diff options
| author | Tomas Mraz <tm@t8m.info> | 2009-02-27 14:29:39 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2009-02-27 14:29:39 +0000 |
| commit | 42f4743cc3ca046833afcaeec01f9793d74bbfb4 (patch) | |
| tree | b969c921b0a5a924b09cf4d34ac74b01b309425c /modules/pam_tally2/pam_tally2.8.xml | |
| parent | 5891c5508e3b9ba699a6a6ba3dae9221a45528e5 (diff) | |
| download | pam-42f4743cc3ca046833afcaeec01f9793d74bbfb4.tar.gz pam-42f4743cc3ca046833afcaeec01f9793d74bbfb4.tar.bz2 pam-42f4743cc3ca046833afcaeec01f9793d74bbfb4.zip | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2009-02-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
signal() with sigaction().
* modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
Likewise.
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
Likewise.
* modules/pam_unix/passverify.c(su_sighandler): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
for auxiliary functions.
* modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
option. Document new serialize option.
* modules/pam_tally2/pam_tally2.c: Add support for the new serialize
option.
(_cleanup, tally_set_data, tally_get_data): Add tally file handle to
tally PAM data. Needed for fcntl() locking.
(get_tally): Use low level file access instead of stdio buffered FILE.
If serialize option is used lock the tally file access.
(set_tally, tally_bump, tally_reset): Use low level file access instead
of stdio buffered FILE. Close the file handle only when it is not owned
by PAM data.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
file handle to tally_set_data(). Get it from tally_get_data().
(main): Use low level file access instead of stdio buffered FILE.
Diffstat (limited to 'modules/pam_tally2/pam_tally2.8.xml')
| -rw-r--r-- | modules/pam_tally2/pam_tally2.8.xml | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml index a7a3fc47..255fcea4 100644 --- a/modules/pam_tally2/pam_tally2.8.xml +++ b/modules/pam_tally2/pam_tally2.8.xml @@ -43,6 +43,9 @@ root_unlock_time=<replaceable>n</replaceable> </arg> <arg choice="opt"> + serialize + </arg> + <arg choice="opt"> audit </arg> <arg choice="opt"> @@ -246,16 +249,6 @@ </varlistentry> <varlistentry> <term> - <option>no_reset</option> - </term> - <listitem> - <para> - Don't reset count on successful entry, only decrement. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> <option>even_deny_root</option> </term> <listitem> @@ -278,6 +271,23 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term> + <option>serialize</option> + </term> + <listitem> + <para> + Serialize access to the tally file using locks. This option might + be used only for non-multithreaded services because it depends on + the fcntl locking of the tally file. Also it is a good idea to use + this option only in such configurations where the time between auth + phase and account or setcred phase is not dependent on the + authenticating client. Otherwise the authenticating client will be + able to prevent simultaneous authentications by the same user by + simply artificially prolonging the time the file record lock is held. + </para> + </listitem> + </varlistentry> </variablelist> </listitem> </varlistentry> @@ -431,7 +441,7 @@ session optional pam_mail.so standard <refsect1 id='pam_tally2-author'> <title>AUTHOR</title> <para> - pam_tally was written by Tim Baverstock and Tomas Mraz. + pam_tally2 was written by Tim Baverstock and Tomas Mraz. </para> </refsect1> |