diff options
Diffstat (limited to 'modules/pam_tally2/pam_tally2.8.xml')
| -rw-r--r-- | modules/pam_tally2/pam_tally2.8.xml | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml index a7a3fc47..255fcea4 100644 --- a/modules/pam_tally2/pam_tally2.8.xml +++ b/modules/pam_tally2/pam_tally2.8.xml @@ -43,6 +43,9 @@ root_unlock_time=<replaceable>n</replaceable> </arg> <arg choice="opt"> + serialize + </arg> + <arg choice="opt"> audit </arg> <arg choice="opt"> @@ -246,16 +249,6 @@ </varlistentry> <varlistentry> <term> - <option>no_reset</option> - </term> - <listitem> - <para> - Don't reset count on successful entry, only decrement. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> <option>even_deny_root</option> </term> <listitem> @@ -278,6 +271,23 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term> + <option>serialize</option> + </term> + <listitem> + <para> + Serialize access to the tally file using locks. This option might + be used only for non-multithreaded services because it depends on + the fcntl locking of the tally file. Also it is a good idea to use + this option only in such configurations where the time between auth + phase and account or setcred phase is not dependent on the + authenticating client. Otherwise the authenticating client will be + able to prevent simultaneous authentications by the same user by + simply artificially prolonging the time the file record lock is held. + </para> + </listitem> + </varlistentry> </variablelist> </listitem> </varlistentry> @@ -431,7 +441,7 @@ session optional pam_mail.so standard <refsect1 id='pam_tally2-author'> <title>AUTHOR</title> <para> - pam_tally was written by Tim Baverstock and Tomas Mraz. + pam_tally2 was written by Tim Baverstock and Tomas Mraz. </para> </refsect1> |