New upstream version 0.76

15 files changed, 0 insertions, 1130 deletions

diff --git a/doc/man/pam.8 b/doc/man/pam.8
deleted file mode 100644
index 939a0fe9..00000000
--- a/doc/man/pam.8
+++ /dev/null
@@ -1,369 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1996-7,2001 <morgan@kernel.org>
-.TH PAM 8 "2001 Jan 20" "Linux-PAM 0.74" "Linux-PAM Manual"
-.SH NAME
-
-Linux-PAM \- Pluggable Authentication Modules for Linux
-
-.SH SYNOPSIS
-.B /etc/pam.conf
-.sp 2
-.SH DESCRIPTION
-
-This manual is intended to offer a quick introduction to
-.BR Linux-PAM ". "
-For more information the reader is directed to the
-.BR "Linux-PAM system administrators' guide".
-
-.sp
-.BR Linux-PAM
-Is a system of libraries that handle the authentication tasks of
-applications (services) on the system.  The library provides a stable
-general interface (Application Programming Interface - API) that
-privilege granting programs (such as
-.BR login "(1) "
-and
-.BR su "(1)) "
-defer to to perform standard authentication tasks.
-
-.sp
-The principal feature of the PAM approach is that the nature of the
-authentication is dynamically configurable.  In other words, the
-system administrator is free to choose how individual
-service-providing applications will authenticate users. This dynamic
-configuration is set by the contents of the single
-.BR Linux-PAM
-configuration file
-.BR /etc/pam.conf "."
-Alternatively, the configuration can be set by individual
-configuration files located in the
-.B /etc/pam.d/
-directory.
-.IB "The presence of this directory will cause " Linux-PAM " to ignore"
-.BI /etc/pam.conf "."
-
-.sp
-From the point of view of the system administrator, for whom this
-manual is provided, it is not of primary importance to understand the
-internal behavior of the
-.BR Linux-PAM
-library.  The important point to recognize is that the configuration
-file(s)
-.I define
-the connection between applications
-.BR "" "(" services ")"
-and the pluggable authentication modules
-.BR "" "(" PAM "s)"
-that perform the actual authentication tasks.
-
-.sp
-.BR Linux-PAM
-separates the tasks of
-.I authentication
-into four independent management groups:
-.BR "account" " management; "
-.BR "auth" "entication management; "
-.BR "password" " management; "
-and
-.BR "session" " management."
-(We highlight the abbreviations used for these groups in the
-configuration file.)
-
-.sp
-Simply put, these groups take care of different aspects of a typical
-user's request for a restricted service:
-
-.sp
-.BR account " - "
-provide account verification types of service: has the user's password
-expired?; is this user permitted access to the requested service?
-
-.br
-.BR auth "entication - "
-establish the user is who they claim to be. Typically this is via some
-challenge-response request that the user must satisfy: if you are who
-you claim to be please enter your password.  Not all authentications
-are of this type, there exist hardware based authentication schemes
-(such as the use of smart-cards and biometric devices), with suitable
-modules, these may be substituted seamlessly for more standard
-approaches to authentication - such is the flexibility of
-.BR Linux-PAM "."
-
-.br
-.BR password " - "
-this group's responsibility is the task of updating authentication
-mechanisms. Typically, such services are strongly coupled to those of
-the
-.BR auth
-group. Some authentication mechanisms lend themselves well to being
-updated with such a function. Standard UN*X password-based access is
-the obvious example: please enter a replacement password.
-
-.br
-.BR session " - "
-this group of tasks cover things that should be done prior to a
-service being given and after it is withdrawn. Such tasks include the
-maintenance of audit trails and the mounting of the user's home
-directory. The
-.BR session
-management group is important as it provides both an opening and
-closing hook for modules to affect the services available to a user.
-
-.SH The configuration file(s)
-
-When a
-.BR Linux-PAM
-aware privilege granting application is started, it activates its
-attachment to the PAM-API.  This activation performs a number of
-tasks, the most important being the reading of the configuration file(s):
-.BR /etc/pam.conf "."
-Alternatively, this may be the contents of the
-.BR /etc/pam.d/
-directory.
-
-These files list the
-.BR PAM "s"
-that will do the authentication tasks required by this service, and
-the appropriate behavior of the PAM-API in the event that individual
-.BR PAM "s "
-fail.
-
-.sp
-The syntax of the
-.B /etc/pam.conf
-configuration file is as follows. The file is made
-up of a list of rules, each rule is typically placed on a single line,
-but may be extended with an escaped end of line: `\\<LF>'. Comments
-are preceded with `#' marks and extend to the next end of line.
-
-.sp
-The format of each rule is a space separated collection of tokens, the
-first three being case-insensitive:
-
-.sp
-.br
-.BR "   service  type  control  module-path  module-arguments"
-
-.sp
-The syntax of files contained in the
-.B /etc/pam.d/
-directory, are identical except for the absence of any
-.I service 
-field. In this case, the
-.I service
-is the name of the file in the
-.B /etc/pam.d/
-directory. This filename must be in lower case.
-
-.sp
-An important feature of
-.BR Linux-PAM ", "
-is that a number of rules may be
-.I stacked
-to combine the services of a number of PAMs for a given authentication
-task.
-
-.sp
-The
-.BR service
-is typically the familiar name of the corresponding application:
-.BR login
-and 
-.BR su
-are good examples. The
-.BR service "-name, " other ", "
-is reserved for giving
-.I default
-rules.  Only lines that mention the current service (or in the absence
-of such, the
-.BR other
-entries) will be associated with the given service-application.
-
-.sp
-The
-.BR type
-is the management group that the rule corresponds to. It is used to
-specify which of the management groups the subsequent module is to
-be associated with. Valid entries are:
-.BR account "; "
-.BR auth "; "
-.BR password "; "
-and
-.BR session "."
-The meaning of each of these tokens was explained above.
-
-.sp
-The third field,
-.BR control ", "
-indicates the behavior of the PAM-API should the module fail to
-succeed in its authentication task. There are two types of syntax for
-this control field: the simple one has a single simple keyword; the
-more complicated one involves a square-bracketed selection of
-.B value=action
-pairs.
-
-.sp
-For the simple (historical) syntax valid
-.BR control
-values are:
-.BR requisite
-- failure of such a PAM results in the immediate termination of the
-authentication process;
-.BR required
-- failure of such a PAM will ultimately lead to the PAM-API returning
-failure but only after the remaining
-.I stacked
-modules (for this
-.BR service
-and
-.BR type ")"
-have been invoked;
-.BR sufficient
-- success of such a module is enough to satisfy the authentication
-requirements of the stack of modules (if a prior
-.BR required
-module has failed the success of this one is
-.IR ignored "); "
-.BR optional
-- the success or failure of this module is only important if it is the
-only module in the stack associated with this
-.BR service "+" type "."
-
-.sp
-For the more complicated syntax valid
-.B control
-values have the following form:
-.sp
-.RB  [value1=action1 value2=action2 ...]
-.sp
-Where
-.B valueN
-corresponds to the return code from the function invoked in the module
-for which the line is defined. It is selected from one of these:
-.BR success ;
-.BR open_err ;
-.BR symbol_err ;
-.BR service_err ;
-.BR system_err ;
-.BR buf_err ;
-.BR perm_denied ;
-.BR auth_err ;
-.BR cred_insufficient ;
-.BR authinfo_unavail ;
-.BR user_unknown ;
-.BR maxtries ;
-.BR new_authtok_reqd ;
-.BR acct_expired ;
-.BR session_err ;
-.BR cred_unavail ;
-.BR cred_expired ;
-.BR cred_err ;
-.BR no_module_data ;
-.BR conv_err ;
-.BR authtok_err ;
-.BR authtok_recover_err ;
-.BR authtok_lock_busy ;
-.BR authtok_disable_aging ;
-.BR try_again ;
-.BR ignore ;
-.BR abort ;
-.BR authtok_expired ;
-.BR module_unknown ;
-.BR bad_item "; and"
-.BR default .
-The last of these,
-.BR default ,
-implies 'all
-.BR valueN 's
-not mentioned explicitly. Note, the full list of PAM errors is
-available in /usr/include/security/_pam_types.h . The
-.B actionN
-can be: an unsigned integer, 
-.BR J ,
-signifying an action of 'jump over the next J modules in the stack';
-or take one of the following forms:
-.br
-.B ignore
-- when used with a stack of modules, the module's return status will
-not contribute to the return code the application obtains;
-.br
-.B bad 
-- this action indicates that the return code should be thought of as
-indicative of the module failing. If this module is the first in the
-stack to fail, its status value will be used for that of the whole
-stack.
-.br
-.B die
-- equivalent to bad with the side effect of terminating the module
-stack and PAM immediately returning to the application.
-.br
-.B ok
-- this tells PAM that the administrator thinks this return code
-should contribute directly to the return code of the full stack of
-modules. In other words, if the former state of the stack would lead
-to a return of
-.BR PAM_SUCCESS ,
-the module's return code will override this value. Note, if the former
-state of the stack holds some value that is indicative of a modules
-failure, this 'ok' value will not be used to override that value.
-.br
-.B done
-- equivalent to ok with the side effect of terminating the module
-stack and PAM immediately returning to the application.
-.br
-.B reset
-- clear all memory of the state of the module stack and start again
-with the next stacked module.
-
-.sp
-.BR module-path
-- this is either the full filename of the PAM to be used by the
-application (it begins with a '/'), or a relative pathname from the
-default module location:
-.BR /lib/security/ .
-
-.sp
-.BR module-arguments
-- these are a space separated list of tokens that can be used to
-modify the specific behavior of the given PAM. Such arguments will be
-documented for each individual module.
-
-.SH "FILES"
-.BR /etc/pam.conf " - the configuration file"
-.br
-.BR /etc/pam.d/ " - the"
-.BR Linux-PAM
-configuration directory. Generally, if this directory is present, the
-.B /etc/pam.conf
-file is ignored.
-.br
-.BR /lib/libpam.so.X " - the dynamic library"
-.br
-.BR /lib/security/*.so " - the PAMs
-
-.SH ERRORS
-Typically errors generated by the
-.BR Linux-PAM
-system of libraries, will be written to
-.BR syslog "(3)."
-
-.SH "CONFORMING TO"
-DCE-RFC 86.0, October 1995.
-.br
-Contains additional features, but remains backwardly compatible with
-this RFC.
-
-.SH BUGS
-.sp 2
-None known.
-
-.SH "SEE ALSO"
-
-The three
-.BR Linux-PAM
-Guides, for
-.BR "system administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/pam.conf.8 b/doc/man/pam.conf.8
deleted file mode 100644
index d067b559..00000000
--- a/doc/man/pam.conf.8
+++ /dev/null
@@ -1 +0,0 @@
-.so pam.8
diff --git a/doc/man/pam.d.8 b/doc/man/pam.d.8
deleted file mode 100644
index d067b559..00000000
--- a/doc/man/pam.d.8
+++ /dev/null
@@ -1 +0,0 @@
-.so pam.8
diff --git a/doc/man/pam_authenticate.3 b/doc/man/pam_authenticate.3
deleted file mode 100644
index ba1bc52e..00000000
--- a/doc/man/pam_authenticate.3
+++ /dev/null
@@ -1,91 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@parc.power.net>
-.TH PAM_AUTHENTICATE 3 "1996 Dec 9" "Linux-PAM 0.55" "App. Programmers' Manual"
-.SH NAME
-
-pam_authenticate \- authenticate a user
-
-.SH SYNOPSIS
-.B #include <security/pam_appl.h>
-.sp
-.BI "int pam_authenticate(pam_handle_t " *pamh ", int  " flags ");"
-.sp 2
-.SH DESCRIPTION
-.B pam_authenticate
-
-.br
-Use this function to authenticate an applicant user.  It is linked
-.I dynamically
-to the authentication modules by
-.BR Linux-PAM ". "
-It is the task of these module to perform such an authentication.  The
-specific nature of the authentication is not the concern of the
-application.
-
-.br
-Following successful completion, the
-.BR name
-of the authenticated user will be present in the
-.BR Linux-PAM
-item
-.BR PAM_USER ". "
-This item may be recovered with a call to
-.BR pam_get_item "(3)."
-
-.br
-The application developer should note that the modules may request
-that the user enter their username via the conversation mechanism (see
-.BR pam_start "(3))."
-Should this be the case, the user-prompt string can be set via
-the
-.BR PAM_USER_PROMPT
-item (see
-.BR pam_set_item "(3))."
-
-.SH "RETURN VALUE"
-On success
-.BR PAM_SUCCESS
-is returned.  All other returns should be considered
-authentication failures and will be
-.I delayed
-by an amount specified with prior calls to
-.BR pam_fail_delay "(3). "
-Specific failures that demand special attention are the following:
-.TP
-.B PAM_ABORT
-the application should exit immediately. Of course,
-.BR pam_end "(3)"
-should be called first.
-
-.TP
-.B PAM_MAXTRIES
-the application has tried too many times to authenticate the
-user, authentication should not be attempted again.
-
-.SH ERRORS
-May be translated to text with
-.BR pam_strerror "(3). "
-
-.SH "CONFORMING TO"
-DCE-RFC 86.0, October 1995.
-
-.SH BUGS
-.sp 2
-none known.
-
-.SH "SEE ALSO"
-
-.BR pam_start "(3), "
-.BR pam_get_item "(3) "
-.BR pam_fail_delay "(3) "
-and
-.BR pam_strerror "(3). "
-
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/pam_chauthtok.3 b/doc/man/pam_chauthtok.3
deleted file mode 100644
index 63904da3..00000000
--- a/doc/man/pam_chauthtok.3
+++ /dev/null
@@ -1,101 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
-.TH PAM_CHAUTHTOK 3 "1997 Jan 4" "Linux-PAM 0.55" "App. Programmers' Manual"
-.SH NAME
-
-pam_chauthtok \- updating authentication tokens
-
-.SH SYNOPSIS
-.B #include <security/pam_appl.h>
-.sp
-.BI "int pam_chauthtok(pam_handle_t " *pamh ", int  " flags ");"
-.sp 2
-.SH DESCRIPTION
-.B pam_chauthtok
-
-.br
-Use this function to rejuvenate the authentication tokens (passwords
-etc.) of an applicant user.
-
-.br
-Note, the application should not pre-authenticate the user, as this is
-performed (if required) by the
-.BR Linux-PAM
-framework.
-
-.br
-The
-.I flags
-argument can
-.I optionally
-take the value,
-.BR PAM_CHANGE_EXPIRED_AUTHTOK "."
-In such cases the framework is only required to update those
-authentication tokens that have expired. Without this argument, the
-framework will attempt to obtain new tokens for all configured
-authentication mechanisms. The details of the types and number of such
-schemes should not concern the calling application.
-
-.SH RETURN VALUE
-A successful return from this function will be indicated with
-.BR PAM_SUCCESS "."
-
-.br
-Specific errors of special interest when calling this function are
-
-.br
-.BR PAM_AUTHTOK_ERROR
-- a valid new token was not obtained
-
-.br
-.BR PAM_AUTHTOK_RECOVERY_ERR
-- old authentication token was not available
-
-.br
-.BR PAM_AUTHTOK_LOCK_BUSY
-- a resource needed to update the token was locked (try again later)
-
-.br
-.BR PAM_AUTHTOK_DISABLE_AGING
-- one or more of the authentication modules does not honor
-authentication token aging
-
-.br
-.BR PAM_TRY_AGAIN
-- one or more authentication mechanism is not prepared to update a
-token at this time
-
-.br
-In general other return values may be returned. They should be treated
-as indicating failure.
-
-.SH ERRORS
-May be translated to text with
-.BR pam_strerror "(3). "
-
-.SH "CONFORMING TO"
-DCE-RFC 86.0, October 1995.
-
-.SH BUGS
-.sp 2
-none known.
-
-.SH "SEE ALSO"
-
-.BR pam_start "(3), "
-.BR pam_authenticate "(3), "
-.BR pam_setcred "(3), "
-.BR pam_get_item "(3), "
-.BR pam_strerror "(3) "
-and
-.BR pam "(8)."
-
-.br
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/pam_close_session.3 b/doc/man/pam_close_session.3
deleted file mode 100644
index d851700c..00000000
--- a/doc/man/pam_close_session.3
+++ /dev/null
@@ -1 +0,0 @@
-.so pam_open_session.3
diff --git a/doc/man/pam_end.3 b/doc/man/pam_end.3
deleted file mode 100644
index de999f24..00000000
--- a/doc/man/pam_end.3
+++ /dev/null
@@ -1 +0,0 @@
-.so pam_start.3
diff --git a/doc/man/pam_fail_delay.3 b/doc/man/pam_fail_delay.3
deleted file mode 100644
index f6cd238a..00000000
--- a/doc/man/pam_fail_delay.3
+++ /dev/null
@@ -1,130 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
-.TH PAM_FAIL_DELAY 3 "1997 Jan 12" "Linux-PAM 0.56" "Programmers' Manual"
-.SH NAME
-
-pam_fail_delay \- request a delay on failure
-
-.SH SYNOPSIS
-.B #include <security/pam_appl.h>
-.br
-or,
-.br
-.B #include <security/pam_modules.h>
-.sp
-.BI "int pam_fail_delay(pam_handle_t " "*pamh" ", unsigned int " "usec" ");"
-.sp 2
-.SH DESCRIPTION
-.br
-It is often possible to attack an authentication scheme by exploiting
-the time it takes the scheme to deny access to an applicant user.  In
-cases of
-.I short
-timeouts, it may prove possible to attempt a
-.I brute force
-dictionary attack -- with an automated process, the attacker tries all
-possible passwords to gain access to the system.  In other cases,
-where individual failures can take measurable amounts of time
-(indicating the nature of the failure), an attacker can obtain useful
-information about the authentication process.  These latter attacks
-make use of procedural delays that constitute a
-.I covert channel
-of useful information.
-
-.br
-To minimize the effectiveness of such attacks, it is desirable to
-introduce a random delay in a failed authentication process.
-.B Linux-PAM
-provides such a facility.  The delay occurs upon failure of the
-.BR pam_authenticate "(3) "
-and
-.BR pam_chauthtok "(3) "
-functions.  It occurs
-.I after
-all authentication modules have been called, but
-.I before
-control is returned to the service application.
-
-.br
-The function,
-.BR pam_fail_delay "(3),"
-is used to specify a required minimum for the length of the
-failure-delay; the
-.I usec
-argument.  This function can be called by the service application
-and/or the authentication modules, both may have an interest in
-delaying a reapplication for service by the user.  The length of the
-delay is computed at the time it is required.  Its length is
-pseudo-gausianly distributed about the
-.I maximum
-requested value; the resultant delay will differ by as much as 25% of
-this maximum requested value (both up and down).
-
-.br
-On return from
-.BR pam_authenticate "(3) or " pam_chauthtok "(3),"
-independent of success or failure, the new requested delay is reset to
-its default value: zero.
-
-.SH EXAMPLE
-.br
-For example, a
-.B login
-application may require a failure delay of roughly 3 seconds. It will
-contain the following code:
-.sp
-.br
-.B "     pam_fail_delay(pamh, 3000000 /* micro-seconds */ );"
-.br
-.B "     pam_authenticate(pamh, 0);"
-.sp
-.br
-if the modules do not request a delay, the failure delay will be
-between 2.25 and 3.75 seconds.
-
-.br
-However, the modules, invoked in the authentication process, may
-also request delays:
-.sp
-.br
-.RB "  (module #1)   " "pam_fail_delay(pamh, 2000000);"
-.sp
-.br
-.RB "  (module #2)   " "pam_fail_delay(pamh, 4000000);"
-.sp
-.br
-in this case, it is the largest requested value that is used to
-compute the actual failed delay: here between 3 and 5 seconds.
-
-.SH "RETURN VALUE"
-Following a successful call to
-.BR pam_fail_delay "(3), " PAM_SUCCESS
-is returned.  All other returns should be considered serious failures.
-
-.SH ERRORS
-May be translated to text with
-.BR pam_strerror "(3). "
-
-.SH "CONFORMING TO"
-Under consideration by the X/Open group for future inclusion in the
-PAM RFC. 1996/1/10
-
-.SH BUGS
-.sp 2
-none known.
-
-.SH "SEE ALSO"
-
-.BR pam_start "(3), "
-.BR pam_get_item "(3) "
-and
-.BR pam_strerror "(3). "
-
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3
deleted file mode 100644
index f4f0d462..00000000
--- a/doc/man/pam_get_item.3
+++ /dev/null
@@ -1 +0,0 @@
-.so pam_set_item.3
diff --git a/doc/man/pam_open_session.3 b/doc/man/pam_open_session.3
deleted file mode 100644
index 4e63b5c4..00000000
--- a/doc/man/pam_open_session.3
+++ /dev/null
@@ -1,99 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
-.TH PAM_OPEN_SESSION 3 "1997 Jan 4" "Linux-PAM 0.55" "App. Programmers' Manual"
-.SH NAME
-
-pam_open/close_session \- PAM session management
-
-.SH SYNOPSIS
-.B #include <security/pam_appl.h>
-.sp
-.BI "int pam_open_session(pam_handle_t " *pamh ", int  " flags ");"
-.sp
-.BI "int pam_close_session(pam_handle_t " *pamh ", int  " flags ");"
-.sp 2
-.SH DESCRIPTION
-
-PAM provides management-hooks for the initialization and termination
-of a session. 
-
-.TP
-.B pam_open_session
-.br
-Use this function to signal that an authenticated user session has
-begun. It should be called only after the user is properly identified
-and (where necessary) has been granted their credentials with
-.BR pam_authenticate "(3)"
-and
-.BR pam_setcred "(3)"
-respectively.
-
-.br
-Some types of functions associated with session
-initialization are logging for the purposes of system-audit and
-mounting directories (the user's home directory for example). These
-should not concern the application. It should be noted that the
-.I effective
-uid,
-.BR geteuid "(2),"
-of the application should be of sufficient privilege to perform such
-tasks.
-
-.TP
-.B pam_close_session
-.br
-Use this function to signal that a user session has
-terminated. In general this function may not need to be located in the
-same application as the initialization function,
-.BR pam_open_session "."
-
-.br
-Typically, this function will undo the actions of
-.BR pam_open_session "."
-That is, log audit information concerning the end of the user session
-or unmount the user's home directory. Apart from having sufficient
-privilege the details of the session termination should not concern
-the calling application. It is good programming practice, however, to
-cease acting on behalf of the user on returning from this call.
-
-.SH RETURN VALUE
-A successful return from the session management functions will be
-indicated with
-.BR PAM_SUCCESS "."
-
-.br
-The specific error indicating a failure to open or close a session is
-.BR PAM_SESSION_ERR "."
-In general other return values may be returned. They should be treated
-as indicating failure.
-
-.SH ERRORS
-May be translated to text with
-.BR pam_strerror "(3). "
-
-.SH "CONFORMING TO"
-OSF-RFC 86.0, October 1995.
-
-.SH BUGS
-.sp 2
-none known.
-
-.SH "SEE ALSO"
-
-.BR pam_start "(3), "
-.BR pam_authenticate "(3), "
-.BR pam_setcred "(3), "
-.BR pam_get_item "(3), "
-.BR pam_strerror "(3) "
-and
-.BR pam "(3)."
-
-.br
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/pam_set_item.3 b/doc/man/pam_set_item.3
deleted file mode 100644
index b0582778..00000000
--- a/doc/man/pam_set_item.3
+++ /dev/null
@@ -1,55 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1996,1997 <morgan@kernel.org>
-.TH PAM_SET_ITEM 3 "2001 Jan 21" "Linux-PAM" "App. Programmers' Manual"
-.SH NAME
-
-pam_set_item, pam_get_item \- item manipulation under PAM
-
-.SH SYNOPSIS
-.B #include <security/pam_appl.h>
-.br
-or
-.br
-.B #include <secruity/pam_modules.h>
-.sp
-.BI "int pam_set_item(pam_handle_t " *pamh ", int " item_type ", void " *item ");"
-.sp
-.BI "int pam_get_item(const pam_handle_t " *pamh ", int  " item_type ", const void " **item_p ");"
-.sp 2
-.SH DESCRIPTION
-.B pam_set_item
-.sp
-.B pam_set_item
-
-These functions are currently undocumented in a man page, but see the
-end of this man page for more information (the PAM guides).
-
-On success
-.BR PAM_SUCCESS
-is returned, all other return values should be treated as errors.
-
-.SH ERRORS
-May be translated to text with
-.BR pam_strerror "(3). "
-
-.SH "CONFORMING TO"
-DCE-RFC 86.0, October 1995.
-
-.SH BUGS
-.sp 2
-none known.
-
-.SH "SEE ALSO"
-
-.BR pam (8)
-and
-.BR pam_strerror "(3)."
-
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/pam_setcred.3 b/doc/man/pam_setcred.3
deleted file mode 100644
index 8c00fe71..00000000
--- a/doc/man/pam_setcred.3
+++ /dev/null
@@ -1,79 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1996,1997 <morgan@parc.power.net>
-.TH PAM_SETCRED 3 "1997 July 6" "Linux-PAM 0.58" "App. Programmers' Manual"
-.SH NAME
-
-pam_setcred \- set the credentials for the user
-
-.SH SYNOPSIS
-.B #include <security/pam_appl.h>
-.sp
-.BI "int pam_setcred(pam_handle_t " *pamh ", int  " flags ");"
-.sp 2
-.SH DESCRIPTION
-.B pam_setcred
-
-This function is used to establish, maintain and delete the
-credentials of a user. It should be called after a user has been
-authenticated and before a session is opened for the user (with
-.BR pam_open_session "(3))."
-
-It should be noted that credentials come in many forms. Examples
-include: group memberships; ticket-files; and Linux-PAM environment
-variables.  For this reason, it is important that the basic identity
-of the user is established, by the application, prior to a call to
-this function.  For example, the default
-.BR Linux-PAM
-environment variables should be set and also
-.BR initgroups "(2) "
-(or equivalent) should have been performed.
-
-.SH "VALID FLAGS"
-.TP
-.BR PAM_ESTABLISH_CRED
-initialize the credentials for the user.
-
-.TP
-.BR PAM_DELETE_CRED
-delete the user's credentials.
-
-.TP
-.BR PAM_REINITIALIZE_CRED
-delete and then initialize the user's credentials.
-
-.TP
-.BR PAM_REFRESH_CRED
-extend the lifetime of the existing credentials.
-
-.SH "RETURN VALUE"
-
-On success
-.BR PAM_SUCCESS
-is returned, all other return values should be treated as errors.
-
-.SH ERRORS
-May be translated to text with
-.BR pam_strerror "(3). "
-
-.SH "CONFORMING TO"
-DCE-RFC 86.0, October 1995.
-
-.SH BUGS
-.sp 2
-none known.
-
-.SH "SEE ALSO"
-
-.BR pam_authenticate "(3), "
-.BR pam_strerror "(3)"
-and
-.BR pam_open_session "(3). "
-
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/pam_start.3 b/doc/man/pam_start.3
deleted file mode 100644
index 9c11fd73..00000000
--- a/doc/man/pam_start.3
+++ /dev/null
@@ -1,98 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@parc.power.net>
-.TH PAM_START 3 "1997 Feb 15" "Linux-PAM 0.56" "Application Programmers' Manual"
-.SH NAME
-
-pam_start, pam_end \- activating Linux-PAM
-
-.SH SYNOPSIS
-.B #include <security/pam_appl.h>
-.sp
-.BI "int pam_start(const char " *service ", const char " *user ", const struct pam_conv " *conv ", pam_handle_t " **pamh_p ");"
-.sp
-.BI "int pam_end(pam_handle_t " *pamh ", int " pam_status ");"
-.sp 2
-.SH DESCRIPTION
-.TP
-.B pam_start
-Initialize the
-.I Linux-PAM
-library.  Identifying the application with a particular
-.IR service
-name.  The
-.IR user "name"
-can take the value
-.IR NULL ", "
-if not known at the time the interface is initialized.  The
-conversation structure is passed to the library via the
-.IR conv
-argument.  (For a complete description of this and other structures
-the reader is directed to the more verbose
-.IR Linux-PAM
-application developers' guide).  Upon successful initialization, an
-opaque pointer-handle for future access to the library is returned
-through the contents of the
-.IR pamh_p
-pointer.
-
-.TP
-.B pam_end
-Terminate the
-.B Linux-PAM
-library.  The service application associated with the
-.IR pamh
-handle, is terminated.  The argument,
-.IR pam_status ", "
-passes the value most recently returned to the application from the
-library; it indicates the manner in which the library should be
-shutdown.  Besides carrying a return value, this argument may be
-logically OR'd with
-.IR PAM_DATA_SILENT
-to indicate that the module should not treat the call too
-seriously. It is generally used to indicate that the current closing
-of the library is in a
-.IR fork "(2)ed"
-process, and that the parent will take care of cleaning up things that
-exist outside of the current process space (files etc.).
-
-.SH "RETURN VALUE"
-.TP
-.B pam_start
-.TP
-.B pam_end
-On success,
-.BR PAM_SUCCESS
-is returned
-
-.SH ERRORS
-May be translated to text with
-.BR pam_strerror "(3). "
-
-.SH "CONFORMING TO"
-DCE-RFC 86.0, October 1995.
-.sp
-Note, the 
-.BR PAM_DATA_SILENT
-flag is pending acceptance with the DCE (as of 1996/12/4).
-
-.SH BUGS
-.sp 2
-None known.
-
-.SH "SEE ALSO"
-
-.BR fork "(2), "
-.BR pam_authenticate "(3), "
-.BR pam_acct_mgmt "(3), "
-.BR pam_open_session "(3), "
-and
-.BR pam_chauthtok "(3)."
-
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/pam_strerror.3 b/doc/man/pam_strerror.3
deleted file mode 100644
index 01ee0635..00000000
--- a/doc/man/pam_strerror.3
+++ /dev/null
@@ -1,51 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" ripped off from Rick Faith's getgroups man page
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@linux.kernel.org>
-.TH PAM_STRERROR 3 "1999 Oct 4" "Linux-PAM 0.70" "Programmers' Manual"
-.SH NAME
-
-pam_strerror \- return a textual description of a Linux-PAM error
-
-.SH SYNOPSIS
-.B #include <security/pam_appl.h>
-.br
-or,
-.br
-.B #include <security/pam_modules.h>
-.sp
-.BI "const char * pam_strerror( pam_handle_t " "*pamh" ", int " pam_error ");"
-.sp 2
-.SH DESCRIPTION
-.B pam_strerror
-
-This function returns some text describing the
-.BR Linux-PAM
-error associated with the
-.B pam_error
-argument.
-
-.SH "RETURN VALUE"
-
-On success this function returns a description of the indicated
-error.  Should the function not recognize the error, ``Unknown
-Linux-PAM error'' is returned.
-
-.SH "CONFORMING TO"
-DCE-RFC 86.0, October 1995.
-
-.SH BUGS
-.sp 2
-This function should be internationalized.
-
-.SH "SEE ALSO"
-
-.BR pam "(8). "
-
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "
diff --git a/doc/man/template-man b/doc/man/template-man
deleted file mode 100644
index b8159eb6..00000000
--- a/doc/man/template-man
+++ /dev/null
@@ -1,52 +0,0 @@
-.\" Hey Emacs! This file is -*- nroff -*- source.
-.\" $Id$
-.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
-.TH PAM_???? 2 "1997 Jan 4" "Linux-PAM 0.55" "Application Programmers' Manual"
-.SH NAME
-
-function names \- brief summary of function
-
-.SH SYNOPSIS
-.B #include <security/pam_????.h>
-.sp
-.BI "int pam_???(pam_handle_t " pamh ", int  " flags);
-.sp 2
-.SH DESCRIPTION
-.TP
-.B pam_???
-Here goes the
-.I explanation
-it may be quite
-.IR long .
-.TP
-.SH "RETURN VALUE"
-.B pam_???
-On success...
-.BR PAM_SUCCESS
-is returned
-.TP
-.SH ERRORS
-May be translated to text with
-.BR pam_strerror "(2). "
-
-.SH "CONFORMING TO"
-.B pam_???
-DCE-RFC 86.0, October 1995.
-
-.SH BUGS
-.sp 2
-none known.
-
-.SH "SEE ALSO"
-
-.BR pam_??? "(2), "
-and
-.BR pam_??? "(2). "
-
-Also, see the three
-.BR Linux-PAM
-Guides, for
-.BR "System administrators" ", "
-.BR "module developers" ", "
-and
-.BR "application developers" ". "