8 @@ CPPFLAGS = @CPPFLAGS@
- CRYPTO_LIBS = @CRYPTO_LIBS@
- CRYPT_CFLAGS = @CRYPT_CFLAGS@
- CRYPT_LIBS = @CRYPT_LIBS@
-+CSCOPE = @CSCOPE@
-+CTAGS = @CTAGS@
- CYGPATH_W = @CYGPATH_W@
- DEFS = @DEFS@
- DEPDIR = @DEPDIR@
-@@ -205,6 +207,7 @@ ECHO_T = @ECHO_T@
- ECONF_CFLAGS = @ECONF_CFLAGS@
- ECONF_LIBS = @ECONF_LIBS@
- EGREP = @EGREP@
-+ETAGS = @ETAGS@
- EXEEXT = @EXEEXT@
- EXE_CFLAGS = @EXE_CFLAGS@
- EXE_LDFLAGS = @EXE_LDFLAGS@
-@@ -354,6 +357,7 @@ pdfdir = @pdfdir@
- prefix = @prefix@
- program_transform_name = @program_transform_name@
- psdir = @psdir@
-+runstatedir = @runstatedir@
- sbindir = @sbindir@
- sharedstatedir = @sharedstatedir@
- srcdir = @srcdir@
-@@ -366,7 +370,7 @@ top_srcdir = @top_srcdir@
- CLEANFILES = *~
- MAINTAINERCLEANFILES = $(MANS)
- EXTRA_DIST = $(MANS) $(XMLS)
--man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \
-+man_MANS = pam.3 PAM.7 pam.7 pam.conf.5 pam.d.5 \
- pam_acct_mgmt.3 pam_authenticate.3 \
- pam_chauthtok.3 pam_close_session.3 pam_conv.3 \
- pam_end.3 pam_error.3 \
-@@ -528,56 +532,55 @@ uninstall-man5:
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
--install-man8: $(man_MANS)
-+install-man7: $(man_MANS)
- @$(NORMAL_INSTALL)
- @list1=''; \
- list2='$(man_MANS)'; \
-- test -n "$(man8dir)" \
-+ test -n "$(man7dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
-- echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
-- $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
-+ echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \
-+ $(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
-- | sed -n '/\.8[a-z]*$$/p'; \
-+ | sed -n '/\.7[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
-- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
-- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
-+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \
-+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
-- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
-- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
-+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \
-+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \
- done; }
-
--uninstall-man8:
-+uninstall-man7:
- @$(NORMAL_UNINSTALL)
-- @list=''; test -n "$(man8dir)" || exit 0; \
-+ @list=''; test -n "$(man7dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
-- sed -n '/\.8[a-z]*$$/p'; \
-- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-+ sed -n '/\.7[a-z]*$$/p'; \
-+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
-- dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-+ dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir)
- tags TAGS:
-
- ctags CTAGS:
-
- cscope cscopelist:
-
--
- distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-@@ -615,7 +618,7 @@ check-am: all-am
- check: check-am
- all-am: Makefile $(MANS)
- installdirs:
-- for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
-+ for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
- install: install-am
-@@ -686,7 +689,7 @@ install-info: install-info-am
-
- install-info-am:
-
--install-man: install-man3 install-man5 install-man8
-+install-man: install-man3 install-man5 install-man7
-
- install-pdf: install-pdf-am
-
-@@ -716,7 +719,7 @@ ps-am:
-
- uninstall-am: uninstall-man
-
--uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8
-+uninstall-man: uninstall-man3 uninstall-man5 uninstall-man7
-
- .MAKE: install-am install-strip
-
-@@ -726,18 +729,19 @@ uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
-- install-man3 install-man5 install-man8 install-pdf \
-+ install-man3 install-man5 install-man7 install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
- uninstall-am uninstall-man uninstall-man3 uninstall-man5 \
-- uninstall-man8
-+ uninstall-man7
-
- .PRECIOUS: Makefile
-
-
--@ENABLE_REGENERATE_MAN_TRUE@PAM.8: pam.8
-+@ENABLE_REGENERATE_MAN_TRUE@pam.8: pam.8.xml
-+@ENABLE_REGENERATE_MAN_TRUE@PAM.7 pam.7: pam.8
- @ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_noverify.3: pam_get_authtok.3
- @ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_verify.3: pam_get_authtok.3
- @ENABLE_REGENERATE_MAN_TRUE@pam_verror.3: pam_error.3
-diff --git a/doc/man/PAM.7 b/doc/man/PAM.7
-new file mode 100644
-index 0000000..00b313f
---- /dev/null
-+++ b/doc/man/PAM.7
-@@ -0,0 +1,138 @@
-+'\" t
-+.\" Title: pam
-+.\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
-+.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
-+.\" Date: 09/15/2023
-+.\" Manual: Linux-PAM Manual
-+.\" Source: Linux-PAM
-+.\" Language: English
-+.\"
-+.TH "PAM" "7" "09/15/2023" "Linux\-PAM" "Linux\-PAM Manual"
-+.\" -----------------------------------------------------------------
-+.\" * Define some portability stuff
-+.\" -----------------------------------------------------------------
-+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-+.\" http://bugs.debian.org/507673
-+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-+.ie \n(.g .ds Aq \(aq
-+.el .ds Aq '
-+.\" -----------------------------------------------------------------
-+.\" * set default formatting
-+.\" -----------------------------------------------------------------
-+.\" disable hyphenation
-+.nh
-+.\" disable justification (adjust text to left margin only)
-+.ad l
-+.\" -----------------------------------------------------------------
-+.\" * MAIN CONTENT STARTS HERE *
-+.\" -----------------------------------------------------------------
-+.SH "NAME"
-+PAM, pam \- Pluggable Authentication Modules for Linux
-+.SH "DESCRIPTION"
-+.PP
-+This manual is intended to offer a quick introduction to
-+\fBLinux\-PAM\fR\&. For more information the reader is directed to the
-+\fBLinux\-PAM system administrators\*(Aq guide\fR\&.
-+.PP
-+\fBLinux\-PAM\fR
-+is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
-+\fBlogin\fR(1)
-+and
-+\fBsu\fR(1)) defer to to perform standard authentication tasks\&.
-+.PP
-+The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single
-+\fBLinux\-PAM\fR
-+configuration file
-+/etc/pam\&.conf\&. Alternatively and preferably, the configuration can be set by individual configuration files located in a
-+pam\&.d
-+directory\&. The presence of this directory will cause
-+\fBLinux\-PAM\fR
-+to
-+\fIignore\fR
-+/etc/pam\&.conf\&.
-+.PP
-+Vendor\-supplied PAM configuration files might be installed in the system directory
-+/usr/lib/pam\&.d/
-+or a configurable vendor specific directory instead of the machine configuration directory
-+/etc/pam\&.d/\&. If no machine configuration file is found, the vendor\-supplied file is used\&. All files in
-+/etc/pam\&.d/
-+override files with the same name in other directories\&.
-+.PP
-+From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the
-+\fBLinux\-PAM\fR
-+library\&. The important point to recognize is that the configuration file(s)
-+\fIdefine\fR
-+the connection between applications
-+(\fBservices\fR) and the pluggable authentication modules
-+(\fBPAM\fRs) that perform the actual authentication tasks\&.
-+.PP
-+\fBLinux\-PAM\fR
-+separates the tasks of
-+\fIauthentication\fR
-+into four independent management groups:
-+\fBaccount\fR
-+management;
-+\fBauth\fRentication management;
-+\fBpassword\fR
-+management; and
-+\fBsession\fR
-+management\&. (We highlight the abbreviations used for these groups in the configuration file\&.)
-+.PP
-+Simply put, these groups take care of different aspects of a typical user\*(Aqs request for a restricted service:
-+.PP
-+\fBaccount\fR
-+\- provide account verification types of service: has the user\*(Aqs password expired?; is this user permitted access to the requested service?
-+.PP
-+\fBauth\fRentication \- authenticate a user and set up user credentials\&. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\&. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of
-+\fBLinux\-PAM\fR\&.
-+.PP
-+\fBpassword\fR
-+\- this group\*(Aqs responsibility is the task of updating authentication mechanisms\&. Typically, such services are strongly coupled to those of the
-+\fBauth\fR
-+group\&. Some authentication mechanisms lend themselves well to being updated with such a function\&. Standard UN*X password\-based access is the obvious example: please enter a replacement password\&.
-+.PP
-+\fBsession\fR
-+\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\&. Such tasks include the maintenance of audit trails and the mounting of the user\*(Aqs home directory\&. The
-+\fBsession\fR
-+management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&.
-+.SH "FILES"
-+.PP
-+/etc/pam\&.conf
-+.RS 4
-+the configuration file
-+.RE
-+.PP
-+/etc/pam\&.d
-+.RS 4
-+the
-+\fBLinux\-PAM\fR
-+configuration directory\&. Generally, if this directory is present, the
-+/etc/pam\&.conf
-+file is ignored\&.
-+.RE
-+.PP
-+/usr/lib/pam\&.d
-+.RS 4
-+the
-+\fBLinux\-PAM\fR
-+vendor configuration directory\&. Files in
-+/etc/pam\&.d
-+override files with the same name in this directory\&.
-+.RE
-+.SH "ERRORS"
-+.PP
-+Typically errors generated by the
-+\fBLinux\-PAM\fR
-+system of libraries, will be written to
-+\fBsyslog\fR(3)\&.
-+.SH "CONFORMING TO"
-+.PP
-+DCE\-RFC 86\&.0, October 1995\&. Contains additional features, but remains backwardly compatible with this RFC\&.
-+.SH "SEE ALSO"
-+.PP
-+\fBpam\fR(3),
-+\fBpam_authenticate\fR(3),
-+\fBpam_sm_setcred\fR(3),
-+\fBpam_strerror\fR(3),
-+\fBPAM\fR(8)
-diff --git a/doc/man/misc_conv.3 b/doc/man/misc_conv.3
-index 6265664..85d32db 100644
---- a/doc/man/misc_conv.3
-+++ b/doc/man/misc_conv.3
-@@ -117,7 +117,7 @@ This function pointer is initialized to
- .SH "SEE ALSO"
- .PP
- \fBpam_conv\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "STANDARDS"
- .PP
- The
diff --git a/doc/man/misc_conv.3.xml b/doc/man/misc_conv.3.xml
index 92d4acd..2971b3a 100644
--- a/doc/man/misc_conv.3.xml
@@ -524,36 +107,442 @@ index 92d4acd..2971b3a 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam.7 b/doc/man/pam.7
+diff --git a/doc/man/pam.7.xml b/doc/man/pam.7.xml
new file mode 100644
-index 0000000..a15cab9
+index 0000000..cb6a7d8
--- /dev/null
-+++ b/doc/man/pam.7
-@@ -0,0 +1 @@
-+.so PAM.7
++++ b/doc/man/pam.7.xml
+@@ -0,0 +1,212 @@
++<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam8">
++
++ <refmeta>
++ <refentrytitle>pam</refentrytitle>
++ <manvolnum>7</manvolnum>
++ <refmiscinfo class="source">Linux-PAM</refmiscinfo>
++ <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
++ </refmeta>
++
++ <refnamediv xml:id="pam8-name">
++ <refname>PAM</refname>
++ <refname>pam</refname>
++ <refpurpose>Pluggable Authentication Modules for Linux</refpurpose>
++ </refnamediv>
++
++ <refsect1 xml:id="pam8-description">
++ <title>DESCRIPTION</title>
++ <para>
++ This manual is intended to offer a quick introduction to
++ <emphasis remap="B">Linux-PAM</emphasis>. For more information
++ the reader is directed to the
++ <emphasis remap="B">Linux-PAM system administrators' guide</emphasis>.
++ </para>
++
++ <para>
++ <emphasis remap="B">Linux-PAM</emphasis> is a system of libraries
++ that handle the authentication tasks of applications (services) on
++ the system. The library provides a stable general interface
++ (Application Programming Interface - API) that privilege granting
++ programs (such as <citerefentry>
++ <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
++ </citerefentry> and <citerefentry>
++ <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
++ </citerefentry>) defer to to perform standard authentication tasks.
++ </para>
++
++ <para>
++ The principal feature of the PAM approach is that the nature of the
++ authentication is dynamically configurable. In other words, the
++ system administrator is free to choose how individual
++ service-providing applications will authenticate users. This dynamic
++ configuration is set by the contents of the single
++ <emphasis remap="B">Linux-PAM</emphasis> configuration file
++ <filename>/etc/pam.conf</filename>. Alternatively and preferably,
++ the configuration can be set by individual configuration files
++ located in a <filename>pam.d</filename> directory. The presence of this
++ directory will cause <emphasis remap="B">Linux-PAM</emphasis> to
++ <emphasis remap="I">ignore</emphasis> <filename>/etc/pam.conf</filename>.
++ </para>
++
++ <para>
++ Vendor-supplied PAM configuration files might be installed in
++ the system directory <filename>/usr/lib/pam.d/</filename> or
++ a configurable vendor specific directory instead
++ of the machine configuration directory <filename>/etc/pam.d/</filename>.
++ If no machine configuration file is found, the vendor-supplied file
++ is used. All files in <filename>/etc/pam.d/</filename> override
++ files with the same name in other directories.
++ </para>
++
++<para>From the point of view of the system administrator, for whom this
++manual is provided, it is not of primary importance to understand the
++internal behavior of the
++<emphasis remap="B">Linux-PAM</emphasis>
++library. The important point to recognize is that the configuration
++file(s)
++<emphasis remap="I">define</emphasis>
++the connection between applications
++<emphasis remap="B"/>(<emphasis remap="B">services</emphasis>)
++and the pluggable authentication modules
++<emphasis remap="B"/>(<emphasis remap="B">PAM</emphasis>s)
++that perform the actual authentication tasks.</para>
++
++
++<para><emphasis remap="B">Linux-PAM</emphasis>
++separates the tasks of
++<emphasis remap="I">authentication</emphasis>
++into four independent management groups:
++<emphasis remap="B">account</emphasis> management;
++<emphasis remap="B">auth</emphasis>entication management;
++<emphasis remap="B">password</emphasis> management;
++and
++<emphasis remap="B">session</emphasis> management.
++(We highlight the abbreviations used for these groups in the
++configuration file.)</para>
++
++
++<para>Simply put, these groups take care of different aspects of a typical
++user's request for a restricted service:</para>
++
++
++<para><emphasis remap="B">account</emphasis> -
++provide account verification types of service: has the user's password
++expired?; is this user permitted access to the requested service?</para>
++
++<!-- .br -->
++<para><emphasis remap="B">auth</emphasis>entication -
++authenticate a user and set up user credentials. Typically this is via
++some challenge-response request that the user must satisfy: if you are
++who you claim to be please enter your password. Not all authentications
++are of this type, there exist hardware based authentication schemes
++(such as the use of smart-cards and biometric devices), with suitable
++modules, these may be substituted seamlessly for more standard
++approaches to authentication - such is the flexibility of
++<emphasis remap="B">Linux-PAM</emphasis>.</para>
++
++<!-- .br -->
++<para><emphasis remap="B">password</emphasis> -
++this group's responsibility is the task of updating authentication
++mechanisms. Typically, such services are strongly coupled to those of
++the
++<emphasis remap="B">auth</emphasis>
++group. Some authentication mechanisms lend themselves well to being
++updated with such a function. Standard UN*X password-based access is
++the obvious example: please enter a replacement password.</para>
++
++<!-- .br -->
++<para><emphasis remap="B">session</emphasis> -
++this group of tasks cover things that should be done prior to a
++service being given and after it is withdrawn. Such tasks include the
++maintenance of audit trails and the mounting of the user's home
++directory. The
++<emphasis remap="B">session</emphasis>
++management group is important as it provides both an opening and
++closing hook for modules to affect the services available to a user.</para>
++
++</refsect1>
++
++ <refsect1 xml:id="pam8-files">
++ <title>FILES</title>
++ <variablelist>
++ <varlistentry>
++ <term>/etc/pam.conf</term>
++ <listitem>
++ <para>the configuration file</para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>/etc/pam.d</term>
++ <listitem>
++ <para>
++ the <emphasis remap="B">Linux-PAM</emphasis> configuration
++ directory. Generally, if this directory is present, the
++ <filename>/etc/pam.conf</filename> file is ignored.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>/usr/lib/pam.d</term>
++ <listitem>
++ <para>
++ the <emphasis remap="B">Linux-PAM</emphasis> vendor configuration
++ directory. Files in <filename>/etc/pam.d</filename> override
++ files with the same name in this directory.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry condition="with_vendordir">
++ <term>%vendordir%/pam.d</term>
++ <listitem>
++ <para>
++ additional <emphasis remap="B">Linux-PAM</emphasis> vendor
++ configuration directory. Files in <filename>/etc/pam.d</filename>
++ and <filename>/usr/lib/pam.d</filename> override files with the
++ same name in this directory.
++ </para>
++ </listitem>
++ </varlistentry>
++ </variablelist>
++ </refsect1>
++
++ <refsect1 xml:id="pam8-errors">
++ <title>ERRORS</title>
++ <para>
++ Typically errors generated by the
++ <emphasis remap="B">Linux-PAM</emphasis> system of libraries, will
++ be written to <citerefentry>
++ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
++ </citerefentry>.
++ </para>
++ </refsect1>
++
++ <refsect1 xml:id="pam8-conforming_to">
++ <title>CONFORMING TO</title>
++ <para>
++ DCE-RFC 86.0, October 1995.
++ Contains additional features, but remains backwardly compatible
++ with this RFC.
++ </para>
++ </refsect1>
++
++ <refsect1 xml:id="pam8-see_also">
++ <title>SEE ALSO</title>
++ <para>
++ <citerefentry>
++ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
++ </citerefentry>,
++ <citerefentry>
++ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
++ </citerefentry>,
++ <citerefentry>
++ <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum>
++ </citerefentry>,
++ <citerefentry>
++ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
++ </citerefentry>,
++ <citerefentry>
++ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
++ </citerefentry>
++ </para>
++ </refsect1>
++</refentry>
diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml
-index 7f3b051..cb6a7d8 100644
+deleted file mode 100644
+index 7f3b051..0000000
--- a/doc/man/pam.8.xml
-+++ b/doc/man/pam.8.xml
-@@ -2,7 +2,7 @@
-
- <refmeta>
- <refentrytitle>pam</refentrytitle>
++++ /dev/null
+@@ -1,212 +0,0 @@
+-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam8">
+-
+- <refmeta>
+- <refentrytitle>pam</refentrytitle>
- <manvolnum>8</manvolnum>
-+ <manvolnum>7</manvolnum>
- <refmiscinfo class="source">Linux-PAM</refmiscinfo>
- <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
- </refmeta>
-diff --git a/doc/man/pam_acct_mgmt.3 b/doc/man/pam_acct_mgmt.3
-index 18e91d5..1cfb501 100644
---- a/doc/man/pam_acct_mgmt.3
-+++ b/doc/man/pam_acct_mgmt.3
-@@ -97,4 +97,4 @@ User unknown to password service\&.
- \fBpam_authenticate\fR(3),
- \fBpam_chauthtok\fR(3),
- \fBpam_strerror\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
+- <refmiscinfo class="source">Linux-PAM</refmiscinfo>
+- <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
+- </refmeta>
+-
+- <refnamediv xml:id="pam8-name">
+- <refname>PAM</refname>
+- <refname>pam</refname>
+- <refpurpose>Pluggable Authentication Modules for Linux</refpurpose>
+- </refnamediv>
+-
+- <refsect1 xml:id="pam8-description">
+- <title>DESCRIPTION</title>
+- <para>
+- This manual is intended to offer a quick introduction to
+- <emphasis remap="B">Linux-PAM</emphasis>. For more information
+- the reader is directed to the
+- <emphasis remap="B">Linux-PAM system administrators' guide</emphasis>.
+- </para>
+-
+- <para>
+- <emphasis remap="B">Linux-PAM</emphasis> is a system of libraries
+- that handle the authentication tasks of applications (services) on
+- the system. The library provides a stable general interface
+- (Application Programming Interface - API) that privilege granting
+- programs (such as <citerefentry>
+- <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
+- </citerefentry> and <citerefentry>
+- <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
+- </citerefentry>) defer to to perform standard authentication tasks.
+- </para>
+-
+- <para>
+- The principal feature of the PAM approach is that the nature of the
+- authentication is dynamically configurable. In other words, the
+- system administrator is free to choose how individual
+- service-providing applications will authenticate users. This dynamic
+- configuration is set by the contents of the single
+- <emphasis remap="B">Linux-PAM</emphasis> configuration file
+- <filename>/etc/pam.conf</filename>. Alternatively and preferably,
+- the configuration can be set by individual configuration files
+- located in a <filename>pam.d</filename> directory. The presence of this
+- directory will cause <emphasis remap="B">Linux-PAM</emphasis> to
+- <emphasis remap="I">ignore</emphasis> <filename>/etc/pam.conf</filename>.
+- </para>
+-
+- <para>
+- Vendor-supplied PAM configuration files might be installed in
+- the system directory <filename>/usr/lib/pam.d/</filename> or
+- a configurable vendor specific directory instead
+- of the machine configuration directory <filename>/etc/pam.d/</filename>.
+- If no machine configuration file is found, the vendor-supplied file
+- is used. All files in <filename>/etc/pam.d/</filename> override
+- files with the same name in other directories.
+- </para>
+-
+-<para>From the point of view of the system administrator, for whom this
+-manual is provided, it is not of primary importance to understand the
+-internal behavior of the
+-<emphasis remap="B">Linux-PAM</emphasis>
+-library. The important point to recognize is that the configuration
+-file(s)
+-<emphasis remap="I">define</emphasis>
+-the connection between applications
+-<emphasis remap="B"/>(<emphasis remap="B">services</emphasis>)
+-and the pluggable authentication modules
+-<emphasis remap="B"/>(<emphasis remap="B">PAM</emphasis>s)
+-that perform the actual authentication tasks.</para>
+-
+-
+-<para><emphasis remap="B">Linux-PAM</emphasis>
+-separates the tasks of
+-<emphasis remap="I">authentication</emphasis>
+-into four independent management groups:
+-<emphasis remap="B">account</emphasis> management;
+-<emphasis remap="B">auth</emphasis>entication management;
+-<emphasis remap="B">password</emphasis> management;
+-and
+-<emphasis remap="B">session</emphasis> management.
+-(We highlight the abbreviations used for these groups in the
+-configuration file.)</para>
+-
+-
+-<para>Simply put, these groups take care of different aspects of a typical
+-user's request for a restricted service:</para>
+-
+-
+-<para><emphasis remap="B">account</emphasis> -
+-provide account verification types of service: has the user's password
+-expired?; is this user permitted access to the requested service?</para>
+-
+-<!-- .br -->
+-<para><emphasis remap="B">auth</emphasis>entication -
+-authenticate a user and set up user credentials. Typically this is via
+-some challenge-response request that the user must satisfy: if you are
+-who you claim to be please enter your password. Not all authentications
+-are of this type, there exist hardware based authentication schemes
+-(such as the use of smart-cards and biometric devices), with suitable
+-modules, these may be substituted seamlessly for more standard
+-approaches to authentication - such is the flexibility of
+-<emphasis remap="B">Linux-PAM</emphasis>.</para>
+-
+-<!-- .br -->
+-<para><emphasis remap="B">password</emphasis> -
+-this group's responsibility is the task of updating authentication
+-mechanisms. Typically, such services are strongly coupled to those of
+-the
+-<emphasis remap="B">auth</emphasis>
+-group. Some authentication mechanisms lend themselves well to being
+-updated with such a function. Standard UN*X password-based access is
+-the obvious example: please enter a replacement password.</para>
+-
+-<!-- .br -->
+-<para><emphasis remap="B">session</emphasis> -
+-this group of tasks cover things that should be done prior to a
+-service being given and after it is withdrawn. Such tasks include the
+-maintenance of audit trails and the mounting of the user's home
+-directory. The
+-<emphasis remap="B">session</emphasis>
+-management group is important as it provides both an opening and
+-closing hook for modules to affect the services available to a user.</para>
+-
+-</refsect1>
+-
+- <refsect1 xml:id="pam8-files">
+- <title>FILES</title>
+- <variablelist>
+- <varlistentry>
+- <term>/etc/pam.conf</term>
+- <listitem>
+- <para>the configuration file</para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>/etc/pam.d</term>
+- <listitem>
+- <para>
+- the <emphasis remap="B">Linux-PAM</emphasis> configuration
+- directory. Generally, if this directory is present, the
+- <filename>/etc/pam.conf</filename> file is ignored.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>/usr/lib/pam.d</term>
+- <listitem>
+- <para>
+- the <emphasis remap="B">Linux-PAM</emphasis> vendor configuration
+- directory. Files in <filename>/etc/pam.d</filename> override
+- files with the same name in this directory.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="with_vendordir">
+- <term>%vendordir%/pam.d</term>
+- <listitem>
+- <para>
+- additional <emphasis remap="B">Linux-PAM</emphasis> vendor
+- configuration directory. Files in <filename>/etc/pam.d</filename>
+- and <filename>/usr/lib/pam.d</filename> override files with the
+- same name in this directory.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1 xml:id="pam8-errors">
+- <title>ERRORS</title>
+- <para>
+- Typically errors generated by the
+- <emphasis remap="B">Linux-PAM</emphasis> system of libraries, will
+- be written to <citerefentry>
+- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry>.
+- </para>
+- </refsect1>
+-
+- <refsect1 xml:id="pam8-conforming_to">
+- <title>CONFORMING TO</title>
+- <para>
+- DCE-RFC 86.0, October 1995.
+- Contains additional features, but remains backwardly compatible
+- with this RFC.
+- </para>
+- </refsect1>
+-
+- <refsect1 xml:id="pam8-see_also">
+- <title>SEE ALSO</title>
+- <para>
+- <citerefentry>
+- <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
diff --git a/doc/man/pam_acct_mgmt.3.xml b/doc/man/pam_acct_mgmt.3.xml
index de6a94a..6ff3ccb 100644
--- a/doc/man/pam_acct_mgmt.3.xml
@@ -567,16 +556,6 @@ index de6a94a..6ff3ccb 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_authenticate.3 b/doc/man/pam_authenticate.3
-index 1760e2a..463a518 100644
---- a/doc/man/pam_authenticate.3
-+++ b/doc/man/pam_authenticate.3
-@@ -107,4 +107,4 @@ User unknown to authentication service\&.
- \fBpam_setcred\fR(3),
- \fBpam_chauthtok\fR(3),
- \fBpam_strerror\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
diff --git a/doc/man/pam_authenticate.3.xml b/doc/man/pam_authenticate.3.xml
index 794a5c7..948b950 100644
--- a/doc/man/pam_authenticate.3.xml
@@ -590,16 +569,6 @@ index 794a5c7..948b950 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_chauthtok.3 b/doc/man/pam_chauthtok.3
-index 60d267f..d7a1c1b 100644
---- a/doc/man/pam_chauthtok.3
-+++ b/doc/man/pam_chauthtok.3
-@@ -106,4 +106,4 @@ User unknown to password service\&.
- \fBpam_setcred\fR(3),
- \fBpam_get_item\fR(3),
- \fBpam_strerror\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
diff --git a/doc/man/pam_chauthtok.3.xml b/doc/man/pam_chauthtok.3.xml
index e184f45..95af359 100644
--- a/doc/man/pam_chauthtok.3.xml
@@ -613,16 +582,6 @@ index e184f45..95af359 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_conv.3 b/doc/man/pam_conv.3
-index 5ada083..35c35d0 100644
---- a/doc/man/pam_conv.3
-+++ b/doc/man/pam_conv.3
-@@ -174,4 +174,4 @@ Success\&.
- \fBpam_set_item\fR(3),
- \fBpam_get_item\fR(3),
- \fBpam_strerror\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
diff --git a/doc/man/pam_conv.3.xml b/doc/man/pam_conv.3.xml
index 31834f3..96bfd23 100644
--- a/doc/man/pam_conv.3.xml
@@ -636,19 +595,6 @@ index 31834f3..96bfd23 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_error.3 b/doc/man/pam_error.3
-index 9a6c3f8..6f04998 100644
---- a/doc/man/pam_error.3
-+++ b/doc/man/pam_error.3
-@@ -80,7 +80,7 @@ System error\&.
- \fBpam_vinfo\fR(3),
- \fBpam_prompt\fR(3),
- \fBpam_vprompt\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "STANDARDS"
- .PP
- The
diff --git a/doc/man/pam_error.3.xml b/doc/man/pam_error.3.xml
index 0f294c2..82ea709 100644
--- a/doc/man/pam_error.3.xml
@@ -662,24 +608,11 @@ index 0f294c2..82ea709 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_get_authtok.3 b/doc/man/pam_get_authtok.3
-index 105a217..3e6ddda 100644
---- a/doc/man/pam_get_authtok.3
-+++ b/doc/man/pam_get_authtok.3
-@@ -162,7 +162,7 @@ New authentication tokens mismatch\&.
- .RE
- .SH "SEE ALSO"
- .PP
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "STANDARDS"
- .PP
- The
diff --git a/doc/man/pam_get_authtok.3.xml b/doc/man/pam_get_authtok.3.xml
-index ba6d955..1cb7566 100644
+index 60e0a45..bfb04c1 100644
--- a/doc/man/pam_get_authtok.3.xml
+++ b/doc/man/pam_get_authtok.3.xml
-@@ -229,7 +229,7 @@
+@@ -230,7 +230,7 @@
<title>SEE ALSO</title>
<para>
<citerefentry>
@@ -688,35 +621,6 @@ index ba6d955..1cb7566 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3
-index d08fde5..30434bb 100644
---- a/doc/man/pam_get_item.3
-+++ b/doc/man/pam_get_item.3
-@@ -2,12 +2,12 @@
- .\" Title: pam_get_item
- .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
- .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
--.\" Date: 05/07/2023
-+.\" Date: 02/29/2024
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM
- .\" Language: English
- .\"
--.TH "PAM_GET_ITEM" "3" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
-+.TH "PAM_GET_ITEM" "3" "02/29/2024" "Linux\-PAM" "Linux\-PAM Manual"
- .\" -----------------------------------------------------------------
- .\" * Define some portability stuff
- .\" -----------------------------------------------------------------
-diff --git a/doc/man/pam_getenv.3 b/doc/man/pam_getenv.3
-index d0d3999..f639ef9 100644
---- a/doc/man/pam_getenv.3
-+++ b/doc/man/pam_getenv.3
-@@ -57,4 +57,4 @@ function returns NULL on failure\&.
- \fBpam_start\fR(3),
- \fBpam_getenvlist\fR(3),
- \fBpam_putenv\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
diff --git a/doc/man/pam_getenv.3.xml b/doc/man/pam_getenv.3.xml
index df25863..b5dbc12 100644
--- a/doc/man/pam_getenv.3.xml
@@ -730,16 +634,6 @@ index df25863..b5dbc12 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_getenvlist.3 b/doc/man/pam_getenvlist.3
-index 8369764..e2ae949 100644
---- a/doc/man/pam_getenvlist.3
-+++ b/doc/man/pam_getenvlist.3
-@@ -63,4 +63,4 @@ function returns NULL on failure\&.
- \fBpam_start\fR(3),
- \fBpam_getenv\fR(3),
- \fBpam_putenv\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
diff --git a/doc/man/pam_getenvlist.3.xml b/doc/man/pam_getenvlist.3.xml
index 54b1f41..7f755e5 100644
--- a/doc/man/pam_getenvlist.3.xml
@@ -753,19 +647,6 @@ index 54b1f41..7f755e5 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_info.3 b/doc/man/pam_info.3
-index d66dee4..a76e039 100644
---- a/doc/man/pam_info.3
-+++ b/doc/man/pam_info.3
-@@ -76,7 +76,7 @@ System error\&.
- .RE
- .SH "SEE ALSO"
- .PP
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "STANDARDS"
- .PP
- The
diff --git a/doc/man/pam_info.3.xml b/doc/man/pam_info.3.xml
index 5155d41..9b4a3f0 100644
--- a/doc/man/pam_info.3.xml
@@ -779,19 +660,6 @@ index 5155d41..9b4a3f0 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_misc_drop_env.3 b/doc/man/pam_misc_drop_env.3
-index b3d162c..ca84c1c 100644
---- a/doc/man/pam_misc_drop_env.3
-+++ b/doc/man/pam_misc_drop_env.3
-@@ -52,7 +52,7 @@ all memory before
- .SH "SEE ALSO"
- .PP
- \fBpam_getenvlist\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "STANDARDS"
- .PP
- The
diff --git a/doc/man/pam_misc_drop_env.3.xml b/doc/man/pam_misc_drop_env.3.xml
index a7f6cc8..c7a2576 100644
--- a/doc/man/pam_misc_drop_env.3.xml
@@ -805,19 +673,6 @@ index a7f6cc8..c7a2576 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_misc_paste_env.3 b/doc/man/pam_misc_paste_env.3
-index d707daa..6ca8c50 100644
---- a/doc/man/pam_misc_paste_env.3
-+++ b/doc/man/pam_misc_paste_env.3
-@@ -47,7 +47,7 @@ PAM_SUCCESS\&.
- .SH "SEE ALSO"
- .PP
- \fBpam_putenv\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "STANDARDS"
- .PP
- The
diff --git a/doc/man/pam_misc_paste_env.3.xml b/doc/man/pam_misc_paste_env.3.xml
index 06194a9..2d99a1f 100644
--- a/doc/man/pam_misc_paste_env.3.xml
@@ -831,19 +686,6 @@ index 06194a9..2d99a1f 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_misc_setenv.3 b/doc/man/pam_misc_setenv.3
-index 70030b7..0b1380a 100644
---- a/doc/man/pam_misc_setenv.3
-+++ b/doc/man/pam_misc_setenv.3
-@@ -52,7 +52,7 @@ are concatenated with an \*(Aq=\*(Aq to form a name=value and passed to
- .SH "SEE ALSO"
- .PP
- \fBpam_putenv\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "STANDARDS"
- .PP
- The
diff --git a/doc/man/pam_misc_setenv.3.xml b/doc/man/pam_misc_setenv.3.xml
index 4414d54..c9403c5 100644
--- a/doc/man/pam_misc_setenv.3.xml
@@ -857,34 +699,6 @@ index 4414d54..c9403c5 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_prompt.3 b/doc/man/pam_prompt.3
-index 3070747..aeaaac0 100644
---- a/doc/man/pam_prompt.3
-+++ b/doc/man/pam_prompt.3
-@@ -2,12 +2,12 @@
- .\" Title: pam_prompt
- .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
- .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
--.\" Date: 05/07/2023
-+.\" Date: 09/15/2023
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM
- .\" Language: English
- .\"
--.TH "PAM_PROMPT" "3" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
-+.TH "PAM_PROMPT" "3" "09/15/2023" "Linux\-PAM" "Linux\-PAM Manual"
- .\" -----------------------------------------------------------------
- .\" * Define some portability stuff
- .\" -----------------------------------------------------------------
-@@ -70,7 +70,7 @@ System error\&.
- .RE
- .SH "SEE ALSO"
- .PP
--\fBpam\fR(8),
-+\fBpam\fR(7),
- \fBpam_conv\fR(3)
- .SH "STANDARDS"
- .PP
diff --git a/doc/man/pam_prompt.3.xml b/doc/man/pam_prompt.3.xml
index c65a0c9..b53f502 100644
--- a/doc/man/pam_prompt.3.xml
@@ -898,16 +712,6 @@ index c65a0c9..b53f502 100644
</citerefentry>,
<citerefentry>
<refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
-diff --git a/doc/man/pam_putenv.3 b/doc/man/pam_putenv.3
-index 3b826b1..0e1002b 100644
---- a/doc/man/pam_putenv.3
-+++ b/doc/man/pam_putenv.3
-@@ -108,4 +108,4 @@ The environment variable was successfully updated\&.
- \fBpam_getenv\fR(3),
- \fBpam_getenvlist\fR(3),
- \fBpam_strerror\fR(3),
--\fBpam\fR(8)
-+\fBpam\fR(7)
diff --git a/doc/man/pam_putenv.3.xml b/doc/man/pam_putenv.3.xml
index 7267046..8daca00 100644
--- a/doc/man/pam_putenv.3.xml
@@ -921,16 +725,6 @@ index 7267046..8daca00 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_strerror.3 b/doc/man/pam_strerror.3
-index 408eb3a..d6c5d51 100644
---- a/doc/man/pam_strerror.3
-+++ b/doc/man/pam_strerror.3
-@@ -49,4 +49,4 @@ function returns a pointer to a string describing the error code passed in the a
- This function returns always a pointer to a string\&.
- .SH "SEE ALSO"
- .PP
--\fBpam\fR(8)
-+\fBpam\fR(7)
diff --git a/doc/man/pam_strerror.3.xml b/doc/man/pam_strerror.3.xml
index b76cbc4..2c7a8a9 100644
--- a/doc/man/pam_strerror.3.xml
@@ -944,19 +738,6 @@ index b76cbc4..2c7a8a9 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/doc/man/pam_syslog.3 b/doc/man/pam_syslog.3
-index 8223131..d1f2589 100644
---- a/doc/man/pam_syslog.3
-+++ b/doc/man/pam_syslog.3
-@@ -67,7 +67,7 @@ with the difference that it takes a set of arguments which have been obtained us
- variable argument list macros\&.
- .SH "SEE ALSO"
- .PP
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "STANDARDS"
- .PP
- The
diff --git a/doc/man/pam_syslog.3.xml b/doc/man/pam_syslog.3.xml
index f5be287..5005476 100644
--- a/doc/man/pam_syslog.3.xml
@@ -970,24 +751,11 @@ index f5be287..5005476 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5
-index b45e914..774e5cd 100644
---- a/modules/pam_access/access.conf.5
-+++ b/modules/pam_access/access.conf.5
-@@ -210,7 +210,7 @@ option, the spaces will become part of the actual item and the line will be most
- .PP
- \fBpam_access\fR(8),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHORS"
- .PP
- Original
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
-index ff1cb22..e1e5531 100644
+index 0b93db0..65c6b69 100644
--- a/modules/pam_access/access.conf.5.xml
+++ b/modules/pam_access/access.conf.5.xml
-@@ -229,7 +229,7 @@
+@@ -240,7 +240,7 @@
<para>
<citerefentry><refentrytitle>pam_access</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@@ -996,24 +764,11 @@ index ff1cb22..e1e5531 100644
</para>
</refsect1>
-diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8
-index c9f9d40..5b0e1a3 100644
---- a/modules/pam_access/pam_access.8
-+++ b/modules/pam_access/pam_access.8
-@@ -133,7 +133,7 @@ Default configuration file
- .PP
- \fBaccess.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)\&.
-+\fBpam\fR(7)\&.
- .SH "AUTHORS"
- .PP
- The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&.
diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml
-index 010e749..cc01d5c 100644
+index c991d7a..dcc5039 100644
--- a/modules/pam_access/pam_access.8.xml
+++ b/modules/pam_access/pam_access.8.xml
-@@ -270,7 +270,7 @@
+@@ -285,7 +285,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -1022,19 +777,6 @@ index 010e749..cc01d5c 100644
</citerefentry>.
</para>
</refsect1>
-diff --git a/modules/pam_debug/pam_debug.8 b/modules/pam_debug/pam_debug.8
-index b1a6de7..2b2dee3 100644
---- a/modules/pam_debug/pam_debug.8
-+++ b/modules/pam_debug/pam_debug.8
-@@ -138,7 +138,7 @@ auth sufficient pam_debug\&.so auth=success cred=success
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_debug was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml
index 1c98f17..939c19b 100644
--- a/modules/pam_debug/pam_debug.8.xml
@@ -1048,19 +790,6 @@ index 1c98f17..939c19b 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8
-index 85146f1..81d5343 100644
---- a/modules/pam_deny/pam_deny.8
-+++ b/modules/pam_deny/pam_deny.8
-@@ -96,7 +96,7 @@ other session required pam_deny\&.so
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_deny was written by Andrew G\&. Morgan <morgan@kernel\&.org>
diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml
index db8fcb6..de41a59 100644
--- a/modules/pam_deny/pam_deny.8.xml
@@ -1074,19 +803,6 @@ index db8fcb6..de41a59 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_echo/pam_echo.8 b/modules/pam_echo/pam_echo.8
-index c927488..5f0712b 100644
---- a/modules/pam_echo/pam_echo.8
-+++ b/modules/pam_echo/pam_echo.8
-@@ -126,7 +126,7 @@ password required pam_unix\&.so
- .PP
- \fBpam.conf\fR(8),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- Thorsten Kukuk <kukuk@thkukuk\&.de>
diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml
index 07b793d..cf2d006 100644
--- a/modules/pam_echo/pam_echo.8.xml
@@ -1100,39 +816,11 @@ index 07b793d..cf2d006 100644
</citerefentry></para>
</refsect1>
-diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8
-index f4e15f3..afef8b1 100644
---- a/modules/pam_env/pam_env.8
-+++ b/modules/pam_env/pam_env.8
-@@ -2,12 +2,12 @@
- .\" Title: pam_env
- .\" Author: [see the "AUTHOR" section]
- .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
--.\" Date: 05/07/2023
-+.\" Date: 09/13/2023
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM
- .\" Language: English
- .\"
--.TH "PAM_ENV" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
-+.TH "PAM_ENV" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual"
- .\" -----------------------------------------------------------------
- .\" * Define some portability stuff
- .\" -----------------------------------------------------------------
-@@ -153,7 +153,7 @@ User specific environment file
- .PP
- \fBpam_env.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8),
-+\fBpam\fR(7),
- \fBenviron\fR(7)\&.
- .SH "AUTHOR"
- .PP
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
-index fb172e1..a720d37 100644
+index c7889e0..082c1d5 100644
--- a/modules/pam_env/pam_env.8.xml
+++ b/modules/pam_env/pam_env.8.xml
-@@ -295,7 +295,7 @@
+@@ -312,7 +312,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -1141,21 +829,8 @@ index fb172e1..a720d37 100644
</citerefentry>,
<citerefentry>
<refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum>
-diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5
-index 90de5ea..9d9af67 100644
---- a/modules/pam_env/pam_env.conf.5
-+++ b/modules/pam_env/pam_env.conf.5
-@@ -125,7 +125,7 @@ Silly examples of escaped variables, just to show how they work\&.
- .PP
- \fBpam_env\fR(8),
- \fBpam.d\fR(5),
--\fBpam\fR(8),
-+\fBpam\fR(7),
- \fBenviron\fR(7)
- .SH "AUTHOR"
- .PP
diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml
-index 81fc961..38bc5fd 100644
+index 46df480..da74046 100644
--- a/modules/pam_env/pam_env.conf.5.xml
+++ b/modules/pam_env/pam_env.conf.5.xml
@@ -135,7 +135,7 @@
@@ -1167,21 +842,8 @@ index 81fc961..38bc5fd 100644
<citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8
-index 4c7023d..bfa49f8 100644
---- a/modules/pam_exec/pam_exec.8
-+++ b/modules/pam_exec/pam_exec.8
-@@ -182,7 +182,7 @@ with effective user ID\&.
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de> and Josh Triplett <josh@joshtriplett\&.org>\&.
diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml
-index 13abe6e..2eedb28 100644
+index 677d598..00b4b77 100644
--- a/modules/pam_exec/pam_exec.8.xml
+++ b/modules/pam_exec/pam_exec.8.xml
@@ -300,7 +300,7 @@
@@ -1193,19 +855,6 @@ index 13abe6e..2eedb28 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_faildelay/pam_faildelay.8 b/modules/pam_faildelay/pam_faildelay.8
-index 9d1d475..0e798cd 100644
---- a/modules/pam_faildelay/pam_faildelay.8
-+++ b/modules/pam_faildelay/pam_faildelay.8
-@@ -87,7 +87,7 @@ auth optional pam_faildelay\&.so delay=10000000
- \fBpam_fail_delay\fR(3),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_faildelay was written by Darren Tucker <dtucker@zip\&.com\&.au>\&.
diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml
index c31b507..49ec46f 100644
--- a/modules/pam_faildelay/pam_faildelay.8.xml
@@ -1219,19 +868,6 @@ index c31b507..49ec46f 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_filter/pam_filter.8 b/modules/pam_filter/pam_filter.8
-index 7a0735b..c9b2ee7 100644
---- a/modules/pam_filter/pam_filter.8
-+++ b/modules/pam_filter/pam_filter.8
-@@ -166,7 +166,7 @@ to see how to configure login to transpose upper and lower case letters once the
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_filter was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml
index 8015f41..0b85e82 100644
--- a/modules/pam_filter/pam_filter.8.xml
@@ -1245,19 +881,6 @@ index 8015f41..0b85e82 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_ftp/pam_ftp.8 b/modules/pam_ftp/pam_ftp.8
-index e15dda7..c705ea1 100644
---- a/modules/pam_ftp/pam_ftp.8
-+++ b/modules/pam_ftp/pam_ftp.8
-@@ -119,7 +119,7 @@ auth required pam_listfile\&.so \e
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_ftp was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml
index 03f3678..90079d3 100644
--- a/modules/pam_ftp/pam_ftp.8.xml
@@ -1271,19 +894,6 @@ index 03f3678..90079d3 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_group/group.conf.5 b/modules/pam_group/group.conf.5
-index 96009fe..96bb061 100644
---- a/modules/pam_group/group.conf.5
-+++ b/modules/pam_group/group.conf.5
-@@ -115,7 +115,7 @@ xsh; tty* ;%admin;Al0000\-2400;plugdev
- .PP
- \fBpam_group\fR(8),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml
index a8875b3..8d5b2d4 100644
--- a/modules/pam_group/group.conf.5.xml
@@ -1297,19 +907,6 @@ index a8875b3..8d5b2d4 100644
</para>
</refsect1>
-diff --git a/modules/pam_group/pam_group.8 b/modules/pam_group/pam_group.8
-index 959c749..1553f20 100644
---- a/modules/pam_group/pam_group.8
-+++ b/modules/pam_group/pam_group.8
-@@ -103,7 +103,7 @@ Default configuration file
- .PP
- \fBgroup.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)\&.
-+\fBpam\fR(7)\&.
- .SH "AUTHORS"
- .PP
- pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml
index 695a7ba..292ee1c 100644
--- a/modules/pam_group/pam_group.8.xml
@@ -1323,19 +920,6 @@ index 695a7ba..292ee1c 100644
</citerefentry>.
</para>
</refsect1>
-diff --git a/modules/pam_issue/pam_issue.8 b/modules/pam_issue/pam_issue.8
-index fdeed52..745cc42 100644
---- a/modules/pam_issue/pam_issue.8
-+++ b/modules/pam_issue/pam_issue.8
-@@ -152,7 +152,7 @@ to set the user specific issue at login:
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_issue was written by Ben Collins <bcollins@debian\&.org>\&.
diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml
index 20d3245..02b31f6 100644
--- a/modules/pam_issue/pam_issue.8.xml
@@ -1349,19 +933,6 @@ index 20d3245..02b31f6 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_keyinit/pam_keyinit.8 b/modules/pam_keyinit/pam_keyinit.8
-index 5d7b3e4..50e4fe6 100644
---- a/modules/pam_keyinit/pam_keyinit.8
-+++ b/modules/pam_keyinit/pam_keyinit.8
-@@ -137,7 +137,7 @@ This will prevent keys from one session leaking into another session for the sam
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8),
-+\fBpam\fR(7),
- \fBkeyctl\fR(1)
- .SH "AUTHOR"
- .PP
diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml
index 7b0a73b..0bab086 100644
--- a/modules/pam_keyinit/pam_keyinit.8.xml
@@ -1375,21 +946,8 @@ index 7b0a73b..0bab086 100644
</citerefentry>,
<citerefentry>
<refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum>
-diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8
-index 3a85ede..3c161ff 100644
---- a/modules/pam_lastlog/pam_lastlog.8
-+++ b/modules/pam_lastlog/pam_lastlog.8
-@@ -189,7 +189,7 @@ Lastlog logging file
- \fBlimits.conf\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_lastlog was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml
-index 1fd9d9d..7c15b93 100644
+index d990978..d641387 100644
--- a/modules/pam_lastlog/pam_lastlog.8.xml
+++ b/modules/pam_lastlog/pam_lastlog.8.xml
@@ -322,7 +322,7 @@
@@ -1401,21 +959,8 @@ index 1fd9d9d..7c15b93 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5
-index ce0ca35..c9c4187 100644
---- a/modules/pam_limits/limits.conf.5
-+++ b/modules/pam_limits/limits.conf.5
-@@ -351,7 +351,7 @@ ftp hard nproc 0
- .PP
- \fBpam_limits\fR(8),
- \fBpam.d\fR(5),
--\fBpam\fR(8),
-+\fBpam\fR(7),
- \fBgetrlimit\fR(2),
- \fBgetrlimit\fR(3p)
- .SH "AUTHOR"
diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml
-index f6f7d87..d389335 100644
+index 348758a..652e37a 100644
--- a/modules/pam_limits/limits.conf.5.xml
+++ b/modules/pam_limits/limits.conf.5.xml
@@ -350,7 +350,7 @@ ftp hard nproc 0
@@ -1427,19 +972,6 @@ index f6f7d87..d389335 100644
<citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
<citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>3p</manvolnum></citerefentry>
</para>
-diff --git a/modules/pam_limits/pam_limits.8 b/modules/pam_limits/pam_limits.8
-index a3d15f2..f971b64 100644
---- a/modules/pam_limits/pam_limits.8
-+++ b/modules/pam_limits/pam_limits.8
-@@ -146,7 +146,7 @@ Replace "login" for each service you are using this module\&.
- .PP
- \fBlimits.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)\&.
-+\fBpam\fR(7)\&.
- .SH "AUTHORS"
- .PP
- pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com>
diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml
index cca046c..8f026f0 100644
--- a/modules/pam_limits/pam_limits.8.xml
@@ -1453,21 +985,8 @@ index cca046c..8f026f0 100644
</citerefentry>.
</para>
</refsect1>
-diff --git a/modules/pam_listfile/pam_listfile.8 b/modules/pam_listfile/pam_listfile.8
-index 5052664..a23e6e5 100644
---- a/modules/pam_listfile/pam_listfile.8
-+++ b/modules/pam_listfile/pam_listfile.8
-@@ -205,7 +205,7 @@ to the root account\&.
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_listfile was written by Michael K\&. Johnson <johnsonm@redhat\&.com> and Elliot Lee <sopwith@cuc\&.edu>\&.
diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml
-index 8847415..af747c1 100644
+index 40a553d..d74fee1 100644
--- a/modules/pam_listfile/pam_listfile.8.xml
+++ b/modules/pam_listfile/pam_listfile.8.xml
@@ -278,7 +278,7 @@ auth required pam_listfile.so \
@@ -1479,19 +998,6 @@ index 8847415..af747c1 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8
-index 455fdb2..f4f2b29 100644
---- a/modules/pam_localuser/pam_localuser.8
-+++ b/modules/pam_localuser/pam_localuser.8
-@@ -117,7 +117,7 @@ Local user account information\&.
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&.
diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml
index 2002d1d..e4b9e07 100644
--- a/modules/pam_localuser/pam_localuser.8.xml
@@ -1505,19 +1011,6 @@ index 2002d1d..e4b9e07 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_loginuid/pam_loginuid.8 b/modules/pam_loginuid/pam_loginuid.8
-index 32f1b54..70669a2 100644
---- a/modules/pam_loginuid/pam_loginuid.8
-+++ b/modules/pam_loginuid/pam_loginuid.8
-@@ -85,7 +85,7 @@ session required pam_loginuid\&.so
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8),
-+\fBpam\fR(7),
- \fBauditctl\fR(8),
- \fBauditd\fR(8)
- .SH "AUTHOR"
diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml
index d5285f0..1beba98 100644
--- a/modules/pam_loginuid/pam_loginuid.8.xml
@@ -1531,19 +1024,6 @@ index d5285f0..1beba98 100644
</citerefentry>,
<citerefentry>
<refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum>
-diff --git a/modules/pam_mail/pam_mail.8 b/modules/pam_mail/pam_mail.8
-index 36b95ba..ae4b890 100644
---- a/modules/pam_mail/pam_mail.8
-+++ b/modules/pam_mail/pam_mail.8
-@@ -153,7 +153,7 @@ session optional pam_mail\&.so standard
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_mail was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_mail/pam_mail.8.xml b/modules/pam_mail/pam_mail.8.xml
index 2c0c054..9b4ce36 100644
--- a/modules/pam_mail/pam_mail.8.xml
@@ -1557,19 +1037,6 @@ index 2c0c054..9b4ce36 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8 b/modules/pam_mkhomedir/pam_mkhomedir.8
-index 112b39b..6962971 100644
---- a/modules/pam_mkhomedir/pam_mkhomedir.8
-+++ b/modules/pam_mkhomedir/pam_mkhomedir.8
-@@ -129,7 +129,7 @@ A sample /etc/pam\&.d/login file:
- .SH "SEE ALSO"
- .PP
- \fBpam.d\fR(5),
--\fBpam\fR(8)\&.
-+\fBpam\fR(7)\&.
- .SH "AUTHOR"
- .PP
- pam_mkhomedir was written by Jason Gunthorpe <jgg@debian\&.org>\&.
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml
index ad95724..25f5497 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml
@@ -1583,19 +1050,6 @@ index ad95724..25f5497 100644
</citerefentry>.
</para>
</refsect1>
-diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8
-index b1a70c0..3f65bb5 100644
---- a/modules/pam_motd/pam_motd.8
-+++ b/modules/pam_motd/pam_motd.8
-@@ -185,7 +185,7 @@ session optional pam_motd\&.so motd=/elsewhere/motd motd_dir=/elsewhere/motd\&
- \fBmotd\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_motd was written by Ben Collins <bcollins@debian\&.org>\&.
diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml
index 7442037..2fc5310 100644
--- a/modules/pam_motd/pam_motd.8.xml
@@ -1609,24 +1063,11 @@ index 7442037..2fc5310 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_namespace/namespace.conf.5 b/modules/pam_namespace/namespace.conf.5
-index cf2509c..e4e8cfd 100644
---- a/modules/pam_namespace/namespace.conf.5
-+++ b/modules/pam_namespace/namespace.conf.5
-@@ -162,7 +162,7 @@ This module also depends on pam_selinux\&.so setting the context\&.
- .PP
- \fBpam_namespace\fR(8),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHORS"
- .PP
- The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&. More features added by Tomas Mraz <tmraz@redhat\&.com>\&.
diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml
-index d398639..dcf6973 100644
+index 54f9431..15aef5c 100644
--- a/modules/pam_namespace/namespace.conf.5.xml
+++ b/modules/pam_namespace/namespace.conf.5.xml
-@@ -222,7 +222,7 @@
+@@ -226,7 +226,7 @@
<para>
<citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@@ -1635,24 +1076,11 @@ index d398639..dcf6973 100644
</para>
</refsect1>
-diff --git a/modules/pam_namespace/pam_namespace.8 b/modules/pam_namespace/pam_namespace.8
-index 3c9e9b3..d69f9fd 100644
---- a/modules/pam_namespace/pam_namespace.8
-+++ b/modules/pam_namespace/pam_namespace.8
-@@ -148,7 +148,7 @@ To use polyinstantiation with graphical display manager gdm, please refer to gdm
- \fBnamespace.conf\fR(5),
- \fBpam.d\fR(5),
- \fBmount\fR(8),
--\fBpam\fR(8)\&.
-+\fBpam\fR(7)\&.
- .SH "AUTHORS"
- .PP
- The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai <janak@us\&.ibm\&.com>, Chad Sellers <csellers@tresys\&.com> and Steve Grubb <sgrubb@redhat\&.com>\&. Additional improvements by Xavier Toth <txtoth@gmail\&.com> and Tomas Mraz <tmraz@redhat\&.com>\&.
diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml
-index 598037a..954093d 100644
+index a866d2e..0896372 100644
--- a/modules/pam_namespace/pam_namespace.8.xml
+++ b/modules/pam_namespace/pam_namespace.8.xml
-@@ -389,7 +389,7 @@
+@@ -392,7 +392,7 @@
<refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
@@ -1661,19 +1089,6 @@ index 598037a..954093d 100644
</citerefentry>.
</para>
</refsect1>
-diff --git a/modules/pam_nologin/pam_nologin.8 b/modules/pam_nologin/pam_nologin.8
-index ceb0237..c5df1b7 100644
---- a/modules/pam_nologin/pam_nologin.8
-+++ b/modules/pam_nologin/pam_nologin.8
-@@ -124,7 +124,7 @@ modules would lead to a successful login because the nologin module
- \fBnologin\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&.
diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml
index 1ea725c..1cc721a 100644
--- a/modules/pam_nologin/pam_nologin.8.xml
@@ -1687,19 +1102,6 @@ index 1ea725c..1cc721a 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_permit/pam_permit.8 b/modules/pam_permit/pam_permit.8
-index 5b1881f..5432b75 100644
---- a/modules/pam_permit/pam_permit.8
-+++ b/modules/pam_permit/pam_permit.8
-@@ -78,7 +78,7 @@ account required pam_permit\&.so
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_permit was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&.
diff --git a/modules/pam_permit/pam_permit.8.xml b/modules/pam_permit/pam_permit.8.xml
index 0634e5e..9e6c7d0 100644
--- a/modules/pam_permit/pam_permit.8.xml
@@ -1713,19 +1115,6 @@ index 0634e5e..9e6c7d0 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_pwhistory/pam_pwhistory.8 b/modules/pam_pwhistory/pam_pwhistory.8
-index df95ee3..e430bcd 100644
---- a/modules/pam_pwhistory/pam_pwhistory.8
-+++ b/modules/pam_pwhistory/pam_pwhistory.8
-@@ -179,7 +179,7 @@ Config file for pam_pwhistory options
- \fBpwhistory.conf\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- \fBpam_get_authtok\fR(3)
- .SH "AUTHOR"
- .PP
diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
index d83d8d9..a5185fc 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -1739,19 +1128,6 @@ index d83d8d9..a5185fc 100644
</citerefentry>
<citerefentry>
<refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum>
-diff --git a/modules/pam_rhosts/pam_rhosts.8 b/modules/pam_rhosts/pam_rhosts.8
-index 36077de..327ad22 100644
---- a/modules/pam_rhosts/pam_rhosts.8
-+++ b/modules/pam_rhosts/pam_rhosts.8
-@@ -122,7 +122,7 @@ auth required pam_unix\&.so
- \fBrhosts\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\&.de>
diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml
index b8a5c1c..41d541c 100644
--- a/modules/pam_rhosts/pam_rhosts.8.xml
@@ -1765,19 +1141,6 @@ index b8a5c1c..41d541c 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8
-index 5fc021f..984cadd 100644
---- a/modules/pam_rootok/pam_rootok.8
-+++ b/modules/pam_rootok/pam_rootok.8
-@@ -100,7 +100,7 @@ auth required pam_unix\&.so
- \fBsu\fR(1),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&.
diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml
index a79c073..f30ad37 100644
--- a/modules/pam_rootok/pam_rootok.8.xml
@@ -1791,19 +1154,6 @@ index a79c073..f30ad37 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8
-index ca90438..95804fb 100644
---- a/modules/pam_securetty/pam_securetty.8
-+++ b/modules/pam_securetty/pam_securetty.8
-@@ -134,7 +134,7 @@ auth required pam_unix\&.so
- \fBsecuretty\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_securetty was written by Elliot Lee <sopwith@cuc\&.edu>\&.
diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml
index 9038f5b..fcf0e88 100644
--- a/modules/pam_securetty/pam_securetty.8.xml
@@ -1817,34 +1167,6 @@ index 9038f5b..fcf0e88 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_selinux/pam_selinux.8 b/modules/pam_selinux/pam_selinux.8
-index 260bc47..12fe015 100644
---- a/modules/pam_selinux/pam_selinux.8
-+++ b/modules/pam_selinux/pam_selinux.8
-@@ -2,12 +2,12 @@
- .\" Title: pam_selinux
- .\" Author: [see the "AUTHOR" section]
- .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
--.\" Date: 05/07/2023
-+.\" Date: 09/13/2023
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM
- .\" Language: English
- .\"
--.TH "PAM_SELINUX" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
-+.TH "PAM_SELINUX" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual"
- .\" -----------------------------------------------------------------
- .\" * Define some portability stuff
- .\" -----------------------------------------------------------------
-@@ -144,7 +144,7 @@ session optional pam_selinux\&.so
- \fBexecve\fR(2),
- \fBtty\fR(4),
- \fBpam.d\fR(5),
--\fBpam\fR(8),
-+\fBpam\fR(7),
- \fBselinux\fR(8)
- .SH "AUTHOR"
- .PP
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml
index 3aa632c..7ec5daf 100644
--- a/modules/pam_selinux/pam_selinux.8.xml
@@ -1858,21 +1180,8 @@ index 3aa632c..7ec5daf 100644
</citerefentry>,
<citerefentry>
<refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum>
-diff --git a/modules/pam_sepermit/pam_sepermit.8 b/modules/pam_sepermit/pam_sepermit.8
-index f47f4a8..3270746 100644
---- a/modules/pam_sepermit/pam_sepermit.8
-+++ b/modules/pam_sepermit/pam_sepermit.8
-@@ -124,7 +124,7 @@ session required pam_permit\&.so
- \fBsepermit.conf\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- \fBselinux\fR(8)
- .SH "AUTHOR"
- .PP
diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml
-index 791d2bb..1ead429 100644
+index 114864a..9efb204 100644
--- a/modules/pam_sepermit/pam_sepermit.8.xml
+++ b/modules/pam_sepermit/pam_sepermit.8.xml
@@ -177,7 +177,7 @@ session required pam_permit.so
@@ -1884,19 +1193,6 @@ index 791d2bb..1ead429 100644
</citerefentry>
<citerefentry>
<refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum>
-diff --git a/modules/pam_sepermit/sepermit.conf.5 b/modules/pam_sepermit/sepermit.conf.5
-index e2b1736..d2cd381 100644
---- a/modules/pam_sepermit/sepermit.conf.5
-+++ b/modules/pam_sepermit/sepermit.conf.5
-@@ -110,7 +110,7 @@ These are some example lines which might be specified in
- .PP
- \fBpam_sepermit\fR(8),
- \fBpam.d\fR(5),
--\fBpam\fR(8),
-+\fBpam\fR(7),
- \fBselinux\fR(8),
- .SH "AUTHOR"
- .PP
diff --git a/modules/pam_sepermit/sepermit.conf.5.xml b/modules/pam_sepermit/sepermit.conf.5.xml
index ff924ce..1f1dcae 100644
--- a/modules/pam_sepermit/sepermit.conf.5.xml
@@ -1910,24 +1206,11 @@ index ff924ce..1f1dcae 100644
<citerefentry><refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
</para>
</refsect1>
-diff --git a/modules/pam_shells/pam_shells.8 b/modules/pam_shells/pam_shells.8
-index af3dc66..7962bad 100644
---- a/modules/pam_shells/pam_shells.8
-+++ b/modules/pam_shells/pam_shells.8
-@@ -84,7 +84,7 @@ auth required pam_shells\&.so
- \fBshells\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_shells was written by Erik Troan <ewt@redhat\&.com>\&.
diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml
-index b9f90e9..bff889f 100644
+index e1b35a3..7889702 100644
--- a/modules/pam_shells/pam_shells.8.xml
+++ b/modules/pam_shells/pam_shells.8.xml
-@@ -107,7 +107,7 @@ auth required pam_shells.so
+@@ -115,7 +115,7 @@ auth required pam_shells.so
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -1936,19 +1219,6 @@ index b9f90e9..bff889f 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_succeed_if/pam_succeed_if.8 b/modules/pam_succeed_if/pam_succeed_if.8
-index e61af0c..98a9d85 100644
---- a/modules/pam_succeed_if/pam_succeed_if.8
-+++ b/modules/pam_succeed_if/pam_succeed_if.8
-@@ -220,7 +220,7 @@ type required othermodule\&.so arguments\&.\&.\&.
- .SH "SEE ALSO"
- .PP
- \fBglob\fR(7),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- Nalin Dahyabhai <nalin@redhat\&.com>
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml
index 90fd114..b8f65e7 100644
--- a/modules/pam_succeed_if/pam_succeed_if.8.xml
@@ -1962,19 +1232,6 @@ index 90fd114..b8f65e7 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_time/pam_time.8 b/modules/pam_time/pam_time.8
-index 48c7ffc..13a53ef 100644
---- a/modules/pam_time/pam_time.8
-+++ b/modules/pam_time/pam_time.8
-@@ -116,7 +116,7 @@ login account required pam_time\&.so
- .PP
- \fBtime.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)\&.
-+\fBpam\fR(7)\&.
- .SH "AUTHOR"
- .PP
- pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml
index 1fa60a1..748bcd1 100644
--- a/modules/pam_time/pam_time.8.xml
@@ -1988,19 +1245,6 @@ index 1fa60a1..748bcd1 100644
</citerefentry>.
</para>
</refsect1>
-diff --git a/modules/pam_time/time.conf.5 b/modules/pam_time/time.conf.5
-index c68dfa7..9064977 100644
---- a/modules/pam_time/time.conf.5
-+++ b/modules/pam_time/time.conf.5
-@@ -109,7 +109,7 @@ games ; * ; !waster ; Wd0000\-2400 | Wk1800\-0800
- .PP
- \fBpam_time\fR(8),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml
index 3fe263d..30c9a92 100644
--- a/modules/pam_time/time.conf.5.xml
@@ -2014,19 +1258,6 @@ index 3fe263d..30c9a92 100644
</para>
</refsect1>
-diff --git a/modules/pam_timestamp/pam_timestamp.8 b/modules/pam_timestamp/pam_timestamp.8
-index a7b7e1c..347724b 100644
---- a/modules/pam_timestamp/pam_timestamp.8
-+++ b/modules/pam_timestamp/pam_timestamp.8
-@@ -124,7 +124,7 @@ timestamp files and directories
- \fBpam_timestamp_check\fR(8),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_timestamp was written by Nalin Dahyabhai\&.
diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml
index a763ad8..e6b2df7 100644
--- a/modules/pam_timestamp/pam_timestamp.8.xml
@@ -2040,21 +1271,8 @@ index a763ad8..e6b2df7 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_timestamp/pam_timestamp_check.8 b/modules/pam_timestamp/pam_timestamp_check.8
-index 3425a36..f19a225 100644
---- a/modules/pam_timestamp/pam_timestamp_check.8
-+++ b/modules/pam_timestamp/pam_timestamp_check.8
-@@ -127,7 +127,7 @@ timestamp files and directories
- \fBpam_timestamp_check\fR(8),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_timestamp was written by Nalin Dahyabhai\&.
diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml
-index f0c0956..e947f75 100644
+index 7f850ae..7a7770a 100644
--- a/modules/pam_timestamp/pam_timestamp_check.8.xml
+++ b/modules/pam_timestamp/pam_timestamp_check.8.xml
@@ -189,7 +189,7 @@ session optional pam_timestamp.so
@@ -2066,19 +1284,6 @@ index f0c0956..e947f75 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_tty_audit/pam_tty_audit.8 b/modules/pam_tty_audit/pam_tty_audit.8
-index ada11ae..2ba5335 100644
---- a/modules/pam_tty_audit/pam_tty_audit.8
-+++ b/modules/pam_tty_audit/pam_tty_audit.8
-@@ -129,7 +129,7 @@ session required pam_tty_audit\&.so disable=* enable=root
- \fBaureport\fR(8),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_tty_audit was written by Miloslav Trmač <mitr@redhat\&.com>\&. The log_passwd option was added by Richard Guy Briggs <rgb@redhat\&.com>\&.
diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml
index b46bbf7..79d8115 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8.xml
@@ -2092,24 +1297,11 @@ index b46bbf7..79d8115 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_umask/pam_umask.8 b/modules/pam_umask/pam_umask.8
-index 741c316..c7636e2 100644
---- a/modules/pam_umask/pam_umask.8
-+++ b/modules/pam_umask/pam_umask.8
-@@ -170,7 +170,7 @@ to set the user specific umask at login:
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&.
diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml
-index 0527667..acb3bc0 100644
+index d2cead4..54a44ef 100644
--- a/modules/pam_umask/pam_umask.8.xml
+++ b/modules/pam_umask/pam_umask.8.xml
-@@ -243,7 +243,7 @@
+@@ -245,7 +245,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -2118,21 +1310,8 @@ index 0527667..acb3bc0 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
-index 6f5f19b..07f8308 100644
---- a/modules/pam_unix/pam_unix.8
-+++ b/modules/pam_unix/pam_unix.8
-@@ -310,7 +310,7 @@ session required pam_unix\&.so
- \fBlogin.defs\fR(5),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_unix was written by various people\&.
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
-index 4e63a49..a025c0e 100644
+index d02320b..7e4fd5d 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -556,7 +556,7 @@ session required pam_unix.so
@@ -2144,19 +1323,6 @@ index 4e63a49..a025c0e 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_userdb/pam_userdb.8 b/modules/pam_userdb/pam_userdb.8
-index c639772..a2493b5 100644
---- a/modules/pam_userdb/pam_userdb.8
-+++ b/modules/pam_userdb/pam_userdb.8
-@@ -152,7 +152,7 @@ auth sufficient pam_userdb\&.so icase db=/etc/dbtest
- \fBcrypt\fR(3),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&.
diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml
index 0f96410..86ba895 100644
--- a/modules/pam_userdb/pam_userdb.8.xml
@@ -2170,19 +1336,6 @@ index 0f96410..86ba895 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_warn/pam_warn.8 b/modules/pam_warn/pam_warn.8
-index 3e507d7..0138c70 100644
---- a/modules/pam_warn/pam_warn.8
-+++ b/modules/pam_warn/pam_warn.8
-@@ -83,7 +83,7 @@ other session required pam_deny\&.so
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_warn was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
diff --git a/modules/pam_warn/pam_warn.8.xml b/modules/pam_warn/pam_warn.8.xml
index a20c5f7..a69e1d6 100644
--- a/modules/pam_warn/pam_warn.8.xml
@@ -2196,55 +1349,6 @@ index a20c5f7..a69e1d6 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8
-index 8077e81..ca687e5 100644
---- a/modules/pam_wheel/pam_wheel.8
-+++ b/modules/pam_wheel/pam_wheel.8
-@@ -2,12 +2,12 @@
- .\" Title: pam_wheel
- .\" Author: [see the "AUTHOR" section]
- .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
--.\" Date: 05/07/2023
-+.\" Date: 09/13/2023
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM
- .\" Language: English
- .\"
--.TH "PAM_WHEEL" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
-+.TH "PAM_WHEEL" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual"
- .\" -----------------------------------------------------------------
- .\" * Define some portability stuff
- .\" -----------------------------------------------------------------
-@@ -31,7 +31,7 @@
- pam_wheel \- Only permit root access to members of group wheel
- .SH "SYNOPSIS"
- .HP \w'\fBpam_wheel\&.so\fR\ 'u
--\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
-+\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust]
- .SH "DESCRIPTION"
- .PP
- The pam_wheel PAM module is used to enforce the so\-called
-@@ -72,11 +72,6 @@ trust
- .RS 4
- The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&.
- .RE
--.PP
--use_uid
--.RS 4
--The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&.
--.RE
- .SH "MODULE TYPES PROVIDED"
- .PP
- The
-@@ -141,7 +136,7 @@ su auth required pam_unix\&.so
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&.
diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml
index b42e27d..86f2828 100644
--- a/modules/pam_wheel/pam_wheel.8.xml
@@ -2258,19 +1362,6 @@ index b42e27d..86f2828 100644
</citerefentry>
</para>
</refsect1>
-diff --git a/modules/pam_xauth/pam_xauth.8 b/modules/pam_xauth/pam_xauth.8
-index 31c9074..e6f23c1 100644
---- a/modules/pam_xauth/pam_xauth.8
-+++ b/modules/pam_xauth/pam_xauth.8
-@@ -177,7 +177,7 @@ XXX
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_xauth was written by Nalin Dahyabhai <nalin@redhat\&.com>, based on original version by Michael K\&. Johnson <johnsonm@redhat\&.com>\&.
diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml
index f5fc5a3..214226b 100644
--- a/modules/pam_xauth/pam_xauth.8.xml
diff --git a/debian/patches/fix-autoreconf.patch b/debian/patches/fix-autoreconf.patch
deleted file mode 100644
index 927a0473..00000000
--- a/debian/patches/fix-autoreconf.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Andreas Henriksson <andreas@fatal.se>
-Date: Thu, 8 Nov 2018 19:09:21 +0100
-Subject: fix-autoreconf.patch
-
-Do not override user variables in Makefile.am, see the
-"Flag Variables Ordering" section of the automake manual.
----
- doc/specs/Makefile.am | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am
-index 58e14b3..2ebd980 100644
---- a/doc/specs/Makefile.am
-+++ b/doc/specs/Makefile.am
-@@ -12,9 +12,9 @@ draft-morgan-pam-current.txt: padout draft-morgan-pam.raw
- AM_YFLAGS = -d
-
- CC = @CC_FOR_BUILD@
--CPPFLAGS = @BUILD_CPPFLAGS@
--CFLAGS = @BUILD_CFLAGS@
--LDFLAGS = @BUILD_LDFLAGS@
-+AM_CPPFLAGS = @BUILD_CPPFLAGS@
-+AM_CFLAGS = @BUILD_CFLAGS@
-+AM_LDFLAGS = @BUILD_LDFLAGS@
-
- padout_CFLAGS = $(WARN_CFLAGS) -Wno-unused-function -Wno-sign-compare
-
diff --git a/debian/patches/ftbfs-implicit-function-declaration b/debian/patches/ftbfs-implicit-function-declaration
deleted file mode 100644
index c79aff51..00000000
--- a/debian/patches/ftbfs-implicit-function-declaration
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Sam Hartman <hartmans@debian.org>
-Date: Mon, 8 Apr 2024 15:40:35 -0600
-Subject: Fix FTBFS when built with -Werror=implicit-function-declaration
-
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/2055453
-Forwarded: no
-Last-Update: 2024-02-29
----
- modules/pam_unix/support.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
-index e15ee98..9c065c5 100644
---- a/modules/pam_unix/support.h
-+++ b/modules/pam_unix/support.h
-@@ -6,6 +6,7 @@
- #define _PAM_UNIX_SUPPORT_H
-
- #include <pwd.h>
-+#include "libpam/include/pam_inline.h"
-
- /*
- * File to read value of ENCRYPT_METHOD from.
diff --git a/debian/patches/lib_security_multiarch_compat b/debian/patches/lib_security_multiarch_compat
index 0e7ada42..fb878a41 100644
--- a/debian/patches/lib_security_multiarch_compat
+++ b/debian/patches/lib_security_multiarch_compat
@@ -15,18 +15,22 @@ currently abusing the existing variables and inverting their meaning in
order to get everything installed where we want it and get absolute paths
the way we want them.
---
- libpam/pam_handlers.c | 34 ++++++++++++++++++++++------------
- 1 file changed, 22 insertions(+), 12 deletions(-)
+ libpam/pam_handlers.c | 40 +++++++++++++++++++++++++---------------
+ 1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
-index c7045d2..dc5f81f 100644
+index 1df5e40..9838fb2 100644
--- a/libpam/pam_handlers.c
+++ b/libpam/pam_handlers.c
-@@ -737,7 +737,27 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type)
+@@ -667,10 +667,30 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type)
+ /* Be pessimistic... */
success = PAM_ABORT;
- D(("_pam_load_module: _pam_dlopen(%s)", mod_path));
+- D(("_pam_dlopen(%s)", mod_path));
- mod->dl_handle = _pam_dlopen(mod_path);
+- D(("_pam_dlopen'ed"));
+- D(("dlopen'ed"));
++ D(("_pam_load_module: _pam_dlopen(%s)", mod_path));
+ if (mod_path[0] == '/') {
+ mod->dl_handle = _pam_dlopen(mod_path);
+ } else {
@@ -48,10 +52,12 @@ index c7045d2..dc5f81f 100644
+ }
+ }
+ }
- D(("_pam_load_module: _pam_dlopen'ed"));
- D(("_pam_load_module: dlopen'ed"));
++ D(("_pam_load_module: _pam_dlopen'ed"));
++ D(("_pam_load_module: dlopen'ed"));
if (mod->dl_handle == NULL) {
-@@ -814,7 +834,6 @@ int _pam_add_handler(pam_handle_t *pamh
+ const char *isa = strstr(mod_path, "$ISA");
+ size_t isa_len = strlen("$ISA");
+@@ -736,7 +756,6 @@ static int _pam_add_handler(pam_handle_t *pamh
struct handler **handler_p2;
struct handlers *the_handlers;
const char *sym, *sym2;
@@ -59,7 +65,7 @@ index c7045d2..dc5f81f 100644
servicefn func, func2;
int mod_type = PAM_MT_FAULTY_MOD;
-@@ -826,16 +845,7 @@ int _pam_add_handler(pam_handle_t *pamh
+@@ -748,16 +767,7 @@ static int _pam_add_handler(pam_handle_t *pamh
if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) &&
mod_path != NULL) {
diff --git a/debian/patches/make_documentation_reproducible.patch b/debian/patches/make_documentation_reproducible.patch
index 105766a9..60231c8d 100644
--- a/debian/patches/make_documentation_reproducible.patch
+++ b/debian/patches/make_documentation_reproducible.patch
@@ -2,24 +2,58 @@ From: "jumapico@gmail.com" <jumapico@gmail.com>
Date: Mon, 11 Sep 2023 14:00:42 -0600
Subject: Make documentation reproducible
-Last-Update: 2019-01-06
-
-Add LC_ALL=C.UTF-8 to w3m to avoid changes in the output when build the
+Add LC_ALL=C.UTF-8 to w3m to avoid changes in the output when building the
documentation with different locales.
+Updated for meson build system.
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ doc/guide-meson.build | 1 +
+ meson.build | 4 +++-
+ modules/module-meson.build | 1 +
+ 3 files changed, 5 insertions(+), 1 deletion(-)
-diff --git a/configure.ac b/configure.ac
-index b9b0f83..5f11912 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -647,7 +647,7 @@ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl-ns/current/manp
+diff --git a/doc/guide-meson.build b/doc/guide-meson.build
+index e29d16e..9c40cf0 100644
+--- a/doc/guide-meson.build
++++ b/doc/guide-meson.build
+@@ -50,6 +50,7 @@ custom_target(
+ '@OUTPUT@',
+ browser,
+ ],
++ env:docs_env,
+ install: true,
+ install_dir: docdir,
+ install_tag: 'doc',
+diff --git a/meson.build b/meson.build
+index 2be2128..871f26a 100644
+--- a/meson.build
++++ b/meson.build
+@@ -473,6 +473,8 @@ endif
- AC_PATH_PROG([BROWSER], [w3m])
- if test -n "$BROWSER"; then
-- BROWSER="$BROWSER -T text/html -dump"
-+ BROWSER="LC_ALL=C.UTF-8 $BROWSER -T text/html -dump"
- else
- AC_PATH_PROG([BROWSER], [elinks])
- if test -n "$BROWSER"; then
+ feature_docs = get_option('docs')
+ enable_docs = not feature_docs.disabled()
++docs_env = environment()
++docs_env.set('LC_ALL', 'C.UTF-8')
+ if enable_docs
+ prog_xsltproc = find_program(
+ 'xsltproc',
+@@ -489,7 +491,7 @@ if enable_docs
+ required: false,
+ )
+ if prog_w3m.found()
+- browser = [prog_w3m, '-T', 'text/html', '-dump']
++ browser = [ prog_w3m, '-T', 'text/html', '-dump']
+ else
+ prog_elinks = find_program(
+ 'elinks',
+diff --git a/modules/module-meson.build b/modules/module-meson.build
+index acb7087..d55dad2 100644
+--- a/modules/module-meson.build
++++ b/modules/module-meson.build
+@@ -245,6 +245,7 @@ custom_target(
+ '@INPUT@',
+ '@OUTPUT@',
+ browser],
++ env:docs_env,
+ install: true,
+ install_dir: docdir / 'modules',
+ install_tag: 'doc',
diff --git a/debian/patches/no_PATH_MAX_on_hurd b/debian/patches/no_PATH_MAX_on_hurd
deleted file mode 100644
index 6c20ab8c..00000000
--- a/debian/patches/no_PATH_MAX_on_hurd
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Steve Langasek <vorlon@debian.org>
-Date: Mon, 11 Sep 2023 14:00:42 -0600
-Subject: define PATH_MAX for compatibility when it's not already set
-
-Bug-Debian: http://bugs.debian.org/552043
-
-Some platforms, such as the Hurd, don't set PATH_MAX. Set a reasonable
-default value in this case.
----
- tests/tst-dlopen.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c
-index 7092716..535ee1c 100644
---- a/tests/tst-dlopen.c
-+++ b/tests/tst-dlopen.c
-@@ -16,6 +16,11 @@
- #include <limits.h>
- #include <sys/stat.h>
-
-+/* Hurd compatibility */
-+#ifndef PATH_MAX
-+#define PATH_MAX 4096
-+#endif
-+
- /* Simple program to see if dlopen() would succeed. */
- int main(int argc, char **argv)
- {
diff --git a/debian/patches/nullok_secure-compat.patch b/debian/patches/nullok_secure-compat.patch
index a69cd05e..3d83aeb6 100644
--- a/debian/patches/nullok_secure-compat.patch
+++ b/debian/patches/nullok_secure-compat.patch
@@ -8,10 +8,10 @@ Last-Update: 2020-08-11
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
-index 91e7478..e15ee98 100644
+index 425ff66..4d52825 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
-@@ -102,8 +102,9 @@ typedef struct {
+@@ -103,8 +103,9 @@ typedef struct {
#define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */
#define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */
#define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */
@@ -22,7 +22,7 @@ index 91e7478..e15ee98 100644
#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl))
-@@ -147,6 +148,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
+@@ -148,6 +149,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1},
/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0},
/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0},
diff --git a/debian/patches/pam-limits-nofile-fd-setsize-cap b/debian/patches/pam-limits-nofile-fd-setsize-cap
index 866ff1e3..d75fec95 100644
--- a/debian/patches/pam-limits-nofile-fd-setsize-cap
+++ b/debian/patches/pam-limits-nofile-fd-setsize-cap
@@ -45,12 +45,12 @@ Last-Update: 2015-04-22
1 file changed, 8 insertions(+)
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
-index adda08b..a58d424 100644
+index 7e2d93d..2603028 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
-@@ -459,6 +459,14 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
- pl->limits[i].src_hard = LIMITS_DEF_KERNEL;
+@@ -539,6 +539,14 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
}
+ free(line);
fclose(limitsfile);
+
+ /* Cap the default soft nofile limit read from pid 1 to FD_SETSIZE
@@ -61,5 +61,5 @@ index adda08b..a58d424 100644
+ pl->limits[RLIMIT_NOFILE].limit.rlim_cur = FD_SETSIZE;
+ }
}
+ #endif
- static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
diff --git a/debian/patches/pam_mkhomedir_stat_before_opendir b/debian/patches/pam_mkhomedir_stat_before_opendir
index 50026225..dddd5278 100644
--- a/debian/patches/pam_mkhomedir_stat_before_opendir
+++ b/debian/patches/pam_mkhomedir_stat_before_opendir
@@ -8,18 +8,18 @@ Subject: pam_mkhomedir_stat_before_opendir
1 file changed, 7 insertions(+)
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
-index 3213f02..643d5d0 100644
+index eefb599..fa9089d 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.c
+++ b/modules/pam_mkhomedir/mkhomedir_helper.c
-@@ -39,6 +39,7 @@ create_homedir(const struct passwd *pwd,
- DIR *d;
+@@ -271,6 +271,7 @@ create_homedir(struct dir_spec *parent, const struct passwd *pwd,
struct dirent *dent;
+ struct dir_spec base;
int retval = PAM_SESSION_ERR;
+ struct stat stat_buf;
/* Create the new directory */
- if (mkdir(dest, 0700) && errno != EEXIST)
-@@ -54,6 +55,12 @@ create_homedir(const struct passwd *pwd,
+ if (mkdirat(parent->fd, dest, 0700))
+@@ -295,6 +296,12 @@ create_homedir(struct dir_spec *parent, const struct passwd *pwd,
goto go_out;
}
diff --git a/debian/patches/pam_namespace_o_directory b/debian/patches/pam_namespace_o_directory
deleted file mode 100644
index f8838223..00000000
--- a/debian/patches/pam_namespace_o_directory
+++ /dev/null
@@ -1,58 +0,0 @@
-From: Sam Hartman <hartmans@debian.org>
-Date: Fri, 2 Feb 2024 11:38:09 -0700
-Subject: From: Matthias Gerstner <matthias.gerstner@suse.de> Date: Wed,
- 27 Dec 2023 14:01:59 +0100 Subject: pam_namespace: protect_dir(): use
- O_DIRECTORY to prevent local DoS situations Origin:
- https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
- Bug-Debian: https://bugs.debian.org/1061097 Bug-Debian-Security:
- https://security-tracker.debian.org/tracker/CVE-2024-22365
-
-Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs
-being placed in user controlled directories, causing the PAM module to
-block indefinitely during `openat()`.
-
-Pass O_DIRECTORY to cause the `openat()` to fail if the path does not
-refer to a directory.
-
-With this the check whether the final path element is a directory
-becomes unnecessary, drop it.
----
- modules/pam_namespace/pam_namespace.c | 18 +-----------------
- 1 file changed, 1 insertion(+), 17 deletions(-)
-
-diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
-index f34ce93..ef85644 100644
---- a/modules/pam_namespace/pam_namespace.c
-+++ b/modules/pam_namespace/pam_namespace.c
-@@ -1194,7 +1194,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir,
- int dfd = AT_FDCWD;
- int dfd_next;
- int save_errno;
-- int flags = O_RDONLY;
-+ int flags = O_RDONLY | O_DIRECTORY;
- int rv = -1;
- struct stat st;
-
-@@ -1248,22 +1248,6 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir,
- rv = openat(dfd, dir, flags);
- }
-
-- if (rv != -1) {
-- if (fstat(rv, &st) != 0) {
-- save_errno = errno;
-- close(rv);
-- rv = -1;
-- errno = save_errno;
-- goto error;
-- }
-- if (!S_ISDIR(st.st_mode)) {
-- close(rv);
-- errno = ENOTDIR;
-- rv = -1;
-- goto error;
-- }
-- }
--
- if (flags & O_NOFOLLOW) {
- /* we are inside user-owned dir - protect */
- if (protect_mount(rv, p, idata) == -1) {
diff --git a/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch
deleted file mode 100644
index 5a94c25d..00000000
--- a/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Sam Hartman <hartmans@debian.org>
-Date: Mon, 11 Sep 2023 14:00:42 -0600
-Subject: pam_unix_dont_trust_chkpwd_caller
-
-Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd
-helper could be sgid shadow instead of suid root, as it is in Debian and
-Ubuntu by default. Drop any sgid bits as well.
-
-Authors: Steve Langasek <vorlon@debian.org>,
- Michael Spang <mspang@csclub.uwaterloo.ca>
-
-Upstream status: to be submitted
----
- modules/pam_unix/unix_chkpwd.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
-index 556a2e2..5e7b571 100644
---- a/modules/pam_unix/unix_chkpwd.c
-+++ b/modules/pam_unix/unix_chkpwd.c
-@@ -138,9 +138,10 @@ int main(int argc, char *argv[])
- /* if the caller specifies the username, verify that user
- matches it */
- if (user == NULL || strcmp(user, argv[1])) {
-+ gid_t gid = getgid();
- user = argv[1];
- /* no match -> permanently change to the real user and proceed */
-- if (setuid(getuid()) != 0)
-+ if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0)
- return PAM_AUTH_ERR;
- }
- }
diff --git a/debian/patches/series b/debian/patches/series
index 590e2847..269d7690 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,8 +1,6 @@
-pam_unix_dont_trust_chkpwd_caller.patch
make_documentation_reproducible.patch
0003-pam_unix-obscure-checks.patch
022_pam_unix_group_time_miscfixes
-026_pam_unix_passwd_unknown_user
031_pam_include
036_pam_wheel_getlogin_considered_harmful
027_pam_limits_better_init_allow_explicit_root
@@ -15,9 +13,6 @@ hurd_no_setfsuid
PAM-manpage-section
update-motd
lib_security_multiarch_compat
-no_PATH_MAX_on_hurd
-fix-autoreconf.patch
nullok_secure-compat.patch
pam_mkhomedir_stat_before_opendir
-pam_namespace_o_directory
-ftbfs-implicit-function-declaration
+0018-Libpam-is-both-shared-and-static.patch
diff --git a/debian/patches/update-motd b/debian/patches/update-motd
index fc9c9d8d..fa515cea 100644
--- a/debian/patches/update-motd
+++ b/debian/patches/update-motd
@@ -10,45 +10,10 @@ Last-Update: 2019-02-12
Forwarded: no
Bug-Ubuntu: https://bugs.launchpad.net/bugs/399071
---
- modules/pam_motd/README | 4 ++++
- modules/pam_motd/pam_motd.8 | 7 +++++++
modules/pam_motd/pam_motd.8.xml | 11 +++++++++++
modules/pam_motd/pam_motd.c | 18 ++++++++++++++++++
- 4 files changed, 40 insertions(+)
+ 2 files changed, 29 insertions(+)
-diff --git a/modules/pam_motd/README b/modules/pam_motd/README
-index 01bc64e..375ec80 100644
---- a/modules/pam_motd/README
-+++ b/modules/pam_motd/README
-@@ -52,6 +52,10 @@ motd_dir=/path/dirname.d
- colon-separated list. By default this option is set to /etc/motd.d:/run/
- motd.d:/usr/lib/motd.d.
-
-+noupdate
-+
-+ Don't run the scripts in /etc/update-motd.d to refresh the motd file.
-+
- When no options are given, the default behavior applies for both options.
- Specifying either option (or both) will disable the default behavior for both
- options.
-diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8
-index 3f65bb5..6a6ab4e 100644
---- a/modules/pam_motd/pam_motd.8
-+++ b/modules/pam_motd/pam_motd.8
-@@ -109,6 +109,13 @@ directory is scanned and each file contained inside of it is displayed\&. Multip
- /etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&.
- .RE
- .PP
-+\fBnoupdate\fR
-+.RS 4
-+Don\*(Aqt run the scripts in
-+/etc/update\-motd\&.d
-+to refresh the motd file\&.
-+.RE
-+.PP
- When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&.
- .SH "MODULE TYPES PROVIDED"
- .PP
diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml
index 2fc5310..8369779 100644
--- a/modules/pam_motd/pam_motd.8.xml
@@ -72,26 +37,26 @@ index 2fc5310..8369779 100644
<para>
When no options are given, the default behavior applies for both
diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
-index 5ca486e..8472dd6 100644
+index 89b2595..e6ce874 100644
--- a/modules/pam_motd/pam_motd.c
+++ b/modules/pam_motd/pam_motd.c
-@@ -383,6 +383,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
+@@ -387,6 +387,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
int retval = PAM_IGNORE;
+ int do_update = 1;
const char *motd_path = NULL;
char *motd_path_copy = NULL;
- unsigned int num_motd_paths = 0;
-@@ -392,6 +393,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
- unsigned int num_motd_dir_paths = 0;
+ size_t num_motd_paths = 0;
+@@ -396,6 +397,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
+ size_t num_motd_dir_paths = 0;
char **motd_dir_path_split = NULL;
int report_missing;
+ struct stat st;
if (flags & PAM_SILENT) {
return retval;
-@@ -421,6 +423,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
+@@ -425,6 +427,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
"motd_dir= specification missing argument - ignored");
}
}
@@ -101,7 +66,7 @@ index 5ca486e..8472dd6 100644
else
pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
-@@ -433,6 +438,19 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
+@@ -437,6 +442,19 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
report_missing = 1;
}