diff options
| author | Sam Hartman <hartmans@debian.org> | 2023-09-15 12:35:50 -0600 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2023-09-15 12:35:50 -0600 |
| commit | 42a1ec0322c64bb1fbc1cfb2c5f3bcd3fc620e2a (patch) | |
| tree | eb53efaf2d9697e6bc0aa5fabf14c04d5a3203c5 /debian/patches | |
| parent | 044f34343536f475ba556fcf4ac184b11c2d8bc5 (diff) | |
| download | pam-42a1ec0322c64bb1fbc1cfb2c5f3bcd3fc620e2a.tar.gz pam-42a1ec0322c64bb1fbc1cfb2c5f3bcd3fc620e2a.tar.bz2 pam-42a1ec0322c64bb1fbc1cfb2c5f3bcd3fc620e2a.zip | |
Update patch to move pam manpage to section 7: docbook tools now take the man page output name from the xml so we need to update the Makefile.
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/PAM-manpage-section | 885 | ||||
| -rw-r--r-- | debian/patches/make_documentation_reproducible.patch | 2 |
2 files changed, 520 insertions, 367 deletions
diff --git a/debian/patches/PAM-manpage-section b/debian/patches/PAM-manpage-section index 0f913973..0c2f40be 100644 --- a/debian/patches/PAM-manpage-section +++ b/debian/patches/PAM-manpage-section @@ -9,10 +9,13 @@ Authors: Steve Langasek <vorlon@debian.org> Upstream status: maybe provide a backwards-compatibility link first? --- - doc/man/PAM.8 | 138 --------------- + doc/man/Makefile.am | 5 +- + doc/man/Makefile.in | 58 +++++----- + doc/man/PAM.7 | 138 ++++++++++++++++++++++++ doc/man/misc_conv.3 | 2 +- doc/man/misc_conv.3.xml | 2 +- - doc/man/pam.8.xml | 212 ------------------------ + doc/man/pam.7 | 1 + + doc/man/pam.8.xml | 2 +- doc/man/pam_acct_mgmt.3 | 2 +- doc/man/pam_acct_mgmt.3.xml | 2 +- doc/man/pam_authenticate.3 | 2 +- @@ -25,6 +28,7 @@ Upstream status: maybe provide a backwards-compatibility link first? doc/man/pam_error.3.xml | 2 +- doc/man/pam_get_authtok.3 | 2 +- doc/man/pam_get_authtok.3.xml | 2 +- + doc/man/pam_get_item.3 | 4 +- doc/man/pam_getenv.3 | 2 +- doc/man/pam_getenv.3.xml | 2 +- doc/man/pam_getenvlist.3 | 2 +- @@ -37,7 +41,7 @@ Upstream status: maybe provide a backwards-compatibility link first? doc/man/pam_misc_paste_env.3.xml | 2 +- doc/man/pam_misc_setenv.3 | 2 +- doc/man/pam_misc_setenv.3.xml | 2 +- - doc/man/pam_prompt.3 | 2 +- + doc/man/pam_prompt.3 | 6 +- doc/man/pam_prompt.3.xml | 2 +- doc/man/pam_putenv.3 | 2 +- doc/man/pam_putenv.3.xml | 2 +- @@ -55,6 +59,7 @@ Upstream status: maybe provide a backwards-compatibility link first? modules/pam_deny/pam_deny.8.xml | 2 +- modules/pam_echo/pam_echo.8 | 2 +- modules/pam_echo/pam_echo.8.xml | 2 +- + modules/pam_env/pam_env.8 | 6 +- modules/pam_env/pam_env.8.xml | 2 +- modules/pam_env/pam_env.conf.5 | 2 +- modules/pam_env/pam_env.conf.5.xml | 2 +- @@ -108,6 +113,7 @@ Upstream status: maybe provide a backwards-compatibility link first? modules/pam_rootok/pam_rootok.8.xml | 2 +- modules/pam_securetty/pam_securetty.8 | 2 +- modules/pam_securetty/pam_securetty.8.xml | 2 +- + modules/pam_selinux/pam_selinux.8 | 6 +- modules/pam_selinux/pam_selinux.8.xml | 2 +- modules/pam_sepermit/pam_sepermit.8 | 2 +- modules/pam_sepermit/pam_sepermit.8.xml | 2 +- @@ -135,157 +141,363 @@ Upstream status: maybe provide a backwards-compatibility link first? modules/pam_userdb/pam_userdb.8.xml | 2 +- modules/pam_warn/pam_warn.8 | 2 +- modules/pam_warn/pam_warn.8.xml | 2 +- + modules/pam_wheel/pam_wheel.8 | 13 +-- modules/pam_wheel/pam_wheel.8.xml | 2 +- modules/pam_xauth/pam_xauth.8 | 2 +- modules/pam_xauth/pam_xauth.8.xml | 2 +- - 129 files changed, 127 insertions(+), 477 deletions(-) - delete mode 100644 doc/man/PAM.8 - delete mode 100644 doc/man/pam.8.xml + 136 files changed, 315 insertions(+), 176 deletions(-) + create mode 100644 doc/man/PAM.7 + create mode 100644 doc/man/pam.7 -diff --git a/doc/man/PAM.8 b/doc/man/PAM.8 -deleted file mode 100644 -index 57fefc5..0000000 ---- a/doc/man/PAM.8 -+++ /dev/null -@@ -1,138 +0,0 @@ --'\" t --.\" Title: pam --.\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] --.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> --.\" Date: 05/07/2023 --.\" Manual: Linux-PAM Manual --.\" Source: Linux-PAM --.\" Language: English --.\" --.TH "PAM" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" --.\" ----------------------------------------------------------------- --.\" * Define some portability stuff --.\" ----------------------------------------------------------------- --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.\" http://bugs.debian.org/507673 --.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.ie \n(.g .ds Aq \(aq --.el .ds Aq ' --.\" ----------------------------------------------------------------- --.\" * set default formatting --.\" ----------------------------------------------------------------- --.\" disable hyphenation --.nh --.\" disable justification (adjust text to left margin only) --.ad l --.\" ----------------------------------------------------------------- --.\" * MAIN CONTENT STARTS HERE * --.\" ----------------------------------------------------------------- --.SH "NAME" --PAM, pam \- Pluggable Authentication Modules for Linux --.SH "DESCRIPTION" --.PP --This manual is intended to offer a quick introduction to --\fBLinux\-PAM\fR\&. For more information the reader is directed to the --\fBLinux\-PAM system administrators\*(Aq guide\fR\&. --.PP --\fBLinux\-PAM\fR --is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as --\fBlogin\fR(1) --and --\fBsu\fR(1)) defer to to perform standard authentication tasks\&. --.PP --The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single --\fBLinux\-PAM\fR --configuration file --/etc/pam\&.conf\&. Alternatively and preferably, the configuration can be set by individual configuration files located in a --pam\&.d --directory\&. The presence of this directory will cause --\fBLinux\-PAM\fR --to --\fIignore\fR --/etc/pam\&.conf\&. --.PP --Vendor\-supplied PAM configuration files might be installed in the system directory --/usr/lib/pam\&.d/ --or a configurable vendor specific directory instead of the machine configuration directory --/etc/pam\&.d/\&. If no machine configuration file is found, the vendor\-supplied file is used\&. All files in --/etc/pam\&.d/ --override files with the same name in other directories\&. --.PP --From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the --\fBLinux\-PAM\fR --library\&. The important point to recognize is that the configuration file(s) --\fIdefine\fR --the connection between applications --(\fBservices\fR) and the pluggable authentication modules --(\fBPAM\fRs) that perform the actual authentication tasks\&. --.PP --\fBLinux\-PAM\fR --separates the tasks of --\fIauthentication\fR --into four independent management groups: --\fBaccount\fR --management; --\fBauth\fRentication management; --\fBpassword\fR --management; and --\fBsession\fR --management\&. (We highlight the abbreviations used for these groups in the configuration file\&.) --.PP --Simply put, these groups take care of different aspects of a typical user\*(Aqs request for a restricted service: --.PP --\fBaccount\fR --\- provide account verification types of service: has the user\*(Aqs password expired?; is this user permitted access to the requested service? --.PP --\fBauth\fRentication \- authenticate a user and set up user credentials\&. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\&. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of --\fBLinux\-PAM\fR\&. --.PP --\fBpassword\fR --\- this group\*(Aqs responsibility is the task of updating authentication mechanisms\&. Typically, such services are strongly coupled to those of the --\fBauth\fR --group\&. Some authentication mechanisms lend themselves well to being updated with such a function\&. Standard UN*X password\-based access is the obvious example: please enter a replacement password\&. --.PP --\fBsession\fR --\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\&. Such tasks include the maintenance of audit trails and the mounting of the user\*(Aqs home directory\&. The --\fBsession\fR --management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&. --.SH "FILES" --.PP --/etc/pam\&.conf --.RS 4 --the configuration file --.RE --.PP --/etc/pam\&.d --.RS 4 --the --\fBLinux\-PAM\fR --configuration directory\&. Generally, if this directory is present, the --/etc/pam\&.conf --file is ignored\&. --.RE --.PP --/usr/lib/pam\&.d --.RS 4 --the --\fBLinux\-PAM\fR --vendor configuration directory\&. Files in --/etc/pam\&.d --override files with the same name in this directory\&. --.RE --.SH "ERRORS" --.PP --Typically errors generated by the --\fBLinux\-PAM\fR --system of libraries, will be written to --\fBsyslog\fR(3)\&. --.SH "CONFORMING TO" --.PP --DCE\-RFC 86\&.0, October 1995\&. Contains additional features, but remains backwardly compatible with this RFC\&. --.SH "SEE ALSO" --.PP --\fBpam\fR(3), --\fBpam_authenticate\fR(3), --\fBpam_sm_setcred\fR(3), --\fBpam_strerror\fR(3), --\fBPAM\fR(8) +diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am +index aec365c..b81ca72 100644 +--- a/doc/man/Makefile.am ++++ b/doc/man/Makefile.am +@@ -7,7 +7,7 @@ MAINTAINERCLEANFILES = $(MANS) + + EXTRA_DIST = $(MANS) $(XMLS) + +-man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ ++man_MANS = pam.3 PAM.7 pam.7 pam.conf.5 pam.d.5 \ + pam_acct_mgmt.3 pam_authenticate.3 \ + pam_chauthtok.3 pam_close_session.3 pam_conv.3 \ + pam_end.3 pam_error.3 \ +@@ -46,7 +46,8 @@ XMLS = pam.3.xml pam.8.xml pam.conf.5.xml \ + + + if ENABLE_REGENERATE_MAN +-PAM.8: pam.8 ++pam.8: pam.8.xml ++PAM.7 pam.7: pam.8 + pam_get_authtok_noverify.3: pam_get_authtok.3 + pam_get_authtok_verify.3: pam_get_authtok.3 + pam_verror.3: pam_error.3 +diff --git a/doc/man/Makefile.in b/doc/man/Makefile.in +index d18dc7d..30da4d0 100644 +--- a/doc/man/Makefile.in ++++ b/doc/man/Makefile.in +@@ -1,7 +1,7 @@ +-# Makefile.in generated by automake 1.16.3 from Makefile.am. ++# Makefile.in generated by automake 1.16.5 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994-2020 Free Software Foundation, Inc. ++# Copyright (C) 1994-2021 Free Software Foundation, Inc. + + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -163,9 +163,9 @@ am__uninstall_files_from_dir = { \ + } + man3dir = $(mandir)/man3 + am__installdirs = "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \ +- "$(DESTDIR)$(man8dir)" ++ "$(DESTDIR)$(man7dir)" + man5dir = $(mandir)/man5 +-man8dir = $(mandir)/man8 ++man7dir = $(mandir)/man7 + NROFF = nroff + MANS = $(man_MANS) + am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +@@ -192,6 +192,8 @@ CPPFLAGS = @CPPFLAGS@ + CRYPTO_LIBS = @CRYPTO_LIBS@ + CRYPT_CFLAGS = @CRYPT_CFLAGS@ + CRYPT_LIBS = @CRYPT_LIBS@ ++CSCOPE = @CSCOPE@ ++CTAGS = @CTAGS@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ +@@ -205,6 +207,7 @@ ECHO_T = @ECHO_T@ + ECONF_CFLAGS = @ECONF_CFLAGS@ + ECONF_LIBS = @ECONF_LIBS@ + EGREP = @EGREP@ ++ETAGS = @ETAGS@ + EXEEXT = @EXEEXT@ + EXE_CFLAGS = @EXE_CFLAGS@ + EXE_LDFLAGS = @EXE_LDFLAGS@ +@@ -354,6 +357,7 @@ pdfdir = @pdfdir@ + prefix = @prefix@ + program_transform_name = @program_transform_name@ + psdir = @psdir@ ++runstatedir = @runstatedir@ + sbindir = @sbindir@ + sharedstatedir = @sharedstatedir@ + srcdir = @srcdir@ +@@ -366,7 +370,7 @@ top_srcdir = @top_srcdir@ + CLEANFILES = *~ + MAINTAINERCLEANFILES = $(MANS) + EXTRA_DIST = $(MANS) $(XMLS) +-man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ ++man_MANS = pam.3 PAM.7 pam.7 pam.conf.5 pam.d.5 \ + pam_acct_mgmt.3 pam_authenticate.3 \ + pam_chauthtok.3 pam_close_session.3 pam_conv.3 \ + pam_end.3 pam_error.3 \ +@@ -528,56 +532,55 @@ uninstall-man5: + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) +-install-man8: $(man_MANS) ++install-man7: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ +- test -n "$(man8dir)" \ ++ test -n "$(man7dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ +- echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ +- $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ +- | sed -n '/\.8[a-z]*$$/p'; \ ++ | sed -n '/\.7[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ +- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ ++ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ +- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ +- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ ++ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \ ++ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ +- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ +- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ ++ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \ ++ $(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \ + done; } + +-uninstall-man8: ++uninstall-man7: + @$(NORMAL_UNINSTALL) +- @list=''; test -n "$(man8dir)" || exit 0; \ ++ @list=''; test -n "$(man7dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ +- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ ++ sed -n '/\.7[a-z]*$$/p'; \ ++ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) ++ dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir) + tags TAGS: + + ctags CTAGS: + + cscope cscopelist: + +- + distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +@@ -615,7 +618,7 @@ check-am: all-am + check: check-am + all-am: Makefile $(MANS) + installdirs: +- for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ ++ for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done + install: install-am +@@ -686,7 +689,7 @@ install-info: install-info-am + + install-info-am: + +-install-man: install-man3 install-man5 install-man8 ++install-man: install-man3 install-man5 install-man7 + + install-pdf: install-pdf-am + +@@ -716,7 +719,7 @@ ps-am: + + uninstall-am: uninstall-man + +-uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 ++uninstall-man: uninstall-man3 uninstall-man5 uninstall-man7 + + .MAKE: install-am install-strip + +@@ -726,18 +729,19 @@ uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ +- install-man3 install-man5 install-man8 install-pdf \ ++ install-man3 install-man5 install-man7 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am uninstall-man uninstall-man3 uninstall-man5 \ +- uninstall-man8 ++ uninstall-man7 + + .PRECIOUS: Makefile + + +-@ENABLE_REGENERATE_MAN_TRUE@PAM.8: pam.8 ++@ENABLE_REGENERATE_MAN_TRUE@pam.8: pam.8.xml ++@ENABLE_REGENERATE_MAN_TRUE@PAM.7 pam.7: pam.8 + @ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_noverify.3: pam_get_authtok.3 + @ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_verify.3: pam_get_authtok.3 + @ENABLE_REGENERATE_MAN_TRUE@pam_verror.3: pam_error.3 +diff --git a/doc/man/PAM.7 b/doc/man/PAM.7 +new file mode 100644 +index 0000000..00b313f +--- /dev/null ++++ b/doc/man/PAM.7 +@@ -0,0 +1,138 @@ ++'\" t ++.\" Title: pam ++.\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] ++.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> ++.\" Date: 09/15/2023 ++.\" Manual: Linux-PAM Manual ++.\" Source: Linux-PAM ++.\" Language: English ++.\" ++.TH "PAM" "7" "09/15/2023" "Linux\-PAM" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * Define some portability stuff ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" http://bugs.debian.org/507673 ++.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.ie \n(.g .ds Aq \(aq ++.el .ds Aq ' ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- ++.\" disable hyphenation ++.nh ++.\" disable justification (adjust text to left margin only) ++.ad l ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "NAME" ++PAM, pam \- Pluggable Authentication Modules for Linux ++.SH "DESCRIPTION" ++.PP ++This manual is intended to offer a quick introduction to ++\fBLinux\-PAM\fR\&. For more information the reader is directed to the ++\fBLinux\-PAM system administrators\*(Aq guide\fR\&. ++.PP ++\fBLinux\-PAM\fR ++is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as ++\fBlogin\fR(1) ++and ++\fBsu\fR(1)) defer to to perform standard authentication tasks\&. ++.PP ++The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single ++\fBLinux\-PAM\fR ++configuration file ++/etc/pam\&.conf\&. Alternatively and preferably, the configuration can be set by individual configuration files located in a ++pam\&.d ++directory\&. The presence of this directory will cause ++\fBLinux\-PAM\fR ++to ++\fIignore\fR ++/etc/pam\&.conf\&. ++.PP ++Vendor\-supplied PAM configuration files might be installed in the system directory ++/usr/lib/pam\&.d/ ++or a configurable vendor specific directory instead of the machine configuration directory ++/etc/pam\&.d/\&. If no machine configuration file is found, the vendor\-supplied file is used\&. All files in ++/etc/pam\&.d/ ++override files with the same name in other directories\&. ++.PP ++From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the ++\fBLinux\-PAM\fR ++library\&. The important point to recognize is that the configuration file(s) ++\fIdefine\fR ++the connection between applications ++(\fBservices\fR) and the pluggable authentication modules ++(\fBPAM\fRs) that perform the actual authentication tasks\&. ++.PP ++\fBLinux\-PAM\fR ++separates the tasks of ++\fIauthentication\fR ++into four independent management groups: ++\fBaccount\fR ++management; ++\fBauth\fRentication management; ++\fBpassword\fR ++management; and ++\fBsession\fR ++management\&. (We highlight the abbreviations used for these groups in the configuration file\&.) ++.PP ++Simply put, these groups take care of different aspects of a typical user\*(Aqs request for a restricted service: ++.PP ++\fBaccount\fR ++\- provide account verification types of service: has the user\*(Aqs password expired?; is this user permitted access to the requested service? ++.PP ++\fBauth\fRentication \- authenticate a user and set up user credentials\&. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\&. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of ++\fBLinux\-PAM\fR\&. ++.PP ++\fBpassword\fR ++\- this group\*(Aqs responsibility is the task of updating authentication mechanisms\&. Typically, such services are strongly coupled to those of the ++\fBauth\fR ++group\&. Some authentication mechanisms lend themselves well to being updated with such a function\&. Standard UN*X password\-based access is the obvious example: please enter a replacement password\&. ++.PP ++\fBsession\fR ++\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\&. Such tasks include the maintenance of audit trails and the mounting of the user\*(Aqs home directory\&. The ++\fBsession\fR ++management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&. ++.SH "FILES" ++.PP ++/etc/pam\&.conf ++.RS 4 ++the configuration file ++.RE ++.PP ++/etc/pam\&.d ++.RS 4 ++the ++\fBLinux\-PAM\fR ++configuration directory\&. Generally, if this directory is present, the ++/etc/pam\&.conf ++file is ignored\&. ++.RE ++.PP ++/usr/lib/pam\&.d ++.RS 4 ++the ++\fBLinux\-PAM\fR ++vendor configuration directory\&. Files in ++/etc/pam\&.d ++override files with the same name in this directory\&. ++.RE ++.SH "ERRORS" ++.PP ++Typically errors generated by the ++\fBLinux\-PAM\fR ++system of libraries, will be written to ++\fBsyslog\fR(3)\&. ++.SH "CONFORMING TO" ++.PP ++DCE\-RFC 86\&.0, October 1995\&. Contains additional features, but remains backwardly compatible with this RFC\&. ++.SH "SEE ALSO" ++.PP ++\fBpam\fR(3), ++\fBpam_authenticate\fR(3), ++\fBpam_sm_setcred\fR(3), ++\fBpam_strerror\fR(3), ++\fBPAM\fR(8) diff --git a/doc/man/misc_conv.3 b/doc/man/misc_conv.3 index 6265664..85d32db 100644 --- a/doc/man/misc_conv.3 @@ -312,224 +524,26 @@ index 92d4acd..2971b3a 100644 </citerefentry> </para> </refsect1> +diff --git a/doc/man/pam.7 b/doc/man/pam.7 +new file mode 100644 +index 0000000..a15cab9 +--- /dev/null ++++ b/doc/man/pam.7 +@@ -0,0 +1 @@ ++.so PAM.7 diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml -deleted file mode 100644 -index 7f3b051..0000000 +index 7f3b051..cb6a7d8 100644 --- a/doc/man/pam.8.xml -+++ /dev/null -@@ -1,212 +0,0 @@ --<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam8"> -- -- <refmeta> -- <refentrytitle>pam</refentrytitle> ++++ b/doc/man/pam.8.xml +@@ -2,7 +2,7 @@ + + <refmeta> + <refentrytitle>pam</refentrytitle> - <manvolnum>8</manvolnum> -- <refmiscinfo class="source">Linux-PAM</refmiscinfo> -- <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> -- </refmeta> -- -- <refnamediv xml:id="pam8-name"> -- <refname>PAM</refname> -- <refname>pam</refname> -- <refpurpose>Pluggable Authentication Modules for Linux</refpurpose> -- </refnamediv> -- -- <refsect1 xml:id="pam8-description"> -- <title>DESCRIPTION</title> -- <para> -- This manual is intended to offer a quick introduction to -- <emphasis remap="B">Linux-PAM</emphasis>. For more information -- the reader is directed to the -- <emphasis remap="B">Linux-PAM system administrators' guide</emphasis>. -- </para> -- -- <para> -- <emphasis remap="B">Linux-PAM</emphasis> is a system of libraries -- that handle the authentication tasks of applications (services) on -- the system. The library provides a stable general interface -- (Application Programming Interface - API) that privilege granting -- programs (such as <citerefentry> -- <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> -- </citerefentry> and <citerefentry> -- <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> -- </citerefentry>) defer to to perform standard authentication tasks. -- </para> -- -- <para> -- The principal feature of the PAM approach is that the nature of the -- authentication is dynamically configurable. In other words, the -- system administrator is free to choose how individual -- service-providing applications will authenticate users. This dynamic -- configuration is set by the contents of the single -- <emphasis remap="B">Linux-PAM</emphasis> configuration file -- <filename>/etc/pam.conf</filename>. Alternatively and preferably, -- the configuration can be set by individual configuration files -- located in a <filename>pam.d</filename> directory. The presence of this -- directory will cause <emphasis remap="B">Linux-PAM</emphasis> to -- <emphasis remap="I">ignore</emphasis> <filename>/etc/pam.conf</filename>. -- </para> -- -- <para> -- Vendor-supplied PAM configuration files might be installed in -- the system directory <filename>/usr/lib/pam.d/</filename> or -- a configurable vendor specific directory instead -- of the machine configuration directory <filename>/etc/pam.d/</filename>. -- If no machine configuration file is found, the vendor-supplied file -- is used. All files in <filename>/etc/pam.d/</filename> override -- files with the same name in other directories. -- </para> -- --<para>From the point of view of the system administrator, for whom this --manual is provided, it is not of primary importance to understand the --internal behavior of the --<emphasis remap="B">Linux-PAM</emphasis> --library. The important point to recognize is that the configuration --file(s) --<emphasis remap="I">define</emphasis> --the connection between applications --<emphasis remap="B"/>(<emphasis remap="B">services</emphasis>) --and the pluggable authentication modules --<emphasis remap="B"/>(<emphasis remap="B">PAM</emphasis>s) --that perform the actual authentication tasks.</para> -- -- --<para><emphasis remap="B">Linux-PAM</emphasis> --separates the tasks of --<emphasis remap="I">authentication</emphasis> --into four independent management groups: --<emphasis remap="B">account</emphasis> management; --<emphasis remap="B">auth</emphasis>entication management; --<emphasis remap="B">password</emphasis> management; --and --<emphasis remap="B">session</emphasis> management. --(We highlight the abbreviations used for these groups in the --configuration file.)</para> -- -- --<para>Simply put, these groups take care of different aspects of a typical --user's request for a restricted service:</para> -- -- --<para><emphasis remap="B">account</emphasis> - --provide account verification types of service: has the user's password --expired?; is this user permitted access to the requested service?</para> -- --<!-- .br --> --<para><emphasis remap="B">auth</emphasis>entication - --authenticate a user and set up user credentials. Typically this is via --some challenge-response request that the user must satisfy: if you are --who you claim to be please enter your password. Not all authentications --are of this type, there exist hardware based authentication schemes --(such as the use of smart-cards and biometric devices), with suitable --modules, these may be substituted seamlessly for more standard --approaches to authentication - such is the flexibility of --<emphasis remap="B">Linux-PAM</emphasis>.</para> -- --<!-- .br --> --<para><emphasis remap="B">password</emphasis> - --this group's responsibility is the task of updating authentication --mechanisms. Typically, such services are strongly coupled to those of --the --<emphasis remap="B">auth</emphasis> --group. Some authentication mechanisms lend themselves well to being --updated with such a function. Standard UN*X password-based access is --the obvious example: please enter a replacement password.</para> -- --<!-- .br --> --<para><emphasis remap="B">session</emphasis> - --this group of tasks cover things that should be done prior to a --service being given and after it is withdrawn. Such tasks include the --maintenance of audit trails and the mounting of the user's home --directory. The --<emphasis remap="B">session</emphasis> --management group is important as it provides both an opening and --closing hook for modules to affect the services available to a user.</para> -- --</refsect1> -- -- <refsect1 xml:id="pam8-files"> -- <title>FILES</title> -- <variablelist> -- <varlistentry> -- <term>/etc/pam.conf</term> -- <listitem> -- <para>the configuration file</para> -- </listitem> -- </varlistentry> -- <varlistentry> -- <term>/etc/pam.d</term> -- <listitem> -- <para> -- the <emphasis remap="B">Linux-PAM</emphasis> configuration -- directory. Generally, if this directory is present, the -- <filename>/etc/pam.conf</filename> file is ignored. -- </para> -- </listitem> -- </varlistentry> -- <varlistentry> -- <term>/usr/lib/pam.d</term> -- <listitem> -- <para> -- the <emphasis remap="B">Linux-PAM</emphasis> vendor configuration -- directory. Files in <filename>/etc/pam.d</filename> override -- files with the same name in this directory. -- </para> -- </listitem> -- </varlistentry> -- <varlistentry condition="with_vendordir"> -- <term>%vendordir%/pam.d</term> -- <listitem> -- <para> -- additional <emphasis remap="B">Linux-PAM</emphasis> vendor -- configuration directory. Files in <filename>/etc/pam.d</filename> -- and <filename>/usr/lib/pam.d</filename> override files with the -- same name in this directory. -- </para> -- </listitem> -- </varlistentry> -- </variablelist> -- </refsect1> -- -- <refsect1 xml:id="pam8-errors"> -- <title>ERRORS</title> -- <para> -- Typically errors generated by the -- <emphasis remap="B">Linux-PAM</emphasis> system of libraries, will -- be written to <citerefentry> -- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry>. -- </para> -- </refsect1> -- -- <refsect1 xml:id="pam8-conforming_to"> -- <title>CONFORMING TO</title> -- <para> -- DCE-RFC 86.0, October 1995. -- Contains additional features, but remains backwardly compatible -- with this RFC. -- </para> -- </refsect1> -- -- <refsect1 xml:id="pam8-see_also"> -- <title>SEE ALSO</title> -- <para> -- <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry>, -- <citerefentry> -- <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry>, -- <citerefentry> -- <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry>, -- <citerefentry> -- <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry>, -- <citerefentry> -- <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> -- </citerefentry> -- </para> -- </refsect1> --</refentry> ++ <manvolnum>7</manvolnum> + <refmiscinfo class="source">Linux-PAM</refmiscinfo> + <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> + </refmeta> diff --git a/doc/man/pam_acct_mgmt.3 b/doc/man/pam_acct_mgmt.3 index 18e91d5..1cfb501 100644 --- a/doc/man/pam_acct_mgmt.3 @@ -674,6 +688,25 @@ index ba6d955..1cb7566 100644 </citerefentry> </para> </refsect1> +diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3 +index d08fde5..894c7f6 100644 +--- a/doc/man/pam_get_item.3 ++++ b/doc/man/pam_get_item.3 +@@ -2,12 +2,12 @@ + .\" Title: pam_get_item + .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] + .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 ++.\" Date: 09/15/2023 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM + .\" Language: English + .\" +-.TH "PAM_GET_ITEM" "3" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" ++.TH "PAM_GET_ITEM" "3" "09/15/2023" "Linux\-PAM" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- diff --git a/doc/man/pam_getenv.3 b/doc/man/pam_getenv.3 index d0d3999..f639ef9 100644 --- a/doc/man/pam_getenv.3 @@ -825,9 +858,24 @@ index 4414d54..c9403c5 100644 </para> </refsect1> diff --git a/doc/man/pam_prompt.3 b/doc/man/pam_prompt.3 -index 3070747..80e4898 100644 +index 3070747..aeaaac0 100644 --- a/doc/man/pam_prompt.3 +++ b/doc/man/pam_prompt.3 +@@ -2,12 +2,12 @@ + .\" Title: pam_prompt + .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] + .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 ++.\" Date: 09/15/2023 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM + .\" Language: English + .\" +-.TH "PAM_PROMPT" "3" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" ++.TH "PAM_PROMPT" "3" "09/15/2023" "Linux\-PAM" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- @@ -70,7 +70,7 @@ System error\&. .RE .SH "SEE ALSO" @@ -1052,6 +1100,34 @@ index 07b793d..cf2d006 100644 </citerefentry></para> </refsect1> +diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8 +index f4e15f3..afef8b1 100644 +--- a/modules/pam_env/pam_env.8 ++++ b/modules/pam_env/pam_env.8 +@@ -2,12 +2,12 @@ + .\" Title: pam_env + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 ++.\" Date: 09/13/2023 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM + .\" Language: English + .\" +-.TH "PAM_ENV" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" ++.TH "PAM_ENV" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -153,7 +153,7 @@ User specific environment file + .PP + \fBpam_env.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBenviron\fR(7)\&. + .SH "AUTHOR" + .PP diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index fb172e1..a720d37 100644 --- a/modules/pam_env/pam_env.8.xml @@ -1741,6 +1817,34 @@ index 9038f5b..fcf0e88 100644 </citerefentry> </para> </refsect1> +diff --git a/modules/pam_selinux/pam_selinux.8 b/modules/pam_selinux/pam_selinux.8 +index 260bc47..12fe015 100644 +--- a/modules/pam_selinux/pam_selinux.8 ++++ b/modules/pam_selinux/pam_selinux.8 +@@ -2,12 +2,12 @@ + .\" Title: pam_selinux + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 ++.\" Date: 09/13/2023 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM + .\" Language: English + .\" +-.TH "PAM_SELINUX" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -144,7 +144,7 @@ session optional pam_selinux\&.so + \fBexecve\fR(2), + \fBtty\fR(4), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBselinux\fR(8) + .SH "AUTHOR" + .PP diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index 3aa632c..7ec5daf 100644 --- a/modules/pam_selinux/pam_selinux.8.xml @@ -2092,6 +2196,55 @@ index a20c5f7..a69e1d6 100644 </citerefentry> </para> </refsect1> +diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8 +index 8077e81..ca687e5 100644 +--- a/modules/pam_wheel/pam_wheel.8 ++++ b/modules/pam_wheel/pam_wheel.8 +@@ -2,12 +2,12 @@ + .\" Title: pam_wheel + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 ++.\" Date: 09/13/2023 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM + .\" Language: English + .\" +-.TH "PAM_WHEEL" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" ++.TH "PAM_WHEEL" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -31,7 +31,7 @@ + pam_wheel \- Only permit root access to members of group wheel + .SH "SYNOPSIS" + .HP \w'\fBpam_wheel\&.so\fR\ 'u +-\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] ++\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] + .SH "DESCRIPTION" + .PP + The pam_wheel PAM module is used to enforce the so\-called +@@ -72,11 +72,6 @@ trust + .RS 4 + The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. + .RE +-.PP +-use_uid +-.RS 4 +-The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&. +-.RE + .SH "MODULE TYPES PROVIDED" + .PP + The +@@ -141,7 +136,7 @@ su auth required pam_unix\&.so + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&. diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml index b42e27d..86f2828 100644 --- a/modules/pam_wheel/pam_wheel.8.xml diff --git a/debian/patches/make_documentation_reproducible.patch b/debian/patches/make_documentation_reproducible.patch index 6fa72406..105766a9 100644 --- a/debian/patches/make_documentation_reproducible.patch +++ b/debian/patches/make_documentation_reproducible.patch @@ -1,4 +1,4 @@ -From: "Juan Picca jumapico@gmail.com, Steve Langasek" <vorlon@debian.org> +From: "jumapico@gmail.com" <jumapico@gmail.com> Date: Mon, 11 Sep 2023 14:00:42 -0600 Subject: Make documentation reproducible |