From cf2fc5ff7b4a8555fda2a5ebe5f6ab0e45c22996 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 25 Oct 2022 16:29:41 +0200 Subject: doc: Update PAM documentation from DockBook 4 to DocBook 5 Changed files -------------- Make.xml.rules.in: - Using RNG file instead of DTD file for checking XML files. - Taking the correct stylesheet for README files. doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am: - Using RNG file instead of DTD file for checking XML files. configure.ac: - Adding a new option for selecting RNG check file (-enable-docbook-rng) - Switching stylesheets to docbook 5 - Checking DocBook 5 environment instead of DocBook 4 environment *.xml: Update from DockBook 4 to DocBook 5 --- Make.xml.rules.in | 10 +- ci/install-dependencies.sh | 4 +- configure.ac | 33 ++-- doc/adg/Linux-PAM_ADG.xml | 199 +++++++++----------- doc/adg/Makefile.am | 6 +- doc/adg/pam_acct_mgmt.xml | 20 +- doc/adg/pam_authenticate.xml | 20 +- doc/adg/pam_chauthtok.xml | 20 +- doc/adg/pam_close_session.xml | 20 +- doc/adg/pam_conv.xml | 20 +- doc/adg/pam_end.xml | 20 +- doc/adg/pam_fail_delay.xml | 20 +- doc/adg/pam_get_item.xml | 20 +- doc/adg/pam_getenv.xml | 20 +- doc/adg/pam_getenvlist.xml | 20 +- doc/adg/pam_misc_conv.xml | 15 +- doc/adg/pam_misc_drop_env.xml | 15 +- doc/adg/pam_misc_paste_env.xml | 15 +- doc/adg/pam_misc_setenv.xml | 15 +- doc/adg/pam_open_session.xml | 20 +- doc/adg/pam_putenv.xml | 20 +- doc/adg/pam_set_item.xml | 20 +- doc/adg/pam_setcred.xml | 20 +- doc/adg/pam_start.xml | 20 +- doc/adg/pam_strerror.xml | 20 +- doc/man/misc_conv.3.xml | 35 ++-- doc/man/pam.3.xml | 40 ++-- doc/man/pam.8.xml | 85 ++++----- doc/man/pam.conf-desc.xml | 7 +- doc/man/pam.conf-dir.xml | 9 +- doc/man/pam.conf-syntax.xml | 12 +- doc/man/pam.conf.5.xml | 28 +-- doc/man/pam_acct_mgmt.3.xml | 20 +- doc/man/pam_authenticate.3.xml | 20 +- doc/man/pam_chauthtok.3.xml | 20 +- doc/man/pam_close_session.3.xml | 21 +-- doc/man/pam_conv.3.xml | 20 +- doc/man/pam_end.3.xml | 21 +-- doc/man/pam_error.3.xml | 23 +-- doc/man/pam_fail_delay.3.xml | 27 ++- doc/man/pam_get_authtok.3.xml | 33 ++-- doc/man/pam_get_data.3.xml | 21 +-- doc/man/pam_get_item.3.xml | 33 ++-- doc/man/pam_get_user.3.xml | 21 +-- doc/man/pam_getenv.3.xml | 20 +- doc/man/pam_getenvlist.3.xml | 20 +- doc/man/pam_info.3.xml | 23 +-- doc/man/pam_item_types_ext.inc.xml | 5 +- doc/man/pam_item_types_std.inc.xml | 5 +- doc/man/pam_misc_drop_env.3.xml | 21 +-- doc/man/pam_misc_paste_env.3.xml | 21 +-- doc/man/pam_misc_setenv.3.xml | 21 +-- doc/man/pam_open_session.3.xml | 21 +-- doc/man/pam_prompt.3.xml | 23 +-- doc/man/pam_putenv.3.xml | 20 +- doc/man/pam_set_data.3.xml | 21 +-- doc/man/pam_set_item.3.xml | 33 ++-- doc/man/pam_setcred.3.xml | 21 +-- doc/man/pam_sm_acct_mgmt.3.xml | 22 +-- doc/man/pam_sm_authenticate.3.xml | 22 +-- doc/man/pam_sm_chauthtok.3.xml | 30 ++- doc/man/pam_sm_close_session.3.xml | 22 +-- doc/man/pam_sm_open_session.3.xml | 22 +-- doc/man/pam_sm_setcred.3.xml | 24 ++- doc/man/pam_start.3.xml | 21 +-- doc/man/pam_strerror.3.xml | 21 +-- doc/man/pam_syslog.3.xml | 21 +-- doc/man/pam_xauth_data.3.xml | 21 +-- doc/mwg/Linux-PAM_MWG.xml | 178 ++++++++---------- doc/mwg/Makefile.am | 6 +- doc/mwg/pam_conv.xml | 20 +- doc/mwg/pam_fail_delay.xml | 20 +- doc/mwg/pam_get_data.xml | 20 +- doc/mwg/pam_get_item.xml | 20 +- doc/mwg/pam_get_user.xml | 20 +- doc/mwg/pam_getenv.xml | 20 +- doc/mwg/pam_getenvlist.xml | 20 +- doc/mwg/pam_putenv.xml | 20 +- doc/mwg/pam_set_data.xml | 20 +- doc/mwg/pam_set_item.xml | 20 +- doc/mwg/pam_sm_acct_mgmt.xml | 20 +- doc/mwg/pam_sm_authenticate.xml | 20 +- doc/mwg/pam_sm_chauthtok.xml | 20 +- doc/mwg/pam_sm_close_session.xml | 20 +- doc/mwg/pam_sm_open_session.xml | 20 +- doc/mwg/pam_sm_setcred.xml | 20 +- doc/mwg/pam_strerror.xml | 20 +- doc/sag/Linux-PAM_SAG.xml | 229 +++++++++-------------- doc/sag/Makefile.am | 7 +- doc/sag/pam_access.xml | 52 ++--- doc/sag/pam_debug.xml | 42 ++--- doc/sag/pam_deny.xml | 42 ++--- doc/sag/pam_echo.xml | 42 ++--- doc/sag/pam_env.xml | 52 ++--- doc/sag/pam_exec.xml | 42 ++--- doc/sag/pam_faildelay.xml | 42 ++--- doc/sag/pam_faillock.xml | 47 ++--- doc/sag/pam_filter.xml | 42 ++--- doc/sag/pam_ftp.xml | 42 ++--- doc/sag/pam_group.xml | 52 ++--- doc/sag/pam_issue.xml | 42 ++--- doc/sag/pam_keyinit.xml | 42 ++--- doc/sag/pam_lastlog.xml | 42 ++--- doc/sag/pam_limits.xml | 52 ++--- doc/sag/pam_listfile.xml | 42 ++--- doc/sag/pam_localuser.xml | 42 ++--- doc/sag/pam_loginuid.xml | 42 ++--- doc/sag/pam_mail.xml | 42 ++--- doc/sag/pam_mkhomedir.xml | 42 ++--- doc/sag/pam_motd.xml | 42 ++--- doc/sag/pam_namespace.xml | 52 ++--- doc/sag/pam_nologin.xml | 42 ++--- doc/sag/pam_permit.xml | 42 ++--- doc/sag/pam_pwhistory.xml | 47 ++--- doc/sag/pam_rhosts.xml | 42 ++--- doc/sag/pam_rootok.xml | 42 ++--- doc/sag/pam_securetty.xml | 42 ++--- doc/sag/pam_selinux.xml | 42 ++--- doc/sag/pam_sepermit.xml | 47 ++--- doc/sag/pam_setquota.xml | 42 ++--- doc/sag/pam_shells.xml | 42 ++--- doc/sag/pam_succeed_if.xml | 42 ++--- doc/sag/pam_time.xml | 52 ++--- doc/sag/pam_timestamp.xml | 52 ++--- doc/sag/pam_tty_audit.xml | 47 ++--- doc/sag/pam_umask.xml | 42 ++--- doc/sag/pam_unix.xml | 42 ++--- doc/sag/pam_userdb.xml | 42 ++--- doc/sag/pam_warn.xml | 42 ++--- doc/sag/pam_wheel.xml | 42 ++--- doc/sag/pam_xauth.xml | 42 ++--- modules/pam_access/README.xml | 32 +--- modules/pam_access/access.conf.5.xml | 20 +- modules/pam_access/pam_access.8.xml | 63 +++---- modules/pam_debug/README.xml | 32 +--- modules/pam_debug/pam_debug.8.xml | 61 +++--- modules/pam_deny/README.xml | 29 +-- modules/pam_deny/pam_deny.8.xml | 29 ++- modules/pam_echo/README.xml | 29 +-- modules/pam_echo/pam_echo.8.xml | 45 +++-- modules/pam_env/README.xml | 34 +--- modules/pam_env/pam_env.8.xml | 63 +++---- modules/pam_env/pam_env.conf.5.xml | 19 +- modules/pam_exec/README.xml | 32 +--- modules/pam_exec/pam_exec.8.xml | 65 +++---- modules/pam_faildelay/README.xml | 32 +--- modules/pam_faildelay/pam_faildelay.8.xml | 37 ++-- modules/pam_faillock/README.xml | 35 +--- modules/pam_faillock/faillock.8.xml | 41 ++-- modules/pam_faillock/faillock.conf.5.xml | 53 +++--- modules/pam_faillock/pam_faillock.8.xml | 74 ++++---- modules/pam_filter/README.xml | 32 +--- modules/pam_filter/pam_filter.8.xml | 51 +++-- modules/pam_ftp/README.xml | 32 +--- modules/pam_ftp/pam_ftp.8.xml | 41 ++-- modules/pam_group/README.xml | 29 +-- modules/pam_group/group.conf.5.xml | 19 +- modules/pam_group/pam_group.8.xml | 31 ++- modules/pam_issue/README.xml | 32 +--- modules/pam_issue/pam_issue.8.xml | 63 +++---- modules/pam_keyinit/README.xml | 32 +--- modules/pam_keyinit/pam_keyinit.8.xml | 47 +++-- modules/pam_lastlog/README.xml | 32 +--- modules/pam_lastlog/pam_lastlog.8.xml | 77 ++++---- modules/pam_limits/README.xml | 32 +--- modules/pam_limits/limits.conf.5.xml | 111 +++++------ modules/pam_limits/pam_limits.8.xml | 55 +++--- modules/pam_listfile/README.xml | 32 +--- modules/pam_listfile/pam_listfile.8.xml | 53 +++--- modules/pam_localuser/README.xml | 32 +--- modules/pam_localuser/pam_localuser.8.xml | 41 ++-- modules/pam_loginuid/README.xml | 29 +-- modules/pam_loginuid/pam_loginuid.8.xml | 33 ++-- modules/pam_mail/README.xml | 32 +--- modules/pam_mail/pam_mail.8.xml | 73 ++++---- modules/pam_mkhomedir/README.xml | 29 +-- modules/pam_mkhomedir/mkhomedir_helper.8.xml | 29 ++- modules/pam_mkhomedir/pam_mkhomedir.8.xml | 49 +++-- modules/pam_motd/README.xml | 32 +--- modules/pam_motd/pam_motd.8.xml | 41 ++-- modules/pam_namespace/README.xml | 37 +--- modules/pam_namespace/namespace.conf.5.xml | 19 +- modules/pam_namespace/pam_namespace.8.xml | 87 +++++---- modules/pam_namespace/pam_namespace_helper.8.xml | 21 +-- modules/pam_nologin/README.xml | 35 +--- modules/pam_nologin/pam_nologin.8.xml | 39 ++-- modules/pam_permit/README.xml | 32 +--- modules/pam_permit/pam_permit.8.xml | 29 ++- modules/pam_pwhistory/README.xml | 32 +--- modules/pam_pwhistory/pam_pwhistory.8.xml | 65 +++---- modules/pam_pwhistory/pwhistory.conf.5.xml | 39 ++-- modules/pam_pwhistory/pwhistory_helper.8.xml | 23 +-- modules/pam_rhosts/README.xml | 32 +--- modules/pam_rhosts/pam_rhosts.8.xml | 35 ++-- modules/pam_rootok/README.xml | 32 +--- modules/pam_rootok/pam_rootok.8.xml | 35 ++-- modules/pam_securetty/README.xml | 32 +--- modules/pam_securetty/pam_securetty.8.xml | 41 ++-- modules/pam_selinux/README.xml | 32 +--- modules/pam_selinux/pam_selinux.8.xml | 65 +++---- modules/pam_sepermit/README.xml | 32 +--- modules/pam_sepermit/pam_sepermit.8.xml | 41 ++-- modules/pam_sepermit/sepermit.conf.5.xml | 29 ++- modules/pam_setquota/README.xml | 32 +--- modules/pam_setquota/pam_setquota.8.xml | 64 +++---- modules/pam_shells/README.xml | 32 +--- modules/pam_shells/pam_shells.8.xml | 29 ++- modules/pam_stress/README.xml | 26 +-- modules/pam_stress/pam_stress.8.xml | 71 ++++--- modules/pam_succeed_if/README.xml | 32 +--- modules/pam_succeed_if/pam_succeed_if.8.xml | 78 ++++---- modules/pam_time/README.xml | 29 +-- modules/pam_time/pam_time.8.xml | 45 +++-- modules/pam_time/time.conf.5.xml | 23 +-- modules/pam_timestamp/README.xml | 35 +--- modules/pam_timestamp/pam_timestamp.8.xml | 53 +++--- modules/pam_timestamp/pam_timestamp_check.8.xml | 45 +++-- modules/pam_tty_audit/README.xml | 30 +-- modules/pam_tty_audit/pam_tty_audit.8.xml | 47 +++-- modules/pam_umask/README.xml | 32 +--- modules/pam_umask/pam_umask.8.xml | 51 +++-- modules/pam_unix/README.xml | 32 +--- modules/pam_unix/pam_unix.8.xml | 89 +++++---- modules/pam_unix/unix_chkpwd.8.xml | 23 +-- modules/pam_unix/unix_update.8.xml | 23 +-- modules/pam_userdb/README.xml | 32 +--- modules/pam_userdb/pam_userdb.8.xml | 67 ++++--- modules/pam_usertype/README.xml | 32 +--- modules/pam_usertype/pam_usertype.8.xml | 42 ++--- modules/pam_warn/README.xml | 32 +--- modules/pam_warn/pam_warn.8.xml | 31 ++- modules/pam_wheel/README.xml | 32 +--- modules/pam_wheel/pam_wheel.8.xml | 59 +++--- modules/pam_xauth/README.xml | 35 +--- modules/pam_xauth/pam_xauth.8.xml | 65 +++---- 235 files changed, 3399 insertions(+), 5102 deletions(-) diff --git a/Make.xml.rules.in b/Make.xml.rules.in index 27bb510e..98beb9ed 100644 --- a/Make.xml.rules.in +++ b/Make.xml.rules.in @@ -5,22 +5,22 @@ README: $(XMLS) README: README.xml - $(XSLTPROC) --path $(srcdir) --xinclude --stringparam generate.toc "none" @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-html.xsl $< | $(BROWSER) > $(srcdir)/$@ + $(XSLTPROC) --path $(srcdir) --xinclude --stringparam generate.toc "none" @STRINGPARAM_VENDORDIR@ --nonet $(TXT_STYLESHEET) $< | $(BROWSER) > $(srcdir)/$@ %.1: %.1.xml - $(XMLLINT) --nonet --xinclude --postvalid --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< %.3: %.3.xml - $(XMLLINT) --nonet --xinclude --postvalid --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< %.5: %.5.xml - $(XMLLINT) --nonet --xinclude --postvalid --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< %.8: %.8.xml - $(XMLLINT) --nonet --xinclude --postvalid --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ @STRINGPARAM_HMAC@ --nonet $(top_srcdir)/doc/custom-man.xsl $< #CLEANFILES += $(man_MANS) README diff --git a/ci/install-dependencies.sh b/ci/install-dependencies.sh index 6b48ebb2..13affe57 100755 --- a/ci/install-dependencies.sh +++ b/ci/install-dependencies.sh @@ -13,8 +13,8 @@ automake autopoint bison bzip2 -docbook-xml -docbook-xsl +docbook5-xml +docbook-xsl-ns flex gettext libaudit-dev diff --git a/configure.ac b/configure.ac index 538195e5..afa749cf 100644 --- a/configure.ac +++ b/configure.ac @@ -243,26 +243,35 @@ if test x"$enable_debug" = x"yes" ; then [lots of stuff gets written to /var/run/pam-debug.log]) fi +AC_ARG_ENABLE(docbook_rng, + AS_HELP_STRING([--enable-docbook-rng=FILE],[RNG file for checking XML files @<:@default=http://docbook.org/xml/5.0/rng/docbookxi.rng@:>@]), + DOCBOOK_RNG=$enableval, DOCBOOK_RNG=http://docbook.org/xml/5.0/rng/docbookxi.rng) +AC_SUBST(DOCBOOK_RNG) + AC_ARG_ENABLE(html_stylesheet, - AS_HELP_STRING([--enable-html-stylesheet=FILE],[html stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl@:>@]), - HTML_STYLESHEET=$enableval, HTML_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl) + AS_HELP_STRING([--enable-html-stylesheet=FILE],[html stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/html/chunk.xsl@:>@]), + HTML_STYLESHEET=$enableval, HTML_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/html/chunk.xsl) AC_SUBST(HTML_STYLESHEET) AC_ARG_ENABLE(txt_stylesheet, - AS_HELP_STRING([--enable-txt-stylesheet=FILE],[text stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl@:>@]), - TXT_STYLESHEET=$enableval, TXT_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl) + AS_HELP_STRING([--enable-txt-stylesheet=FILE],[text stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/html/docbook.xsl@:>@]), + TXT_STYLESHEET=$enableval, TXT_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/html/docbook.xsl) + + AC_SUBST(TXT_STYLESHEET) # It has to be TXT_STYLESHEET otherwise a html tree will be generated while generating all README files. sed "s+HTML_STYLESHEET+$TXT_STYLESHEET+g" doc/custom-html.xsl AC_ARG_ENABLE(pdf_stylesheet, - AS_HELP_STRING([--enable-pdf-stylesheet=FILE],[pdf stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl@:>@]), - PDF_STYLESHEET=$enableval, PDF_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl) + AS_HELP_STRING([--enable-pdf-stylesheet=FILE],[pdf stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/fo/docbook.xsl@:>@]), + PDF_STYLESHEET=$enableval, PDF_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/fo/docbook.xsl) AC_SUBST(PDF_STYLESHEET) AC_ARG_ENABLE(man_stylesheet, - AS_HELP_STRING([--enable-man-stylesheet=FILE],[man stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl@:>@]), - MAN_STYLESHEET=$enableval, MAN_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl) + AS_HELP_STRING([--enable-man-stylesheet=FILE],[man stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/manpages/profile-docbook.xsl@:>@]), + MAN_STYLESHEET=$enableval, MAN_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/manpages/profile-docbook.xsl) + + AC_SUBST(MAN_STYLESHEET) sed "s+MAN_STYLESHEET+$MAN_STYLESHEET+g" doc/custom-man.xsl @@ -608,10 +617,10 @@ if test -z "$XSLTPROC"; then enable_docu=no fi AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true]) -dnl check for DocBook DTD and stylesheets in the local catalog. -JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN], - [DocBook XML DTD V4.4], [], enable_docu=no) -JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl], +dnl check for DocBook RNG and stylesheets in the local catalog. +JH_CHECK_XML_CATALOG([http://docbook.org/xml/5.0/rng/docbookxi.rng], + [DocBook XML RNG V5.0], [], enable_docu=no) +JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl-ns/current/manpages/docbook.xsl], [DocBook XSL Stylesheets], [], enable_docu=no) AC_PATH_PROG([BROWSER], [w3m]) diff --git a/doc/adg/Linux-PAM_ADG.xml b/doc/adg/Linux-PAM_ADG.xml index 79452e17..169e15cf 100644 --- a/doc/adg/Linux-PAM_ADG.xml +++ b/doc/adg/Linux-PAM_ADG.xml @@ -1,50 +1,39 @@ - - - - + + The Linux-PAM Application Developers' Guide - - Andrew G. - Morgan - morgan@kernel.org - - - Thorsten - Kukuk - kukuk@thkukuk.de - + Andrew G.Morganmorgan@kernel.org + ThorstenKukukkukuk@thkukuk.de Version 1.1.2, 31. August 2010 This manual documents what an application developer needs to know - about the Linux-PAM library. It + about the Linux-PAM library. It describes how an application might use the - Linux-PAM library to authenticate + Linux-PAM library to authenticate users. In addition it contains a description of the functions to be found in libpam_misc library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer. - + - + Introduction -
+
Description - Linux-PAM + Linux-PAM (Pluggable Authentication Modules for Linux) is a library that enables the local system administrator to choose how individual applications authenticate users. For an overview of the - Linux-PAM library see the + Linux-PAM library see the Linux-PAM System Administrators' Guide. - It is the purpose of the Linux-PAM + It is the purpose of the Linux-PAM project to liberate the development of privilege granting software from the development of secure and appropriate authentication schemes. This is accomplished by providing a documented library of functions @@ -64,11 +53,11 @@
-
+
Synopsis For general applications that wish to use the services provided by - Linux-PAM the following is a summary + Linux-PAM the following is a summary of the relevant linking information: #include <security/pam_appl.h> @@ -92,7 +81,7 @@ cc -o application .... -lpam -lpam_misc
- + Overview Most service-giving applications are restricted. In other words, @@ -108,7 +97,7 @@ cc -o application .... -lpam -lpam_misc authentication-token (password changing) management services. It is important to realize when writing a PAM based application that these services are provided in a manner that is - transparent to the application. That is + transparent to the application. That is to say, when the application is written, no assumptions can be made about how the client will be authenticated. @@ -206,74 +195,58 @@ cc -o application .... -lpam -lpam_misc - + - The public interface to <emphasis remap='B'>Linux-PAM</emphasis> + The public interface to <emphasis remap="B">Linux-PAM</emphasis> Firstly, the relevant include file for the - Linux-PAM library is + Linux-PAM library is <security/pam_appl.h>. It contains the definitions for a number of functions. After listing these functions, we collect some guiding remarks for programmers. -
+
What can be expected by the application - - - - - - - - - - - - - - - + + + + + + + + + + + + + + +
-
+
What is expected of an application - +
-
+
Programming notes Note, all of the authentication service function calls accept the - token PAM_SILENT, which instructs + token PAM_SILENT, which instructs the modules to not send messages to the application. This token can be logically OR'd with any one of the permitted tokens specific to the individual function calls. - PAM_SILENT does not override the + PAM_SILENT does not override the prompting of the user for passwords etc., it only stops informative messages from being generated.
- + - Security issues of <emphasis remap='B'>Linux-PAM</emphasis> + Security issues of <emphasis remap="B">Linux-PAM</emphasis> PAM, from the perspective of an application, is a convenient API for @@ -284,19 +257,19 @@ cc -o application .... -lpam -lpam_misc A poorly (or maliciously) written application can defeat any - Linux-PAM module's authentication + Linux-PAM module's authentication mechanisms by simply ignoring it's return values. It is the applications task and responsibility to grant privileges and access - to services. The Linux-PAM library + to services. The Linux-PAM library simply assumes the responsibility of authenticating the user; ascertaining that the user is who they say they are. Care should be taken to anticipate all of the documented - behavior of the Linux-PAM library + behavior of the Linux-PAM library functions. A failure to do this will most certainly lead to a future security breach. -
+
Care about standard library calls In general, writers of authorization-granting applications should @@ -308,9 +281,9 @@ cc -o application .... -lpam -lpam_misc function is likely to corrupt a pointer previously obtained by the application. The application programmer should either re-call such a 'libc' function after a call to the - Linux-PAM library, or copy the + Linux-PAM library, or copy the structure contents to some safe area of memory before passing - control to the Linux-PAM library. + control to the Linux-PAM library. Two important function classes that fall into this category are @@ -322,12 +295,12 @@ cc -o application .... -lpam -lpam_misc
-
+
Choice of a service name When picking the service-name that corresponds to the first entry in the - Linux-PAM configuration file, + Linux-PAM configuration file, the application programmer should avoid the temptation of choosing something related to argv[0]. It is a trivial matter for any user @@ -352,11 +325,11 @@ cc -o application .... -lpam -lpam_misc and then run ./preferred_name. - By studying the Linux-PAM + By studying the Linux-PAM configuration file(s), an attacker can choose the preferred_name to be that of a service enjoying minimal protection; for example a game which uses - Linux-PAM to restrict access to + Linux-PAM to restrict access to certain hours of the day. If the service-name were to be linked to the filename under which the service was invoked, it is clear that the user is effectively in the position of @@ -370,7 +343,7 @@ cc -o application .... -lpam -lpam_misc
-
+
The conversation function Care should be taken to ensure that the conv() @@ -380,10 +353,10 @@ cc -o application .... -lpam -lpam_misc
-
+
The identity of the user - The Linux-PAM modules will need + The Linux-PAM modules will need to determine the identity of the user who requests a service, and the identity of the user who grants the service. These two users will seldom be the same. Indeed there is generally a third @@ -444,7 +417,7 @@ cc -o application .... -lpam -lpam_misc
-
+
Sufficient resources Care should be taken to ensure that the proper execution of an @@ -465,7 +438,7 @@ cc -o application .... -lpam -lpam_misc
- + A library of miscellaneous helper functions To aid the work of the application developer a library of @@ -479,24 +452,20 @@ cc -o application .... -lpam -lpam_misc library can be defined by including <security/pam_misc.h>. It should be noted that this library is specific to - Linux-PAM and is not referred to in + Linux-PAM and is not referred to in the defining DCE-RFC (see See also) below. -
+
Functions supplied - - - - + + + +
- + Porting legacy applications The point of PAM is that the application is not supposed to @@ -545,7 +514,7 @@ cc -o application .... -lpam -lpam_misc - + Glossary of PAM related terms The following are a list of terms used within this document. @@ -585,17 +554,17 @@ cc -o application .... -lpam -lpam_misc - + An example application - To get a flavor of the way a Linux-PAM + To get a flavor of the way a Linux-PAM application is written we include the following example. It prompts the user for their password and indicates whether their account is valid on the standard output, its return code also indicates the success (0 for success; 1 for failure). - /* This program was contributed by Shane Watts [modifications by AGM and kukuk] @@ -607,9 +576,9 @@ cc -o application .... -lpam -lpam_misc account required pam_unix.so */ -#include -#include -#include +#include <security/pam_appl.h> +#include <security/pam_misc.h> +#include <stdio.h> static struct pam_conv conv = { misc_conv, @@ -626,12 +595,12 @@ int main(int argc, char *argv[]) user = argv[1]; } - if(argc > 2) { + if(argc > 2) { fprintf(stderr, "Usage: check_user [username]\n"); exit(1); } - retval = pam_start("check_user", user, &conv, &pamh); + retval = pam_start("check_user", user, &conv, &pamh); if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); /* is user really user? */ @@ -655,24 +624,24 @@ int main(int argc, char *argv[]) return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ } -]]> + - + Files - /usr/include/security/pam_appl.h + /usr/include/security/pam_appl.h Header file with interfaces for - Linux-PAM applications. + Linux-PAM applications. - /usr/include/security/pam_misc.h + /usr/include/security/pam_misc.h Header file for useful library functions for making @@ -683,7 +652,7 @@ int main(int argc, char *argv[]) - + See also @@ -706,7 +675,7 @@ int main(int argc, char *argv[]) - + Author/acknowledgments This document was written by Andrew G. Morgan (morgan@kernel.org) @@ -726,14 +695,14 @@ int main(int argc, char *argv[]) Thanks are also due to Sun Microsystems, especially to Vipin Samar and Charlie Lai for their advice. At an early stage in the development of - Linux-PAM, Sun graciously made the + Linux-PAM, Sun graciously made the documentation for their implementation of PAM available. This act greatly accelerated the development of - Linux-PAM. + Linux-PAM. - + Copyright information for this document Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> @@ -777,4 +746,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - + \ No newline at end of file diff --git a/doc/adg/Makefile.am b/doc/adg/Makefile.am index b795b1a4..77abdb71 100644 --- a/doc/adg/Makefile.am +++ b/doc/adg/Makefile.am @@ -16,7 +16,7 @@ all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf Linux-PAM_ADG.pdf: $(XMLS) $(DEP_XMLS) if ENABLE_GENERATE_PDF - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ @@ -28,7 +28,7 @@ else endif Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ @@ -37,7 +37,7 @@ Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) @test -d html || mkdir -p html - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam base.dir html/ \ --stringparam root.filename Linux-PAM_ADG \ --stringparam use.id.as.filename 1 \ diff --git a/doc/adg/pam_acct_mgmt.xml b/doc/adg/pam_acct_mgmt.xml index 6a3a37d2..afcf2f2f 100644 --- a/doc/adg/pam_acct_mgmt.xml +++ b/doc/adg/pam_acct_mgmt.xml @@ -1,18 +1,12 @@ - - -
+
Account validation management - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_authenticate.xml b/doc/adg/pam_authenticate.xml index 2ca9b540..aa36c687 100644 --- a/doc/adg/pam_authenticate.xml +++ b/doc/adg/pam_authenticate.xml @@ -1,18 +1,12 @@ - - -
+
Authenticating the user - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_chauthtok.xml b/doc/adg/pam_chauthtok.xml index 1c613da7..e6815dde 100644 --- a/doc/adg/pam_chauthtok.xml +++ b/doc/adg/pam_chauthtok.xml @@ -1,18 +1,12 @@ - - -
+
Updating authentication tokens - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_close_session.xml b/doc/adg/pam_close_session.xml index 4b93fc3a..ed83d7a1 100644 --- a/doc/adg/pam_close_session.xml +++ b/doc/adg/pam_close_session.xml @@ -1,18 +1,12 @@ - - -
+
terminating PAM session management - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_conv.xml b/doc/adg/pam_conv.xml index 01b75127..b2ba876e 100644 --- a/doc/adg/pam_conv.xml +++ b/doc/adg/pam_conv.xml @@ -1,11 +1,7 @@ - - -
+
The conversation function - + struct pam_message { @@ -24,12 +20,10 @@ struct pam_conv { void *appdata_ptr; }; -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_end.xml b/doc/adg/pam_end.xml index efa328be..5e719255 100644 --- a/doc/adg/pam_end.xml +++ b/doc/adg/pam_end.xml @@ -1,18 +1,12 @@ - - -
+
Termination of PAM transaction - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_fail_delay.xml b/doc/adg/pam_fail_delay.xml index 589e1148..d602a1f7 100644 --- a/doc/adg/pam_fail_delay.xml +++ b/doc/adg/pam_fail_delay.xml @@ -1,18 +1,12 @@ - - -
+
Request a delay on failure - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_get_item.xml b/doc/adg/pam_get_item.xml index f23c734b..d12cb17d 100644 --- a/doc/adg/pam_get_item.xml +++ b/doc/adg/pam_get_item.xml @@ -1,18 +1,12 @@ - - -
+
Getting PAM items - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_getenv.xml b/doc/adg/pam_getenv.xml index 61d69c33..f7b483ed 100644 --- a/doc/adg/pam_getenv.xml +++ b/doc/adg/pam_getenv.xml @@ -1,18 +1,12 @@ - - -
+
Get a PAM environment variable - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_getenvlist.xml b/doc/adg/pam_getenvlist.xml index d3c2fcd3..4433c04d 100644 --- a/doc/adg/pam_getenvlist.xml +++ b/doc/adg/pam_getenvlist.xml @@ -1,18 +1,12 @@ - - -
+
Getting the PAM environment - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_misc_conv.xml b/doc/adg/pam_misc_conv.xml index 2dc760cc..4f54e11a 100644 --- a/doc/adg/pam_misc_conv.xml +++ b/doc/adg/pam_misc_conv.xml @@ -1,14 +1,9 @@ - - -
+
Text based conversation function - + -
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_misc_drop_env.xml b/doc/adg/pam_misc_drop_env.xml index 956d4815..cacb770e 100644 --- a/doc/adg/pam_misc_drop_env.xml +++ b/doc/adg/pam_misc_drop_env.xml @@ -1,14 +1,9 @@ - - -
+
Liberating a locally saved environment - + -
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_misc_paste_env.xml b/doc/adg/pam_misc_paste_env.xml index c6d3856b..8ab2440a 100644 --- a/doc/adg/pam_misc_paste_env.xml +++ b/doc/adg/pam_misc_paste_env.xml @@ -1,14 +1,9 @@ - - -
+
Transcribing an environment to that of PAM - + -
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_misc_setenv.xml b/doc/adg/pam_misc_setenv.xml index 3b1a32e4..7e8c489b 100644 --- a/doc/adg/pam_misc_setenv.xml +++ b/doc/adg/pam_misc_setenv.xml @@ -1,14 +1,9 @@ - - -
+
BSD like PAM environment variable setting - + -
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_open_session.xml b/doc/adg/pam_open_session.xml index ba738a55..10afa755 100644 --- a/doc/adg/pam_open_session.xml +++ b/doc/adg/pam_open_session.xml @@ -1,18 +1,12 @@ - - -
+
Start PAM session management - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_putenv.xml b/doc/adg/pam_putenv.xml index e55f1a42..6378a15b 100644 --- a/doc/adg/pam_putenv.xml +++ b/doc/adg/pam_putenv.xml @@ -1,18 +1,12 @@ - - -
+
Set or change PAM environment variable - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_set_item.xml b/doc/adg/pam_set_item.xml index 41169387..efc4292b 100644 --- a/doc/adg/pam_set_item.xml +++ b/doc/adg/pam_set_item.xml @@ -1,18 +1,12 @@ - - -
+
Setting PAM items - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_setcred.xml b/doc/adg/pam_setcred.xml index 1d3d23cd..488028cd 100644 --- a/doc/adg/pam_setcred.xml +++ b/doc/adg/pam_setcred.xml @@ -1,18 +1,12 @@ - - -
+
Setting user credentials - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_start.xml b/doc/adg/pam_start.xml index e5ec8481..c7ee4494 100644 --- a/doc/adg/pam_start.xml +++ b/doc/adg/pam_start.xml @@ -1,18 +1,12 @@ - - -
+
Initialization of PAM transaction - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/adg/pam_strerror.xml b/doc/adg/pam_strerror.xml index 35b08a27..e4e1c56a 100644 --- a/doc/adg/pam_strerror.xml +++ b/doc/adg/pam_strerror.xml @@ -1,18 +1,12 @@ - - -
+
Strings describing PAM error codes - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/man/misc_conv.3.xml b/doc/man/misc_conv.3.xml index d902ba83..92d4acd1 100644 --- a/doc/man/misc_conv.3.xml +++ b/doc/man/misc_conv.3.xml @@ -1,16 +1,13 @@ - - - - + misc_conv 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + misc_conv text based conversation function @@ -18,7 +15,7 @@ - + #include <security/pam_misc.h> int misc_conv @@ -30,7 +27,7 @@ - + DESCRIPTION The misc_conv function is part of @@ -50,7 +47,7 @@ - time_t pam_misc_conv_warn_time; + time_t pam_misc_conv_warn_time; This variable contains the time (as @@ -67,7 +64,7 @@ - const char *pam_misc_conv_warn_line; + const char *pam_misc_conv_warn_line; Used in conjunction with @@ -83,7 +80,7 @@ - time_t pam_misc_conv_die_time; + time_t pam_misc_conv_die_time; This variable contains the time (as @@ -100,7 +97,7 @@ - const char *pam_misc_conv_die_line; + const char *pam_misc_conv_die_line; Used in conjunction with @@ -116,7 +113,7 @@ - int pam_misc_conv_died; + int pam_misc_conv_died; Following a return from the Linux-PAM @@ -136,7 +133,7 @@ - int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); + int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); @@ -151,7 +148,7 @@ - int (*pam_binary_handler_free)(void *appdata, pamc_bp_t *delete_me); + int (*pam_binary_handler_free)(void *appdata, pamc_bp_t *delete_me); @@ -164,7 +161,7 @@ - + SEE ALSO @@ -176,7 +173,7 @@ - + STANDARDS The misc_conv function is part of the @@ -185,4 +182,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam.3.xml b/doc/man/pam.3.xml index 0b1efccf..4b828016 100644 --- a/doc/man/pam.3.xml +++ b/doc/man/pam.3.xml @@ -1,20 +1,18 @@ - - - + pam 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam Pluggable Authentication Modules Library - + #include <security/pam_appl.h> #include <security/pam_modules.h> @@ -22,10 +20,10 @@ - + DESCRIPTION - PAM is a system of libraries + PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface - API) that privilege granting @@ -38,7 +36,7 @@ defer to to perform standard authentication tasks. - + Initialization and Cleanup The @@ -64,7 +62,7 @@ - + Authentication The @@ -85,7 +83,7 @@ - + Account Management The @@ -98,7 +96,7 @@ - + Password Management The @@ -109,7 +107,7 @@ - + Session Management The @@ -124,7 +122,7 @@ - + Conversation The PAM library uses an application-defined callback to allow @@ -141,7 +139,7 @@ - + Data Objects The @@ -176,7 +174,7 @@ - + Environment and Error Management The @@ -202,7 +200,7 @@ - + RETURN VALUES The following return codes are known by PAM: @@ -389,7 +387,7 @@ - SEE ALSO + SEE ALSO pam_acct_mgmt3 @@ -430,10 +428,10 @@ - NOTES + NOTES The libpam interfaces are only thread-safe if each thread within the multithreaded application uses its own PAM handle. - + \ No newline at end of file diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml index 8eef665a..20cd19d9 100644 --- a/doc/man/pam.8.xml +++ b/doc/man/pam.8.xml @@ -1,32 +1,29 @@ - - - - + pam 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + PAM pam Pluggable Authentication Modules for Linux - + DESCRIPTION This manual is intended to offer a quick introduction to - Linux-PAM. For more information + Linux-PAM. For more information the reader is directed to the - Linux-PAM system administrators' guide. + Linux-PAM system administrators' guide. - Linux-PAM is a system of libraries + Linux-PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface - API) that privilege granting @@ -43,12 +40,12 @@ system administrator is free to choose how individual service-providing applications will authenticate users. This dynamic configuration is set by the contents of the single - Linux-PAM configuration file + Linux-PAM configuration file /etc/pam.conf. Alternatively, the configuration can be set by individual configuration files located in the /etc/pam.d/ directory. The presence of this - directory will cause Linux-PAM to - ignore /etc/pam.conf. + directory will cause Linux-PAM to + ignore /etc/pam.conf. @@ -64,26 +61,26 @@ From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the -Linux-PAM +Linux-PAM library. The important point to recognize is that the configuration file(s) -define +define the connection between applications -(services) +(services) and the pluggable authentication modules -(PAMs) +(PAMs) that perform the actual authentication tasks. -Linux-PAM +Linux-PAM separates the tasks of -authentication +authentication into four independent management groups: -account management; -authentication management; -password management; +account management; +authentication management; +password management; and -session management. +session management. (We highlight the abbreviations used for these groups in the configuration file.) @@ -92,12 +89,12 @@ configuration file.) user's request for a restricted service: -account - +account - provide account verification types of service: has the user's password expired?; is this user permitted access to the requested service? -authentication - +authentication - authenticate a user and set up user credentials. Typically this is via some challenge-response request that the user must satisfy: if you are who you claim to be please enter your password. Not all authentications @@ -105,64 +102,64 @@ are of this type, there exist hardware based authentication schemes (such as the use of smart-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication - such is the flexibility of -Linux-PAM. +Linux-PAM. -password - +password - this group's responsibility is the task of updating authentication mechanisms. Typically, such services are strongly coupled to those of the -auth +auth group. Some authentication mechanisms lend themselves well to being updated with such a function. Standard UN*X password-based access is the obvious example: please enter a replacement password. -session - +session - this group of tasks cover things that should be done prior to a service being given and after it is withdrawn. Such tasks include the maintenance of audit trails and the mounting of the user's home directory. The -session +session management group is important as it provides both an opening and closing hook for modules to affect the services available to a user. - + FILES - /etc/pam.conf + /etc/pam.conf the configuration file - /etc/pam.d + /etc/pam.d - the Linux-PAM configuration + the Linux-PAM configuration directory. Generally, if this directory is present, the /etc/pam.conf file is ignored. - /usr/lib/pam.d + /usr/lib/pam.d - the Linux-PAM vendor configuration + the Linux-PAM vendor configuration directory. Files in /etc/pam.d override files with the same name in this directory. - %vendordir%/pam.d + %vendordir%/pam.d - the Linux-PAM vendor configuration + the Linux-PAM vendor configuration directory. Files in /etc/pam.d and /usr/lib/pam.d override files with the same name in this directory. @@ -172,18 +169,18 @@ closing hook for modules to affect the services available to a user. - + ERRORS Typically errors generated by the - Linux-PAM system of libraries, will + Linux-PAM system of libraries, will be written to syslog3 . - + CONFORMING TO DCE-RFC 86.0, October 1995. @@ -192,7 +189,7 @@ closing hook for modules to affect the services available to a user. - + SEE ALSO @@ -212,4 +209,4 @@ closing hook for modules to affect the services available to a user. - + \ No newline at end of file diff --git a/doc/man/pam.conf-desc.xml b/doc/man/pam.conf-desc.xml index 909dcdbe..5dca89fe 100644 --- a/doc/man/pam.conf-desc.xml +++ b/doc/man/pam.conf-desc.xml @@ -1,7 +1,4 @@ - - -
+
When a PAM aware privilege granting application is started, it activates its attachment to the PAM-API. This @@ -18,4 +15,4 @@ behavior of the PAM-API in the event that individual PAMs fail. -
+
\ No newline at end of file diff --git a/doc/man/pam.conf-dir.xml b/doc/man/pam.conf-dir.xml index 8446cf35..8272337b 100644 --- a/doc/man/pam.conf-dir.xml +++ b/doc/man/pam.conf-dir.xml @@ -1,7 +1,4 @@ - - -
+
More flexible than the single configuration file is it to configure libpam via the contents of the @@ -25,6 +22,6 @@ type control module-path module-arguments The only difference being that the service-name is not present. The service-name is of course the name of the given configuration file. For example, /etc/pam.d/login contains the - configuration for the login service. + configuration for the login service. -
+
\ No newline at end of file diff --git a/doc/man/pam.conf-syntax.xml b/doc/man/pam.conf-syntax.xml index 5112f930..c7d90081 100644 --- a/doc/man/pam.conf-syntax.xml +++ b/doc/man/pam.conf-syntax.xml @@ -1,8 +1,4 @@ - - - -
+
The syntax of the /etc/pam.conf configuration file is as follows. The file is made up of a list @@ -18,7 +14,7 @@ - service type control module-path module-arguments + service type control module-path module-arguments @@ -411,7 +407,7 @@ should use `\]'. In other words: - [..[..\]..] --> ..[..].. + [..[..\]..] --> ..[..].. @@ -424,4 +420,4 @@ . -
+
\ No newline at end of file diff --git a/doc/man/pam.conf.5.xml b/doc/man/pam.conf.5.xml index 68f576af..62a2b410 100644 --- a/doc/man/pam.conf.5.xml +++ b/doc/man/pam.conf.5.xml @@ -1,15 +1,13 @@ - - - + pam.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam.conf pam.d PAM configuration files @@ -17,22 +15,16 @@ - + DESCRIPTION - + - + - + - + SEE ALSO @@ -47,4 +39,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_acct_mgmt.3.xml b/doc/man/pam_acct_mgmt.3.xml index 59760d7f..de6a94ab 100644 --- a/doc/man/pam_acct_mgmt.3.xml +++ b/doc/man/pam_acct_mgmt.3.xml @@ -1,14 +1,12 @@ - - - + pam_acct_mgmt 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_acct_mgmt PAM account validation management @@ -16,7 +14,7 @@ - + #include <security/pam_appl.h> int pam_acct_mgmt @@ -27,7 +25,7 @@ - + DESCRIPTION The pam_acct_mgmt function is used to determine @@ -62,7 +60,7 @@ - + RETURN VALUES @@ -122,7 +120,7 @@ - + SEE ALSO @@ -142,4 +140,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_authenticate.3.xml b/doc/man/pam_authenticate.3.xml index c2004eb4..794a5c71 100644 --- a/doc/man/pam_authenticate.3.xml +++ b/doc/man/pam_authenticate.3.xml @@ -1,14 +1,12 @@ - - - + pam_authenticate 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_authenticate account authentication @@ -16,7 +14,7 @@ - + #include <security/pam_appl.h> int pam_authenticate @@ -27,7 +25,7 @@ - + DESCRIPTION The pam_authenticate function is used to @@ -77,7 +75,7 @@ - + RETURN VALUES @@ -146,7 +144,7 @@ - + SEE ALSO @@ -166,4 +164,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_chauthtok.3.xml b/doc/man/pam_chauthtok.3.xml index f42bc68f..e184f45f 100644 --- a/doc/man/pam_chauthtok.3.xml +++ b/doc/man/pam_chauthtok.3.xml @@ -1,14 +1,12 @@ - - - + pam_chauthtok 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_chauthtok updating authentication tokens @@ -16,7 +14,7 @@ - + #include <security/pam_appl.h> int pam_chauthtok @@ -27,7 +25,7 @@ - + DESCRIPTION The pam_chauthtok function is used to change the @@ -64,7 +62,7 @@ - + RETURN VALUES @@ -138,7 +136,7 @@ - + SEE ALSO @@ -161,4 +159,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_close_session.3.xml b/doc/man/pam_close_session.3.xml index db549bda..e1c74ebd 100644 --- a/doc/man/pam_close_session.3.xml +++ b/doc/man/pam_close_session.3.xml @@ -1,16 +1,13 @@ - - - - + pam_close_session 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_close_session terminate PAM session management @@ -18,7 +15,7 @@ - + #include <security/pam_appl.h> int pam_close_session @@ -29,7 +26,7 @@ - + DESCRIPTION The pam_close_session function is used @@ -63,7 +60,7 @@ - + RETURN VALUES @@ -101,7 +98,7 @@ - + SEE ALSO @@ -112,4 +109,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_conv.3.xml b/doc/man/pam_conv.3.xml index 5106ddf7..31834f3c 100644 --- a/doc/man/pam_conv.3.xml +++ b/doc/man/pam_conv.3.xml @@ -1,14 +1,12 @@ - - - + pam_conv 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_conv PAM conversation function @@ -16,7 +14,7 @@ - + #include <security/pam_appl.h> @@ -38,7 +36,7 @@ struct pam_conv { - + DESCRIPTION The PAM library uses an application-defined callback to allow @@ -174,7 +172,7 @@ struct pam_conv { - + RETURN VALUES @@ -205,7 +203,7 @@ struct pam_conv { - + SEE ALSO @@ -225,4 +223,4 @@ struct pam_conv { - + \ No newline at end of file diff --git a/doc/man/pam_end.3.xml b/doc/man/pam_end.3.xml index 5febf85a..b2584e73 100644 --- a/doc/man/pam_end.3.xml +++ b/doc/man/pam_end.3.xml @@ -1,16 +1,13 @@ - - - - + pam_end 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_end termination of PAM transaction @@ -18,7 +15,7 @@ - + #include <security/pam_appl.h> int pam_end @@ -29,7 +26,7 @@ - + DESCRIPTION The pam_end function terminates the PAM @@ -79,7 +76,7 @@ - + RETURN VALUES @@ -102,7 +99,7 @@ - + SEE ALSO @@ -119,4 +116,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_error.3.xml b/doc/man/pam_error.3.xml index de167f2c..0f294c22 100644 --- a/doc/man/pam_error.3.xml +++ b/doc/man/pam_error.3.xml @@ -1,16 +1,13 @@ - - - - + pam_error 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_error pam_verror display error messages to the user @@ -18,7 +15,7 @@ - + #include <security/pam_ext.h> @@ -36,7 +33,7 @@ - + DESCRIPTION The pam_error function prints error messages @@ -51,7 +48,7 @@ variable argument list macros. - + RETURN VALUES @@ -89,7 +86,7 @@ - + SEE ALSO @@ -110,7 +107,7 @@ - + STANDARDS The pam_error and pam_verror @@ -118,4 +115,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_fail_delay.3.xml b/doc/man/pam_fail_delay.3.xml index 53c1f89e..c400736a 100644 --- a/doc/man/pam_fail_delay.3.xml +++ b/doc/man/pam_fail_delay.3.xml @@ -1,16 +1,13 @@ - - - - + pam_fail_delay 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_fail_delay request a delay on failure @@ -18,7 +15,7 @@ - + #include <security/pam_appl.h> int pam_fail_delay @@ -28,7 +25,7 @@ - + DESCRIPTION The pam_fail_delay function provides a @@ -105,7 +102,7 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); - + RATIONALE It is often possible to attack an authentication scheme by exploiting @@ -129,7 +126,7 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); - + EXAMPLE For example, a login application may require a failure delay of @@ -161,7 +158,7 @@ module #2: pam_fail_delay (pamh, 4000000); - + RETURN VALUES @@ -183,7 +180,7 @@ module #2: pam_fail_delay (pamh, 4000000); - + SEE ALSO @@ -198,7 +195,7 @@ module #2: pam_fail_delay (pamh, 4000000); - + STANDARDS The pam_fail_delay function is an @@ -206,4 +203,4 @@ module #2: pam_fail_delay (pamh, 4000000); - + \ No newline at end of file diff --git a/doc/man/pam_get_authtok.3.xml b/doc/man/pam_get_authtok.3.xml index 5d50b168..ba6d955e 100644 --- a/doc/man/pam_get_authtok.3.xml +++ b/doc/man/pam_get_authtok.3.xml @@ -1,16 +1,13 @@ - - - - + pam_get_authtok 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_get_authtok pam_get_authtok_verify pam_get_authtok_noverify @@ -19,7 +16,7 @@ - + #include <security/pam_ext.h> @@ -44,7 +41,7 @@ - + DESCRIPTION The pam_get_authtok function returns the @@ -119,7 +116,7 @@ - + OPTIONS pam_get_authtok honours the following module @@ -128,7 +125,7 @@ - + try_first_pass @@ -140,7 +137,7 @@ - + use_first_pass @@ -153,7 +150,7 @@ - + use_authtok @@ -166,7 +163,7 @@ - + authtok_type=XXX @@ -182,7 +179,7 @@ - + RETURN VALUES @@ -228,7 +225,7 @@ - + SEE ALSO @@ -237,7 +234,7 @@ - + STANDARDS The pam_get_authtok function is a Linux-PAM @@ -245,4 +242,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_get_data.3.xml b/doc/man/pam_get_data.3.xml index e84e5a4c..1e71cf3b 100644 --- a/doc/man/pam_get_data.3.xml +++ b/doc/man/pam_get_data.3.xml @@ -1,16 +1,13 @@ - - - - + pam_get_data 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_get_data get module internal data @@ -22,7 +19,7 @@ - + #include <security/pam_modules.h> int pam_get_data @@ -35,7 +32,7 @@ - + DESCRIPTION This function together with the @@ -58,7 +55,7 @@ - + RETURN VALUES @@ -90,7 +87,7 @@ - + SEE ALSO @@ -105,4 +102,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_get_item.3.xml b/doc/man/pam_get_item.3.xml index 1145273c..c30a279f 100644 --- a/doc/man/pam_get_item.3.xml +++ b/doc/man/pam_get_item.3.xml @@ -1,22 +1,13 @@ - - - ---> -]> - - + pam_get_item 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_get_item getting PAM information @@ -28,7 +19,7 @@ - + #include <security/pam_modules.h> int pam_get_item @@ -41,7 +32,7 @@ - + DESCRIPTION The pam_get_item function allows applications @@ -55,16 +46,14 @@ item_type: - + The following additional items are specific to Linux-PAM and should not be used in portable applications: - + If a service module wishes to obtain the name of the user, @@ -80,7 +69,7 @@ - + RETURN VALUES @@ -128,7 +117,7 @@ - + SEE ALSO @@ -140,4 +129,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_get_user.3.xml b/doc/man/pam_get_user.3.xml index 8bb176e4..121b3aa7 100644 --- a/doc/man/pam_get_user.3.xml +++ b/doc/man/pam_get_user.3.xml @@ -1,16 +1,13 @@ - - - - + pam_get_user 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_get_user get user name @@ -22,7 +19,7 @@ - + #include <security/pam_modules.h> int pam_get_user @@ -35,7 +32,7 @@ - + DESCRIPTION The pam_get_user function returns the @@ -87,7 +84,7 @@ - + RETURN VALUES @@ -143,7 +140,7 @@ - + SEE ALSO @@ -161,4 +158,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_getenv.3.xml b/doc/man/pam_getenv.3.xml index 7e8db015..df25863b 100644 --- a/doc/man/pam_getenv.3.xml +++ b/doc/man/pam_getenv.3.xml @@ -1,14 +1,12 @@ - - - + pam_getenv 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_getenv get a PAM environment variable @@ -16,7 +14,7 @@ - + #include <security/pam_appl.h> const char *pam_getenv @@ -27,7 +25,7 @@ - + DESCRIPTION The pam_getenv function searches the @@ -39,7 +37,7 @@ - + RETURN VALUES The pam_getenv function returns NULL @@ -47,7 +45,7 @@ - + SEE ALSO @@ -64,4 +62,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_getenvlist.3.xml b/doc/man/pam_getenvlist.3.xml index 1c29b737..54b1f411 100644 --- a/doc/man/pam_getenvlist.3.xml +++ b/doc/man/pam_getenvlist.3.xml @@ -1,14 +1,12 @@ - - - + pam_getenvlist 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_getenvlist getting the PAM environment @@ -16,7 +14,7 @@ - + #include <security/pam_appl.h> char **pam_getenvlist @@ -26,7 +24,7 @@ - + DESCRIPTION The pam_getenvlist function returns a complete @@ -57,7 +55,7 @@ - + RETURN VALUES The pam_getenvlist function returns NULL @@ -65,7 +63,7 @@ - + SEE ALSO @@ -82,4 +80,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_info.3.xml b/doc/man/pam_info.3.xml index 88e671c7..5155d419 100644 --- a/doc/man/pam_info.3.xml +++ b/doc/man/pam_info.3.xml @@ -1,16 +1,13 @@ - - - - + pam_info 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_info pam_vinfo display messages to the user @@ -18,7 +15,7 @@ - + #include <security/pam_ext.h> @@ -36,7 +33,7 @@ - + DESCRIPTION The pam_info function prints messages @@ -51,7 +48,7 @@ variable argument list macros. - + RETURN VALUES @@ -89,7 +86,7 @@ - + SEE ALSO @@ -98,7 +95,7 @@ - + STANDARDS The pam_info and pam_vinfo @@ -106,4 +103,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_item_types_ext.inc.xml b/doc/man/pam_item_types_ext.inc.xml index d36a5bd1..a5fee9c2 100644 --- a/doc/man/pam_item_types_ext.inc.xml +++ b/doc/man/pam_item_types_ext.inc.xml @@ -1,6 +1,5 @@ - - + PAM_FAIL_DELAY @@ -58,4 +57,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_item_types_std.inc.xml b/doc/man/pam_item_types_std.inc.xml index 81f240b0..9b229486 100644 --- a/doc/man/pam_item_types_std.inc.xml +++ b/doc/man/pam_item_types_std.inc.xml @@ -1,6 +1,5 @@ - - + PAM_SERVICE @@ -135,4 +134,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_misc_drop_env.3.xml b/doc/man/pam_misc_drop_env.3.xml index 1941f589..a7f6cc80 100644 --- a/doc/man/pam_misc_drop_env.3.xml +++ b/doc/man/pam_misc_drop_env.3.xml @@ -1,16 +1,13 @@ - - - - + pam_misc_drop_env 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_misc_drop_env liberating a locally saved environment @@ -18,7 +15,7 @@ - + #include <security/pam_misc.h> int pam_misc_drop_env @@ -27,7 +24,7 @@ - + DESCRIPTION This function is defined to complement the @@ -39,7 +36,7 @@ - + SEE ALSO @@ -51,7 +48,7 @@ - + STANDARDS The pam_misc_drop_env function is part of the @@ -60,4 +57,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_misc_paste_env.3.xml b/doc/man/pam_misc_paste_env.3.xml index d9a282c0..06194a9d 100644 --- a/doc/man/pam_misc_paste_env.3.xml +++ b/doc/man/pam_misc_paste_env.3.xml @@ -1,16 +1,13 @@ - - - - + pam_misc_paste_env 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_misc_paste_env transcribing an environment to that of PAM @@ -18,7 +15,7 @@ - + #include <security/pam_misc.h> int pam_misc_paste_env @@ -28,7 +25,7 @@ - + DESCRIPTION This function takes the supplied list of environment pointers and @@ -37,7 +34,7 @@ - + SEE ALSO @@ -49,7 +46,7 @@ - + STANDARDS The pam_misc_paste_env function is part of the @@ -58,4 +55,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_misc_setenv.3.xml b/doc/man/pam_misc_setenv.3.xml index 7e61a8dd..4414d54d 100644 --- a/doc/man/pam_misc_setenv.3.xml +++ b/doc/man/pam_misc_setenv.3.xml @@ -1,15 +1,12 @@ - - - - + pam_misc_setenv 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_misc_setenv BSD like PAM environment variable setting @@ -17,7 +14,7 @@ - + #include <security/pam_misc.h> int pam_misc_setenv @@ -29,7 +26,7 @@ - + DESCRIPTION This function performs a task equivalent to @@ -44,7 +41,7 @@ - + SEE ALSO @@ -56,7 +53,7 @@ - + STANDARDS The pam_misc_setenv function is part of the @@ -65,4 +62,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_open_session.3.xml b/doc/man/pam_open_session.3.xml index eba0bc01..d37b3e59 100644 --- a/doc/man/pam_open_session.3.xml +++ b/doc/man/pam_open_session.3.xml @@ -1,16 +1,13 @@ - - - - + pam_open_session 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_open_session start PAM session management @@ -18,7 +15,7 @@ - + #include <security/pam_appl.h> int pam_open_session @@ -29,7 +26,7 @@ - + DESCRIPTION The pam_open_session function sets up a @@ -63,7 +60,7 @@ - + RETURN VALUES @@ -101,7 +98,7 @@ - + SEE ALSO @@ -112,4 +109,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_prompt.3.xml b/doc/man/pam_prompt.3.xml index bf0c9bf6..c65a0c90 100644 --- a/doc/man/pam_prompt.3.xml +++ b/doc/man/pam_prompt.3.xml @@ -1,16 +1,13 @@ - - - - + pam_prompt 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_prompt pam_vprompt interface to conversation function @@ -18,7 +15,7 @@ - + #include <security/pam_ext.h> @@ -40,7 +37,7 @@ - + DESCRIPTION The pam_prompt function constructs a message @@ -52,7 +49,7 @@ - + RETURN VALUES @@ -91,7 +88,7 @@ - + SEE ALSO @@ -103,7 +100,7 @@ - + STANDARDS The pam_prompt and pam_vprompt @@ -111,4 +108,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_putenv.3.xml b/doc/man/pam_putenv.3.xml index 2d4afbc5..7267046f 100644 --- a/doc/man/pam_putenv.3.xml +++ b/doc/man/pam_putenv.3.xml @@ -1,14 +1,12 @@ - - - + pam_putenv 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_putenv set or change PAM environment variable @@ -16,7 +14,7 @@ - + #include <security/pam_appl.h> int pam_putenv @@ -27,7 +25,7 @@ - + DESCRIPTION The pam_putenv function is used to @@ -83,7 +81,7 @@ - + RETURN VALUES @@ -129,7 +127,7 @@ - + SEE ALSO @@ -149,4 +147,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_set_data.3.xml b/doc/man/pam_set_data.3.xml index c20068c6..2bcfeb0b 100644 --- a/doc/man/pam_set_data.3.xml +++ b/doc/man/pam_set_data.3.xml @@ -1,16 +1,13 @@ - - - - + pam_set_data 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_set_data set module internal data @@ -22,7 +19,7 @@ - + #include <security/pam_modules.h> int pam_set_data @@ -36,7 +33,7 @@ - + DESCRIPTION The pam_set_data function associates a pointer @@ -123,7 +120,7 @@ - + RETURN VALUES @@ -154,7 +151,7 @@ - + SEE ALSO @@ -169,4 +166,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_set_item.3.xml b/doc/man/pam_set_item.3.xml index 30ab92b9..1dbaeebf 100644 --- a/doc/man/pam_set_item.3.xml +++ b/doc/man/pam_set_item.3.xml @@ -1,22 +1,13 @@ - - - ---> -]> - - + pam_set_item 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_set_item set and update PAM information @@ -28,7 +19,7 @@ - + #include <security/pam_modules.h> int pam_set_item @@ -41,7 +32,7 @@ - + DESCRIPTION The pam_set_item function allows applications @@ -52,16 +43,14 @@ supported: - + The following additional items are specific to Linux-PAM and should not be used in portable applications: - + For all item_types, other than PAM_CONV and @@ -81,7 +70,7 @@ - + RETURN VALUES @@ -121,7 +110,7 @@ - + SEE ALSO @@ -133,4 +122,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_setcred.3.xml b/doc/man/pam_setcred.3.xml index 62922482..09fe30d1 100644 --- a/doc/man/pam_setcred.3.xml +++ b/doc/man/pam_setcred.3.xml @@ -1,16 +1,13 @@ - - - - + pam_setcred 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_setcred establish / delete user credentials @@ -19,7 +16,7 @@ - + #include <security/pam_appl.h> int pam_setcred @@ -30,7 +27,7 @@ - + DESCRIPTION The pam_setcred function is used to establish, @@ -95,7 +92,7 @@ - + RETURN VALUES @@ -160,7 +157,7 @@ - + SEE ALSO @@ -177,4 +174,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml index b37dc306..822a338a 100644 --- a/doc/man/pam_sm_acct_mgmt.3.xml +++ b/doc/man/pam_sm_acct_mgmt.3.xml @@ -1,14 +1,12 @@ - - - + pam_sm_acct_mgmt 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_sm_acct_mgmt PAM service function for account management @@ -16,7 +14,7 @@ - + #include <security/pam_modules.h> int pam_sm_acct_mgmt @@ -29,7 +27,7 @@ - + DESCRIPTION The pam_sm_acct_mgmt function is the service @@ -64,7 +62,7 @@ PAM_DISALLOW_NULL_AUTHTOK - Return PAM_AUTH_ERR if the + Return PAM_AUTH_ERR if the database of authentication tokens for this authentication mechanism has a NULL entry for the user. @@ -73,7 +71,7 @@ - + RETURN VALUES @@ -131,7 +129,7 @@ - + SEE ALSO @@ -151,4 +149,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml index ef3a8f15..ec3de2fd 100644 --- a/doc/man/pam_sm_authenticate.3.xml +++ b/doc/man/pam_sm_authenticate.3.xml @@ -1,14 +1,12 @@ - - - + pam_sm_authenticate 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_sm_authenticate PAM service function for user authentication @@ -16,7 +14,7 @@ - + #include <security/pam_modules.h> int pam_sm_authenticate @@ -29,7 +27,7 @@ - + DESCRIPTION The pam_sm_authenticate function is the service @@ -58,7 +56,7 @@ PAM_DISALLOW_NULL_AUTHTOK - Return PAM_AUTH_ERR if the + Return PAM_AUTH_ERR if the database of authentication tokens for this authentication mechanism has a NULL entry for the user. Without this flag, such a NULL token @@ -69,7 +67,7 @@ - + RETURN VALUES @@ -128,7 +126,7 @@ - + SEE ALSO @@ -148,4 +146,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml index 25e17d02..692bc620 100644 --- a/doc/man/pam_sm_chauthtok.3.xml +++ b/doc/man/pam_sm_chauthtok.3.xml @@ -1,14 +1,12 @@ - - - + pam_sm_chauthtok 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_sm_chauthtok PAM service function for authentication token management @@ -16,7 +14,7 @@ - + #include <security/pam_modules.h> int pam_sm_chauthtok @@ -29,7 +27,7 @@ - + DESCRIPTION The pam_sm_chauthtok function is the service @@ -77,7 +75,7 @@ some network it should attempt to verify it can connect to this system on receiving this flag. If a module cannot establish it is ready to update the user's authentication token it should - return PAM_TRY_AGAIN, this + return PAM_TRY_AGAIN, this information will be passed back to the application. @@ -93,7 +91,7 @@ This informs the module that this is the call it should change the authorization tokens. If the flag is logically OR'd with - PAM_CHANGE_EXPIRED_AUTHTOK, the + PAM_CHANGE_EXPIRED_AUTHTOK, the token is only changed if it has actually expired. @@ -101,15 +99,15 @@ The PAM library calls this function twice in succession. The first - time with PAM_PRELIM_CHECK and then, + time with PAM_PRELIM_CHECK and then, if the module does not return - PAM_TRY_AGAIN, subsequently with - PAM_UPDATE_AUTHTOK. It is only on + PAM_TRY_AGAIN, subsequently with + PAM_UPDATE_AUTHTOK. It is only on the second call that the authorization token is (possibly) changed. - + RETURN VALUES @@ -181,7 +179,7 @@ - + SEE ALSO @@ -201,4 +199,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml index 6d8278ec..e76693fd 100644 --- a/doc/man/pam_sm_close_session.3.xml +++ b/doc/man/pam_sm_close_session.3.xml @@ -1,14 +1,12 @@ - - - + pam_sm_close_session 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_sm_close_session PAM service function to terminate session management @@ -16,7 +14,7 @@ - + #include <security/pam_modules.h> int pam_sm_close_session @@ -29,7 +27,7 @@ - + DESCRIPTION The pam_sm_close_session function is the service @@ -40,7 +38,7 @@ This function is called to terminate a session. The only valid - value for flags is zero or: + value for flags is zero or: @@ -54,7 +52,7 @@ - + RETURN VALUES @@ -76,7 +74,7 @@ - + SEE ALSO @@ -96,4 +94,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml index ead7ca77..392225a4 100644 --- a/doc/man/pam_sm_open_session.3.xml +++ b/doc/man/pam_sm_open_session.3.xml @@ -1,14 +1,12 @@ - - - + pam_sm_open_session 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_sm_open_session PAM service function to start session management @@ -16,7 +14,7 @@ - + #include <security/pam_modules.h> int pam_sm_open_session @@ -29,7 +27,7 @@ - + DESCRIPTION The pam_sm_open_session function is the service @@ -40,7 +38,7 @@ This function is called to commence a session. The only valid - value for flags is zero or: + value for flags is zero or: @@ -54,7 +52,7 @@ - + RETURN VALUES @@ -76,7 +74,7 @@ - + SEE ALSO @@ -96,4 +94,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml index bb04a2df..93a69e3e 100644 --- a/doc/man/pam_sm_setcred.3.xml +++ b/doc/man/pam_sm_setcred.3.xml @@ -1,14 +1,12 @@ - - - + pam_sm_setcred 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_sm_setcred PAM service function to alter credentials @@ -16,7 +14,7 @@ - + #include <security/pam_modules.h> int pam_sm_setcred @@ -29,7 +27,7 @@ - + DESCRIPTION The pam_sm_setcred function is the service @@ -92,7 +90,7 @@ - The way the auth stack is + The way the auth stack is navigated in order to evaluate the pam_setcred() function call, independent of the pam_sm_setcred() return codes, is exactly the same way that it was navigated when @@ -102,11 +100,11 @@ libpam evaluates the pam_setcred() function call. Otherwise, the return codes from each module specific pam_sm_setcred() call are treated as - required. + required. - + RETURN VALUES @@ -158,7 +156,7 @@ - + SEE ALSO @@ -181,4 +179,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_start.3.xml b/doc/man/pam_start.3.xml index 1d544e64..470c6cec 100644 --- a/doc/man/pam_start.3.xml +++ b/doc/man/pam_start.3.xml @@ -1,16 +1,13 @@ - - - - + pam_start 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_start pam_start_confdir initialization of PAM transaction @@ -19,7 +16,7 @@ - + #include <security/pam_appl.h> int pam_start @@ -40,7 +37,7 @@ - + DESCRIPTION The pam_start function creates the PAM context @@ -108,7 +105,7 @@ - + RETURN VALUES @@ -147,7 +144,7 @@ - + SEE ALSO @@ -164,4 +161,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_strerror.3.xml b/doc/man/pam_strerror.3.xml index 954e131d..b76cbc4d 100644 --- a/doc/man/pam_strerror.3.xml +++ b/doc/man/pam_strerror.3.xml @@ -1,16 +1,13 @@ - - - - + pam_strerror 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_strerror return string describing PAM error code @@ -18,7 +15,7 @@ - + #include <security/pam_appl.h> const char *pam_strerror @@ -29,7 +26,7 @@ - + DESCRIPTION The pam_strerror function returns a pointer to @@ -40,14 +37,14 @@ modify this string. - + RETURN VALUES This function returns always a pointer to a string. - + SEE ALSO @@ -55,4 +52,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_syslog.3.xml b/doc/man/pam_syslog.3.xml index ca28587e..f5be287f 100644 --- a/doc/man/pam_syslog.3.xml +++ b/doc/man/pam_syslog.3.xml @@ -1,16 +1,13 @@ - - - - + pam_syslog 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_syslog pam_vsyslog send messages to the system logger @@ -18,7 +15,7 @@ - + #include <syslog.h> #include <security/pam_ext.h> @@ -39,7 +36,7 @@ - + DESCRIPTION The pam_syslog function logs messages using @@ -62,7 +59,7 @@ - + SEE ALSO @@ -71,7 +68,7 @@ - + STANDARDS The pam_syslog and pam_vsyslog @@ -79,4 +76,4 @@ - + \ No newline at end of file diff --git a/doc/man/pam_xauth_data.3.xml b/doc/man/pam_xauth_data.3.xml index 505985e4..447a9c2d 100644 --- a/doc/man/pam_xauth_data.3.xml +++ b/doc/man/pam_xauth_data.3.xml @@ -1,16 +1,13 @@ - - - - + pam_xauth_data 3 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_xauth_data structure containing X authentication data @@ -18,7 +15,7 @@ - + #include <security/pam_appl.h> @@ -31,7 +28,7 @@ struct pam_xauth_data { - + DESCRIPTION The pam_xauth_data structure contains X @@ -70,7 +67,7 @@ struct pam_xauth_data { - + SEE ALSO @@ -82,7 +79,7 @@ struct pam_xauth_data { - + STANDARDS The pam_xauth_data structure and @@ -91,4 +88,4 @@ struct pam_xauth_data { - + \ No newline at end of file diff --git a/doc/mwg/Linux-PAM_MWG.xml b/doc/mwg/Linux-PAM_MWG.xml index 3022538c..046c3c48 100644 --- a/doc/mwg/Linux-PAM_MWG.xml +++ b/doc/mwg/Linux-PAM_MWG.xml @@ -1,49 +1,38 @@ - - - - + + The Linux-PAM Module Writers' Guide - - Andrew G. - Morgan - morgan@kernel.org - - - Thorsten - Kukuk - kukuk@thkukuk.de - + Andrew G.Morganmorgan@kernel.org + ThorstenKukukkukuk@thkukuk.de Version 1.1.2, 31. August 2010 This manual documents what a programmer needs to know in order to write a module that conforms to the - Linux-PAM standard.It also + Linux-PAM standard.It also discusses some security issues from the point of view of the module programmer. - + - + Introduction -
+
Description - Linux-PAM (Pluggable Authentication + Linux-PAM (Pluggable Authentication Modules for Linux) is a library that enables the local system administrator to choose how individual applications authenticate users. For an overview of the - Linux-PAM library see the + Linux-PAM library see the Linux-PAM System Administrators' Guide. - A Linux-PAM module is a single + A Linux-PAM module is a single executable binary file that can be loaded by the - Linux-PAM interface library. + Linux-PAM interface library. This PAM library is configured locally with a system file, /etc/pam.conf, to authenticate a user request via the locally available authentication modules. The @@ -54,14 +43,14 @@ dlopen3 . Alternatively, the modules can be statically - linked into the Linux-PAM library; - this is mostly to allow Linux-PAM to + linked into the Linux-PAM library; + this is mostly to allow Linux-PAM to be used on platforms without dynamic linking available, but this is a deprecated functionality. It is the - Linux-PAM interface that is called + Linux-PAM interface that is called by an application and it is the responsibility of the library to locate, load and call the appropriate functions in a - Linux-PAM-module. + Linux-PAM-module. Except for the immediate purpose of interacting with the user @@ -71,7 +60,7 @@
-
+
Synopsis #include <security/pam_modules.h> @@ -82,63 +71,52 @@ gcc -shared -o pam_module.so pam_module.o -lpam
- + What can be expected by the module Here we list the interface that the conventions that all - Linux-PAM modules must adhere to. + Linux-PAM modules must adhere to. -
+
Getting and setting <emphasis>PAM_ITEM</emphasis>s and <emphasis>data</emphasis> First, we cover what the module should expect from the - Linux-PAM library and a - Linux-PAM aware application. + Linux-PAM library and a + Linux-PAM aware application. Essentially this is the libpam.* library. - - - - - - - - - + + + + + + + + +
-
+
Other functions provided by <filename>libpam</filename> - - + +
- + What is expected of a module The module must supply a sub-set of the six functions listed below. Together they define the function of a - Linux-PAM module. Module developers + Linux-PAM module. Module developers are strongly urged to read the comments on security that follow this list. -
+
Overview The six module functions are grouped into four independent @@ -149,7 +127,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam at least one of these groups. A single module may contain the necessary functions for all four groups. -
+
Functional independence The independence of the four groups of service a module can @@ -163,7 +141,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam As an informative example, consider the possibility that an application applies to change a user's authentication token, without having first requested that - Linux-PAM authenticate the + Linux-PAM authenticate the user. In some cases this may be deemed appropriate: when root wants to change the authentication token of some lesser user. In other cases it may not be @@ -176,7 +154,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam this when implementing a given module.
-
+
Minimizing administration problems To avoid system administration problems and the poor @@ -189,7 +167,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam simply return PAM_IGNORE.
-
+
Arguments supplied to the module The flags argument of each of @@ -203,7 +181,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam arguments are taken from the line appropriate to this module---that is, with the service_name matching that of the application---in the configuration file - (see the Linux-PAM + (see the Linux-PAM System Administrators' Guide). Together these two parameters provide the number of arguments and an array of pointers to the individual argument tokens. This will be familiar to C @@ -214,33 +192,27 @@ gcc -shared -o pam_module.so pam_module.o -lpam
-
+
Authentication management - - + +
-
+
Account management - +
-
+
Session management - - + +
-
+
Authentication token management - +
- + Generic optional arguments Here we list the generic arguments that all modules can expect to @@ -276,17 +248,17 @@ gcc -shared -o pam_module.so pam_module.o -lpam - + Programming notes Here we collect some pointers for the module writer to bear in mind - when writing/developing a Linux-PAM + when writing/developing a Linux-PAM compatible module. -
+
Security issues for module creation -
+
Sufficient resources Care should be taken to ensure that the proper execution @@ -299,7 +271,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam consideration.
-
+
Who´s who? Generally, the module may wish to establish the identity of @@ -349,13 +321,13 @@ gcc -shared -o pam_module.so pam_module.o -lpam Z, the user under whose identity the service will be granted. This is the username returned by pam_get_user() and also stored in the - Linux-PAM item, + Linux-PAM item, PAM_USER. - Linux-PAM has a place for + Linux-PAM has a place for an additional user identity that a module may care to make use of. This is the PAM_RUSER item. Generally, network sensitive modules/applications may wish @@ -369,10 +341,10 @@ gcc -shared -o pam_module.so pam_module.o -lpam uid or euid of the running process, it should take care to restore the original values prior to returning control to the - Linux-PAM library. + Linux-PAM library.
-
+
Using the conversation function Prior to calling the conversation function, the module should @@ -389,7 +361,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam indicating failure.
-
+
Authentication tokens To ensure that the authentication tokens are not left lying @@ -403,7 +375,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam general rule the module should overwrite authentication tokens as soon as they are no longer needed. Especially before free()'ing them. The - Linux-PAM library is + Linux-PAM library is required to do this when either of these authentication token items are (re)set. @@ -437,7 +409,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status)
-
+
Use of <citerefentry> <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> </citerefentry> @@ -451,7 +423,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) syslog3 with facility-type - LOG_AUTHPRIV. + LOG_AUTHPRIV. With a few exceptions, the level of logging is, at the discretion @@ -501,7 +473,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status)
-
+
Modules that require system libraries Writing a module is much like writing an application. You @@ -526,16 +498,16 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status)
- + An example module At some point, we may include a fully commented example of a module in this document. For now, please look at the modules directory of the - Linux-PAM sources. + Linux-PAM sources. - + See also @@ -558,7 +530,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) - + Author/acknowledgments This document was written by Andrew G. Morgan (morgan@kernel.org) @@ -578,14 +550,14 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) Thanks are also due to Sun Microsystems, especially to Vipin Samar and Charlie Lai for their advice. At an early stage in the development of - Linux-PAM, Sun graciously made the + Linux-PAM, Sun graciously made the documentation for their implementation of PAM available. This act greatly accelerated the development of - Linux-PAM. + Linux-PAM. - + Copyright information for this document Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> @@ -629,4 +601,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - + \ No newline at end of file diff --git a/doc/mwg/Makefile.am b/doc/mwg/Makefile.am index 688e6cb3..340249c6 100644 --- a/doc/mwg/Makefile.am +++ b/doc/mwg/Makefile.am @@ -16,7 +16,7 @@ all: Linux-PAM_MWG.txt html/Linux-PAM_MWG.html Linux-PAM_MWG.pdf Linux-PAM_MWG.pdf: $(XMLS) $(DEP_XMLS) if ENABLE_GENERATE_PDF - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ @@ -28,7 +28,7 @@ else endif Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ @@ -37,7 +37,7 @@ Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) @test -d html || mkdir -p html - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam base.dir html/ \ --stringparam root.filename Linux-PAM_MWG \ --stringparam use.id.as.filename 1 \ diff --git a/doc/mwg/pam_conv.xml b/doc/mwg/pam_conv.xml index a2b470af..2b369503 100644 --- a/doc/mwg/pam_conv.xml +++ b/doc/mwg/pam_conv.xml @@ -1,11 +1,7 @@ - - -
+
The conversation function - + struct pam_message { @@ -24,12 +20,10 @@ struct pam_conv { void *appdata_ptr; }; -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_fail_delay.xml b/doc/mwg/pam_fail_delay.xml index 589e1148..d602a1f7 100644 --- a/doc/mwg/pam_fail_delay.xml +++ b/doc/mwg/pam_fail_delay.xml @@ -1,18 +1,12 @@ - - -
+
Request a delay on failure - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_get_data.xml b/doc/mwg/pam_get_data.xml index b1afdb3f..e1342d16 100644 --- a/doc/mwg/pam_get_data.xml +++ b/doc/mwg/pam_get_data.xml @@ -1,18 +1,12 @@ - - -
+
Get module internal data - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_get_item.xml b/doc/mwg/pam_get_item.xml index 370a10a1..e0635d21 100644 --- a/doc/mwg/pam_get_item.xml +++ b/doc/mwg/pam_get_item.xml @@ -1,18 +1,12 @@ - - -
+
Getting PAM items - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_get_user.xml b/doc/mwg/pam_get_user.xml index 1cb7fdf3..3b79fe07 100644 --- a/doc/mwg/pam_get_user.xml +++ b/doc/mwg/pam_get_user.xml @@ -1,18 +1,12 @@ - - -
+
Get user name - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_getenv.xml b/doc/mwg/pam_getenv.xml index 61d69c33..f7b483ed 100644 --- a/doc/mwg/pam_getenv.xml +++ b/doc/mwg/pam_getenv.xml @@ -1,18 +1,12 @@ - - -
+
Get a PAM environment variable - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_getenvlist.xml b/doc/mwg/pam_getenvlist.xml index d3c2fcd3..4433c04d 100644 --- a/doc/mwg/pam_getenvlist.xml +++ b/doc/mwg/pam_getenvlist.xml @@ -1,18 +1,12 @@ - - -
+
Getting the PAM environment - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_putenv.xml b/doc/mwg/pam_putenv.xml index e55f1a42..6378a15b 100644 --- a/doc/mwg/pam_putenv.xml +++ b/doc/mwg/pam_putenv.xml @@ -1,18 +1,12 @@ - - -
+
Set or change PAM environment variable - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_set_data.xml b/doc/mwg/pam_set_data.xml index 18b2711b..3fb3b1fe 100644 --- a/doc/mwg/pam_set_data.xml +++ b/doc/mwg/pam_set_data.xml @@ -1,18 +1,12 @@ - - -
+
Set module internal data - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_set_item.xml b/doc/mwg/pam_set_item.xml index 7d19925e..7a8ee8de 100644 --- a/doc/mwg/pam_set_item.xml +++ b/doc/mwg/pam_set_item.xml @@ -1,18 +1,12 @@ - - -
+
Setting PAM items - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_sm_acct_mgmt.xml b/doc/mwg/pam_sm_acct_mgmt.xml index 10b3c9e9..c17a9bf0 100644 --- a/doc/mwg/pam_sm_acct_mgmt.xml +++ b/doc/mwg/pam_sm_acct_mgmt.xml @@ -1,18 +1,12 @@ - - -
+
Service function for account management - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_sm_authenticate.xml b/doc/mwg/pam_sm_authenticate.xml index 54c79af6..138fc1ff 100644 --- a/doc/mwg/pam_sm_authenticate.xml +++ b/doc/mwg/pam_sm_authenticate.xml @@ -1,18 +1,12 @@ - - -
+
Service function for user authentication - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_sm_chauthtok.xml b/doc/mwg/pam_sm_chauthtok.xml index a1364315..546ae662 100644 --- a/doc/mwg/pam_sm_chauthtok.xml +++ b/doc/mwg/pam_sm_chauthtok.xml @@ -1,18 +1,12 @@ - - -
+
Service function to alter authentication token - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_sm_close_session.xml b/doc/mwg/pam_sm_close_session.xml index 9346c506..69140b81 100644 --- a/doc/mwg/pam_sm_close_session.xml +++ b/doc/mwg/pam_sm_close_session.xml @@ -1,18 +1,12 @@ - - -
+
Service function to terminate session management - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_sm_open_session.xml b/doc/mwg/pam_sm_open_session.xml index b8e3fa90..aba28a3e 100644 --- a/doc/mwg/pam_sm_open_session.xml +++ b/doc/mwg/pam_sm_open_session.xml @@ -1,18 +1,12 @@ - - -
+
Service function to start session management - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_sm_setcred.xml b/doc/mwg/pam_sm_setcred.xml index eee8e1d6..36e43c04 100644 --- a/doc/mwg/pam_sm_setcred.xml +++ b/doc/mwg/pam_sm_setcred.xml @@ -1,18 +1,12 @@ - - -
+
Service function to alter credentials - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/mwg/pam_strerror.xml b/doc/mwg/pam_strerror.xml index 35b08a27..e4e1c56a 100644 --- a/doc/mwg/pam_strerror.xml +++ b/doc/mwg/pam_strerror.xml @@ -1,18 +1,12 @@ - - -
+
Strings describing PAM error codes - + -
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/Linux-PAM_SAG.xml b/doc/sag/Linux-PAM_SAG.xml index 2adaef7d..952f224b 100644 --- a/doc/sag/Linux-PAM_SAG.xml +++ b/doc/sag/Linux-PAM_SAG.xml @@ -1,36 +1,25 @@ - - - - + + The Linux-PAM System Administrators' Guide - - Andrew G. - Morgan - morgan@kernel.org - - - Thorsten - Kukuk - kukuk@thkukuk.de - + Andrew G.Morganmorgan@kernel.org + ThorstenKukukkukuk@thkukuk.de Version 1.1.2, 31. August 2010 This manual documents what a system-administrator needs to know about - the Linux-PAM library. It covers the + the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system. - + - + Introduction - Linux-PAM (Pluggable Authentication + Linux-PAM (Pluggable Authentication Modules for Linux) is a suite of shared libraries that enable the local system administrator to choose how applications authenticate users. @@ -58,7 +47,7 @@ on entries in the /etc/group file. - It is the purpose of the Linux-PAM + It is the purpose of the Linux-PAM project to separate the development of privilege granting software from the development of secure and appropriate authentication schemes. This is accomplished by providing a library of functions that an @@ -76,7 +65,7 @@ - + Some comments on the text Before proceeding to read the rest of this document, it should be @@ -91,7 +80,7 @@ As an example of the above, where it is explicit, the text assumes that PAM loadable object files (the - modules) are to be located in + modules) are to be located in the following directory: /lib/security/ or /lib64/security depending on the architecture. This is generally the location that seems to be compatible with the @@ -103,7 +92,7 @@ - + Overview For the uninitiated, we begin by considering an example. We take an @@ -121,16 +110,16 @@ password and then verifying that it agrees with that located on the system; hence verifying that as far as the system is concerned the user is who they claim to be. This is the task that is delegated - to Linux-PAM. + to Linux-PAM. From the perspective of the application programmer (in this case the person that wrote the login application), - Linux-PAM takes care of this + Linux-PAM takes care of this authentication task -- verifying the identity of the user. - The flexibility of Linux-PAM is + The flexibility of Linux-PAM is that you, the system administrator, have the freedom to stipulate which authentication scheme is to be used. You have the freedom to set the scheme for any/all @@ -152,7 +141,7 @@ authentication can be upgraded to include (long) division! - Linux-PAM deals with four + Linux-PAM deals with four separate types of (management) task. These are: authentication management; account management; @@ -160,15 +149,15 @@ password management. The association of the preferred management scheme with the behavior of an application is made with entries in the relevant - Linux-PAM configuration file. + Linux-PAM configuration file. The management functions are performed by modules specified in the configuration file. The syntax for this file is discussed in the section - below. + below. Here is a figure that describes the overall organization of - Linux-PAM: + Linux-PAM: +----------------+ | application: X | @@ -193,14 +182,14 @@ By way of explanation, the left of the figure represents the application; application X. Such an application interfaces with the - Linux-PAM library and knows none of + Linux-PAM library and knows none of the specifics of its configured authentication method. The - Linux-PAM library (in the center) + Linux-PAM library (in the center) consults the contents of the PAM configuration file and loads the modules that are appropriate for application-X. These modules fall into one of four management groups (lower-center) and are stacked in the order they appear in the configuration file. These modules, when - called by Linux-PAM, perform the + called by Linux-PAM, perform the various authentication tasks for the application. Textual information, required from/or offered to the user, can be exchanged through the use of the application-supplied conversation @@ -216,34 +205,28 @@ - + The Linux-PAM configuration file - -
+ +
Configuration file syntax - +
-
+
Directory based configuration - +
-
+
Example configuration file entries In this section, we give some examples of entries that can - be present in the Linux-PAM + be present in the Linux-PAM configuration file. As a first attempt at configuring your system you could do worse than to implement these. If a system is to be considered secure, it had better have a - reasonably secure 'other entry. + reasonably secure 'other entry. The following is a paranoid setting (which is not a bad place to start!): @@ -311,7 +294,7 @@ session required pam_deny.so On a less sensitive computer, one on which the system administrator wishes to remain ignorant of much of the - power of Linux-PAM, the + power of Linux-PAM, the following selection of lines (in /etc/pam.d/other) is likely to mimic the historically familiar Linux setup. @@ -331,21 +314,21 @@ session required pam_unix.so
- + Security issues -
+
If something goes wrong - Linux-PAM has the potential + Linux-PAM has the potential to seriously change the security of your system. You can choose to have no security or absolute security (no access - permitted). In general, Linux-PAM + permitted). In general, Linux-PAM errs towards the latter. Any number of configuration errors can disable access to your system partially, or completely. The most dramatic problem that is likely to be encountered when - configuring Linux-PAM is that of + configuring Linux-PAM is that of deleting the configuration file(s): /etc/pam.d/* and/or /etc/pam.conf. This will lock you out of @@ -357,11 +340,11 @@ session required pam_unix.so things from there.
-
+
Avoid having a weak `other' configuration It is not a good thing to have a weak default - (other) entry. + (other) entry. This service is the default configuration for all PAM aware applications and if it is weak, your system is likely to be vulnerable to attack. @@ -388,93 +371,57 @@ session required pam_warn.so
- + A reference guide for available modules Here, we collect together the descriptions of the various modules coming with Linux-PAM. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + See also @@ -497,7 +444,7 @@ session required pam_warn.so - + Author/acknowledgments This document was written by Andrew G. Morgan (morgan@kernel.org) @@ -518,14 +465,14 @@ session required pam_warn.so Thanks are also due to Sun Microsystems, especially to Vipin Samar and Charlie Lai for their advice. At an early stage in the development of - Linux-PAM, Sun graciously made the + Linux-PAM, Sun graciously made the documentation for their implementation of PAM available. This act greatly accelerated the development of - Linux-PAM. + Linux-PAM. - + Copyright information for this document Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> @@ -569,4 +516,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - + \ No newline at end of file diff --git a/doc/sag/Makefile.am b/doc/sag/Makefile.am index 84fd383f..04c90919 100644 --- a/doc/sag/Makefile.am +++ b/doc/sag/Makefile.am @@ -7,7 +7,6 @@ CLEANFILES = Linux-PAM_SAG.fo *~ EXTRA_DIST = $(XMLS) XMLS = Linux-PAM_SAG.xml $(shell ls $(srcdir)/pam_*.xml) - DEP_XMLS = $(shell ls $(top_srcdir)/modules/pam_*/pam_*.xml) if ENABLE_REGENERATE_MAN @@ -17,7 +16,7 @@ all: Linux-PAM_SAG.txt html/Linux-PAM_SAG.html Linux-PAM_SAG.pdf Linux-PAM_SAG.pdf: $(XMLS) $(DEP_XMLS) if ENABLE_GENERATE_PDF - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ @@ -29,7 +28,7 @@ else endif Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ @@ -38,7 +37,7 @@ Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) @test -d html || mkdir -p html - $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< + $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< $(XSLTPROC) --stringparam base.dir html/ \ --stringparam root.filename Linux-PAM_SAG \ --stringparam use.id.as.filename 1 \ diff --git a/doc/sag/pam_access.xml b/doc/sag/pam_access.xml index b9bf39d0..75f14b37 100644 --- a/doc/sag/pam_access.xml +++ b/doc/sag/pam_access.xml @@ -1,42 +1,30 @@ - - -
+
pam_access - logdaemon style login access control - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_debug.xml b/doc/sag/pam_debug.xml index b131954c..0c8aa940 100644 --- a/doc/sag/pam_debug.xml +++ b/doc/sag/pam_debug.xml @@ -1,34 +1,24 @@ - - -
+
pam_debug - debug the PAM stack - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_deny.xml b/doc/sag/pam_deny.xml index 2cb71a03..fdd2aaae 100644 --- a/doc/sag/pam_deny.xml +++ b/doc/sag/pam_deny.xml @@ -1,34 +1,24 @@ - - -
+
pam_deny - locking-out PAM module - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_echo.xml b/doc/sag/pam_echo.xml index b066d4ac..e4de8862 100644 --- a/doc/sag/pam_echo.xml +++ b/doc/sag/pam_echo.xml @@ -1,34 +1,24 @@ - - -
+
pam_echo - print text messages - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_env.xml b/doc/sag/pam_env.xml index 9f6e6331..68b7c4f0 100644 --- a/doc/sag/pam_env.xml +++ b/doc/sag/pam_env.xml @@ -1,42 +1,30 @@ - - -
+
pam_env - set/unset environment variables - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_exec.xml b/doc/sag/pam_exec.xml index 265e7f41..859bb3b9 100644 --- a/doc/sag/pam_exec.xml +++ b/doc/sag/pam_exec.xml @@ -1,34 +1,24 @@ - - -
+
pam_exec - call an external command - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_faildelay.xml b/doc/sag/pam_faildelay.xml index 1d8295e0..96902087 100644 --- a/doc/sag/pam_faildelay.xml +++ b/doc/sag/pam_faildelay.xml @@ -1,34 +1,24 @@ - - -
+
pam_faildelay - change the delay on failure per-application - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_faillock.xml b/doc/sag/pam_faillock.xml index 96940c6b..32777b1d 100644 --- a/doc/sag/pam_faillock.xml +++ b/doc/sag/pam_faillock.xml @@ -1,38 +1,27 @@ - - -
+
pam_faillock - temporarily locking access based on failed authentication attempts during an interval - - + + - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_filter.xml b/doc/sag/pam_filter.xml index 6a4a1ba2..56af28cb 100644 --- a/doc/sag/pam_filter.xml +++ b/doc/sag/pam_filter.xml @@ -1,34 +1,24 @@ - - -
+
pam_filter - filter module - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_ftp.xml b/doc/sag/pam_ftp.xml index b2456265..13fe40a0 100644 --- a/doc/sag/pam_ftp.xml +++ b/doc/sag/pam_ftp.xml @@ -1,34 +1,24 @@ - - -
+
pam_ftp - module for anonymous access - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_group.xml b/doc/sag/pam_group.xml index ce82bf0f..e4efc035 100644 --- a/doc/sag/pam_group.xml +++ b/doc/sag/pam_group.xml @@ -1,42 +1,30 @@ - - -
+
pam_group - module to modify group access - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_issue.xml b/doc/sag/pam_issue.xml index 5033d23f..f56cc463 100644 --- a/doc/sag/pam_issue.xml +++ b/doc/sag/pam_issue.xml @@ -1,34 +1,24 @@ - - -
+
pam_issue - add issue file to user prompt - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_keyinit.xml b/doc/sag/pam_keyinit.xml index 3caa4c27..d8013512 100644 --- a/doc/sag/pam_keyinit.xml +++ b/doc/sag/pam_keyinit.xml @@ -1,34 +1,24 @@ - - -
+
pam_keyinit - display the keyinit file - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_lastlog.xml b/doc/sag/pam_lastlog.xml index c250c018..1c9c6b2c 100644 --- a/doc/sag/pam_lastlog.xml +++ b/doc/sag/pam_lastlog.xml @@ -1,34 +1,24 @@ - - -
+
pam_lastlog - display date of last login - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_limits.xml b/doc/sag/pam_limits.xml index 7f898a40..f03a1e41 100644 --- a/doc/sag/pam_limits.xml +++ b/doc/sag/pam_limits.xml @@ -1,42 +1,30 @@ - - -
+
pam_limits - limit resources - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_listfile.xml b/doc/sag/pam_listfile.xml index db7acdc6..66d7a82e 100644 --- a/doc/sag/pam_listfile.xml +++ b/doc/sag/pam_listfile.xml @@ -1,34 +1,24 @@ - - -
+
pam_listfile - deny or allow services based on an arbitrary file - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_localuser.xml b/doc/sag/pam_localuser.xml index 480ff96e..a3cee75f 100644 --- a/doc/sag/pam_localuser.xml +++ b/doc/sag/pam_localuser.xml @@ -1,34 +1,24 @@ - - -
+
pam_localuser - require users to be listed in /etc/passwd - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_loginuid.xml b/doc/sag/pam_loginuid.xml index 3b442843..fc4a0967 100644 --- a/doc/sag/pam_loginuid.xml +++ b/doc/sag/pam_loginuid.xml @@ -1,34 +1,24 @@ - - -
+
pam_loginuid - record user's login uid to the process attribute - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_mail.xml b/doc/sag/pam_mail.xml index 031f786d..6b76770e 100644 --- a/doc/sag/pam_mail.xml +++ b/doc/sag/pam_mail.xml @@ -1,34 +1,24 @@ - - -
+
pam_mail - inform about available mail - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_mkhomedir.xml b/doc/sag/pam_mkhomedir.xml index dc6a1eb7..141395cd 100644 --- a/doc/sag/pam_mkhomedir.xml +++ b/doc/sag/pam_mkhomedir.xml @@ -1,34 +1,24 @@ - - -
+
pam_mkhomedir - create users home directory - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_motd.xml b/doc/sag/pam_motd.xml index 7a7d2dee..9af77bb5 100644 --- a/doc/sag/pam_motd.xml +++ b/doc/sag/pam_motd.xml @@ -1,34 +1,24 @@ - - -
+
pam_motd - display the motd file - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_namespace.xml b/doc/sag/pam_namespace.xml index 6ece9bc1..e18bc0f7 100644 --- a/doc/sag/pam_namespace.xml +++ b/doc/sag/pam_namespace.xml @@ -1,42 +1,30 @@ - - -
+
pam_namespace - setup a private namespace - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_nologin.xml b/doc/sag/pam_nologin.xml index 0c626b82..f2acf492 100644 --- a/doc/sag/pam_nologin.xml +++ b/doc/sag/pam_nologin.xml @@ -1,34 +1,24 @@ - - -
+
pam_nologin - prevent non-root users from login - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_permit.xml b/doc/sag/pam_permit.xml index 7c200478..52548c0d 100644 --- a/doc/sag/pam_permit.xml +++ b/doc/sag/pam_permit.xml @@ -1,34 +1,24 @@ - - -
+
pam_permit - the promiscuous module - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_pwhistory.xml b/doc/sag/pam_pwhistory.xml index 0677eae3..867a1bca 100644 --- a/doc/sag/pam_pwhistory.xml +++ b/doc/sag/pam_pwhistory.xml @@ -1,38 +1,27 @@ - - -
+
pam_pwhistory - grant access using .pwhistory file - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_rhosts.xml b/doc/sag/pam_rhosts.xml index 680a70c1..f70b1fbf 100644 --- a/doc/sag/pam_rhosts.xml +++ b/doc/sag/pam_rhosts.xml @@ -1,34 +1,24 @@ - - -
+
pam_rhosts - grant access using .rhosts file - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_rootok.xml b/doc/sag/pam_rootok.xml index 59c99ae9..ab4b4438 100644 --- a/doc/sag/pam_rootok.xml +++ b/doc/sag/pam_rootok.xml @@ -1,34 +1,24 @@ - - -
+
pam_rootok - gain only root access - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_securetty.xml b/doc/sag/pam_securetty.xml index 6ed13e59..9bd9fe21 100644 --- a/doc/sag/pam_securetty.xml +++ b/doc/sag/pam_securetty.xml @@ -1,34 +1,24 @@ - - -
+
pam_securetty - limit root login to special devices - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_selinux.xml b/doc/sag/pam_selinux.xml index 9a4f9878..cb64bcfe 100644 --- a/doc/sag/pam_selinux.xml +++ b/doc/sag/pam_selinux.xml @@ -1,34 +1,24 @@ - - -
+
pam_selinux - set the default security context - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_sepermit.xml b/doc/sag/pam_sepermit.xml index 9831a13f..26426615 100644 --- a/doc/sag/pam_sepermit.xml +++ b/doc/sag/pam_sepermit.xml @@ -1,38 +1,27 @@ - - -
+
pam_sepermit - allow/reject access based on SELinux mode - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_setquota.xml b/doc/sag/pam_setquota.xml index 368dfd8e..01d18732 100644 --- a/doc/sag/pam_setquota.xml +++ b/doc/sag/pam_setquota.xml @@ -1,34 +1,24 @@ - - -
+
pam_setquota - set or modify disk quotas on session start - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_shells.xml b/doc/sag/pam_shells.xml index b3b3d327..6765a197 100644 --- a/doc/sag/pam_shells.xml +++ b/doc/sag/pam_shells.xml @@ -1,34 +1,24 @@ - - -
+
pam_shells - check for valid login shell - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_succeed_if.xml b/doc/sag/pam_succeed_if.xml index ce0792d9..7c9f4934 100644 --- a/doc/sag/pam_succeed_if.xml +++ b/doc/sag/pam_succeed_if.xml @@ -1,34 +1,24 @@ - - -
+
pam_succeed_if - test account characteristics - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_time.xml b/doc/sag/pam_time.xml index 74e9e02a..e15d20a0 100644 --- a/doc/sag/pam_time.xml +++ b/doc/sag/pam_time.xml @@ -1,42 +1,30 @@ - - -
+
pam_time - time controlled access - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_timestamp.xml b/doc/sag/pam_timestamp.xml index 833a6bac..dfe87e7d 100644 --- a/doc/sag/pam_timestamp.xml +++ b/doc/sag/pam_timestamp.xml @@ -1,42 +1,30 @@ - - -
+
pam_timestamp - authenticate using cached successful authentication attempts - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_tty_audit.xml b/doc/sag/pam_tty_audit.xml index 86d1cd03..44de8105 100644 --- a/doc/sag/pam_tty_audit.xml +++ b/doc/sag/pam_tty_audit.xml @@ -1,38 +1,27 @@ - - -
+
pam_tty_audit - enable/disable tty auditing - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_umask.xml b/doc/sag/pam_umask.xml index b0535086..2fb200bb 100644 --- a/doc/sag/pam_umask.xml +++ b/doc/sag/pam_umask.xml @@ -1,34 +1,24 @@ - - -
+
pam_umask - set the file mode creation mask - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_unix.xml b/doc/sag/pam_unix.xml index 24bbaec3..bb341224 100644 --- a/doc/sag/pam_unix.xml +++ b/doc/sag/pam_unix.xml @@ -1,34 +1,24 @@ - - -
+
pam_unix - traditional password authentication - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_userdb.xml b/doc/sag/pam_userdb.xml index 47c2c727..3c1bbc17 100644 --- a/doc/sag/pam_userdb.xml +++ b/doc/sag/pam_userdb.xml @@ -1,34 +1,24 @@ - - -
+
pam_userdb - authenticate against a db database - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_warn.xml b/doc/sag/pam_warn.xml index e2e7adba..0f1376be 100644 --- a/doc/sag/pam_warn.xml +++ b/doc/sag/pam_warn.xml @@ -1,34 +1,24 @@ - - -
+
pam_warn - logs all PAM items - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_wheel.xml b/doc/sag/pam_wheel.xml index 5ea011e3..76f02042 100644 --- a/doc/sag/pam_wheel.xml +++ b/doc/sag/pam_wheel.xml @@ -1,34 +1,24 @@ - - -
+
pam_wheel - only permit root access to members of group wheel - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/doc/sag/pam_xauth.xml b/doc/sag/pam_xauth.xml index 9aca9ffa..4c9ba35e 100644 --- a/doc/sag/pam_xauth.xml +++ b/doc/sag/pam_xauth.xml @@ -1,34 +1,24 @@ - - -
+
pam_xauth - forward xauth keys between users - - + + -
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
- +
+
-
+
\ No newline at end of file diff --git a/modules/pam_access/README.xml b/modules/pam_access/README.xml index 8c7d078b..408aed00 100644 --- a/modules/pam_access/README.xml +++ b/modules/pam_access/README.xml @@ -1,39 +1,23 @@ - - ---> - -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_access.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_access-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_access.8.xml" xpointer='xpointer(id("pam_access-name")/*)'/> - +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml index 8fdbc31d..ff1cb223 100644 --- a/modules/pam_access/access.conf.5.xml +++ b/modules/pam_access/access.conf.5.xml @@ -1,8 +1,4 @@ - - - - + access.conf @@ -16,7 +12,7 @@ - + DESCRIPTION The /etc/security/access.conf file specifies @@ -126,7 +122,7 @@ - + EXAMPLES These are some example lines which might be specified in @@ -135,7 +131,7 @@ User root should be allowed to get access via - cron, X11 terminal :0, + cron, X11 terminal :0, tty1, ..., tty5, tty6. @@ -216,7 +212,7 @@ - + NOTES The default separators of list items in a field are space, ',', and tabulator @@ -228,7 +224,7 @@ - + SEE ALSO pam_access8, @@ -237,7 +233,7 @@ - + AUTHORS Original login.access5 @@ -250,4 +246,4 @@ introduced by Mike Becher <mike.becher@lrz-muenchen.de>. - + \ No newline at end of file diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml index db853410..010e749e 100644 --- a/modules/pam_access/pam_access.8.xml +++ b/modules/pam_access/pam_access.8.xml @@ -1,16 +1,13 @@ - - - - + pam_access 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_access PAM module for logdaemon style login access control @@ -20,31 +17,31 @@ - + pam_access.so - + debug - + nodefgroup - + noaudit - + accessfile=file - + fieldsep=sep - + listsep=sep - + DESCRIPTION The pam_access PAM module is mainly for access management. @@ -92,13 +89,13 @@ - + OPTIONS - + accessfile=/path/to/access.conf @@ -111,7 +108,7 @@ - + debug @@ -123,7 +120,7 @@ - + noaudit @@ -134,19 +131,19 @@ - + fieldsep=separators This option modifies the field separator character that pam_access will recognize when parsing the access configuration file. For example: - fieldsep=| will cause the + fieldsep=| will cause the default `:' character to be treated as part of a field value and `|' becomes the field separator. Doing this may be useful in conjunction with a system that wants to use pam_access with X based applications, since the - PAM_TTY item is likely to be + PAM_TTY item is likely to be of the form "hostname:0" which includes a `:' character in its value. But you should not need this. @@ -155,14 +152,14 @@ - + listsep=separators This option modifies the list separator character that pam_access will recognize when parsing the access configuration file. For example: - listsep=, will cause the + listsep=, will cause the default ` ' (space) and `\t' (tab) characters to be treated as part of a list element value and `,' becomes the only list element separator. Doing this may be useful on a system @@ -175,7 +172,7 @@ - + nodefgroup @@ -190,7 +187,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -198,7 +195,7 @@ - + RETURN VALUES @@ -244,17 +241,17 @@ - + FILES - /etc/security/access.conf + /etc/security/access.conf Default configuration file - %vendordir%/security/access.conf + %vendordir%/security/access.conf Default configuration file if /etc/security/access.conf does not exist. @@ -263,7 +260,7 @@ - + SEE ALSO @@ -278,7 +275,7 @@ - + AUTHORS The logdaemon style login access control scheme was designed and implemented by @@ -289,4 +286,4 @@ was developed and provided by Mike Becher <mike.becher@lrz-muenchen.de>. - + \ No newline at end of file diff --git a/modules/pam_debug/README.xml b/modules/pam_debug/README.xml index ef41911b..cdcec7f4 100644 --- a/modules/pam_debug/README.xml +++ b/modules/pam_debug/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_debug.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_debug-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_debug.8.xml" xpointer='xpointer(id("pam_debug-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml index 3d85f4d8..1c98f17e 100644 --- a/modules/pam_debug/pam_debug.8.xml +++ b/modules/pam_debug/pam_debug.8.xml @@ -1,51 +1,48 @@ - - - - + pam_debug 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_debug PAM module to debug the PAM stack - + pam_debug.so - + auth=value - + cred=value - + acct=value - + prechauthtok=value - + chauthtok=value - + auth=value - + open_session=value - + close_session=value - + DESCRIPTION The pam_debug PAM module is intended as a debugging aide for @@ -54,12 +51,12 @@ - + OPTIONS - + auth=value @@ -73,7 +70,7 @@ - + cred=value @@ -87,7 +84,7 @@ - + acct=value @@ -101,7 +98,7 @@ - + prechauthtok=value @@ -116,7 +113,7 @@ - + chauthtok=value @@ -126,13 +123,13 @@ function will return value if the PAM_PRELIM_CHECK flag is - not set. + not set. - + open_session=value @@ -146,7 +143,7 @@ - + close_session=value @@ -171,7 +168,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -179,7 +176,7 @@ - + RETURN VALUES @@ -194,7 +191,7 @@ - + EXAMPLES auth requisite pam_permit.so @@ -206,7 +203,7 @@ auth sufficient pam_debug.so auth=success cred=success - + SEE ALSO @@ -221,11 +218,11 @@ auth sufficient pam_debug.so auth=success cred=success - + AUTHOR pam_debug was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_deny/README.xml b/modules/pam_deny/README.xml index ff2e82b0..d3ba53ce 100644 --- a/modules/pam_deny/README.xml +++ b/modules/pam_deny/README.xml @@ -1,36 +1,23 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_deny.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_deny-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_deny.8.xml" xpointer='xpointer(id("pam_deny-name")/*)'/> - +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml index a9283582..db8fcb63 100644 --- a/modules/pam_deny/pam_deny.8.xml +++ b/modules/pam_deny/pam_deny.8.xml @@ -1,27 +1,24 @@ - - - - + pam_deny 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_deny The locking-out PAM module - + pam_deny.so - + DESCRIPTION @@ -33,12 +30,12 @@ - + OPTIONS This module does not recognise any options. - + MODULE TYPES PROVIDED All module types (, , @@ -46,7 +43,7 @@ - + RETURN VALUES @@ -91,7 +88,7 @@ - + EXAMPLES #%PAM-1.0 @@ -110,7 +107,7 @@ other session required pam_deny.so - + SEE ALSO @@ -125,11 +122,11 @@ other session required pam_deny.so - + AUTHOR pam_deny was written by Andrew G. Morgan <morgan@kernel.org> - + \ No newline at end of file diff --git a/modules/pam_echo/README.xml b/modules/pam_echo/README.xml index b1556e38..ceecf9ef 100644 --- a/modules/pam_echo/README.xml +++ b/modules/pam_echo/README.xml @@ -1,36 +1,23 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_echo.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_echo-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_echo.8.xml" xpointer='xpointer(id("pam_echo-name")/*)'/> - +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml index ef76b022..07b793d9 100644 --- a/modules/pam_echo/pam_echo.8.xml +++ b/modules/pam_echo/pam_echo.8.xml @@ -1,15 +1,12 @@ - - - - + pam_echo 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_echo PAM module for printing text messages @@ -17,15 +14,15 @@ - + pam_echo.so - + file=/path/message - + DESCRIPTION The pam_echo PAM module is for printing @@ -35,37 +32,37 @@ - %H + %H The name of the remote host (PAM_RHOST). - %h + %h The name of the local host. - %s + %s The service name (PAM_SERVICE). - %t + %t The name of the controlling terminal (PAM_TTY). - %U + %U The remote user name (PAM_RUSER). - %u + %u The local user name (PAM_USER). @@ -79,12 +76,12 @@ - + OPTIONS - + file=/path/message @@ -96,7 +93,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -106,7 +103,7 @@ - + RETURN VALUES @@ -137,7 +134,7 @@ - + EXAMPLES For an example of the use of this module, we show how it may be @@ -150,7 +147,7 @@ password required pam_unix.so - SEE ALSO + SEE ALSO pam.conf8 @@ -163,8 +160,8 @@ password required pam_unix.so - + AUTHOR Thorsten Kukuk <kukuk@thkukuk.de> - + \ No newline at end of file diff --git a/modules/pam_env/README.xml b/modules/pam_env/README.xml index 21a9b855..8becf870 100644 --- a/modules/pam_env/README.xml +++ b/modules/pam_env/README.xml @@ -1,39 +1,21 @@ - - ---> - -]> - -
- - +
+ - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_env.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_env-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_env.8.xml" xpointer='xpointer(id("pam_env-name")/*)'/> - - +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index d7687d6c..fb172e17 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -1,16 +1,13 @@ - - - - + pam_env 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_env PAM module to set/unset environment variables @@ -20,31 +17,31 @@ - + pam_env.so - + debug - + conffile=conf-file - + envfile=env-file - + readenv=0|1 - + user_envfile=env-file - + user_readenv=0|1 - + DESCRIPTION The pam_env PAM module allows the (un)setting of environment @@ -119,13 +116,13 @@ - + OPTIONS - + conffile=/path/to/pam_env.conf @@ -138,7 +135,7 @@ - + debug @@ -150,7 +147,7 @@ - + envfile=/path/to/environment @@ -166,7 +163,7 @@ - + readenv=0|1 @@ -179,7 +176,7 @@ - + user_envfile=filename @@ -195,7 +192,7 @@ - + user_readenv=0|1 @@ -216,7 +213,7 @@ - + MODULE TYPES PROVIDED The and module @@ -224,7 +221,7 @@ - + RETURN VALUES @@ -262,25 +259,25 @@ - + FILES - /usr/etc/security/pam_env.conf - /etc/security/pam_env.conf + %vendordir%/security/pam_env.conf + /etc/security/pam_env.conf Default configuration file - /usr/etc/environment - /etc/environment + %vendordir%/environment + /etc/environment Default environment file - $HOME/.pam_environment + $HOME/.pam_environment User specific environment file @@ -288,7 +285,7 @@ - + SEE ALSO @@ -306,10 +303,10 @@ - + AUTHOR pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. - + \ No newline at end of file diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml index 5c0dbcb8..662ff0a0 100644 --- a/modules/pam_env/pam_env.conf.5.xml +++ b/modules/pam_env/pam_env.conf.5.xml @@ -1,13 +1,10 @@ - - - - + pam_env.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual @@ -17,7 +14,7 @@ - + DESCRIPTION @@ -87,7 +84,7 @@ - + EXAMPLES These are some example lines which might be specified in @@ -133,7 +130,7 @@ - + SEE ALSO pam_env8, @@ -143,10 +140,10 @@ - + AUTHOR pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. - + \ No newline at end of file diff --git a/modules/pam_exec/README.xml b/modules/pam_exec/README.xml index 5e76cab3..1928d7f9 100644 --- a/modules/pam_exec/README.xml +++ b/modules/pam_exec/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_exec.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_exec-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_exec.8.xml" xpointer='xpointer(id("pam_exec-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml index 7e89943c..13abe6e6 100644 --- a/modules/pam_exec/pam_exec.8.xml +++ b/modules/pam_exec/pam_exec.8.xml @@ -1,57 +1,54 @@ - - - - + pam_exec 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_exec PAM module which calls an external command - + pam_exec.so - + debug - + expose_authtok - + seteuid - + quiet - + quiet_log - + stdout - + log=file - + type=type - + command - + ... - + DESCRIPTION @@ -83,7 +80,7 @@ - + OPTIONS @@ -91,7 +88,7 @@ - + debug @@ -102,7 +99,7 @@ - + expose_authtok @@ -117,7 +114,7 @@ - + log=file @@ -129,7 +126,7 @@ - + type=type @@ -140,7 +137,7 @@ - + stdout @@ -151,7 +148,7 @@ - + quiet @@ -164,7 +161,7 @@ - + quiet_log @@ -177,7 +174,7 @@ - + seteuid @@ -194,7 +191,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -202,7 +199,7 @@ - + RETURN VALUES @@ -278,7 +275,7 @@ - + EXAMPLES Add the following line to /etc/pam.d/passwd to @@ -293,7 +290,7 @@ - + SEE ALSO @@ -308,7 +305,7 @@ - + AUTHOR pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de> and @@ -316,4 +313,4 @@ - + \ No newline at end of file diff --git a/modules/pam_faildelay/README.xml b/modules/pam_faildelay/README.xml index 64d4accc..8530a3d0 100644 --- a/modules/pam_faildelay/README.xml +++ b/modules/pam_faildelay/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_faildelay.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faildelay-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_faildelay.8.xml" xpointer='xpointer(id("pam_faildelay-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml index 57107203..c31b5076 100644 --- a/modules/pam_faildelay/pam_faildelay.8.xml +++ b/modules/pam_faildelay/pam_faildelay.8.xml @@ -1,33 +1,30 @@ - - - - + pam_faildelay 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_faildelay Change the delay on failure per-application - + pam_faildelay.so - + debug - + delay=microseconds - + DESCRIPTION @@ -41,13 +38,13 @@ - + OPTIONS - + debug @@ -57,7 +54,7 @@ - + delay=N @@ -68,14 +65,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -97,7 +94,7 @@ - + EXAMPLES The following example will set the delay on failure to @@ -108,7 +105,7 @@ auth optional pam_faildelay.so delay=10000000 - + SEE ALSO @@ -126,11 +123,11 @@ auth optional pam_faildelay.so delay=10000000 - + AUTHOR pam_faildelay was written by Darren Tucker <dtucker@zip.com.au>. - + \ No newline at end of file diff --git a/modules/pam_faillock/README.xml b/modules/pam_faillock/README.xml index f0654dbe..a62c917a 100644 --- a/modules/pam_faillock/README.xml +++ b/modules/pam_faillock/README.xml @@ -1,46 +1,31 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_faillock.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faillock-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_faillock.8.xml" xpointer='xpointer(id("pam_faillock-name")/*)'/> - +
- +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_faillock/faillock.8.xml b/modules/pam_faillock/faillock.8.xml index 81d2107c..74440fc8 100644 --- a/modules/pam_faillock/faillock.8.xml +++ b/modules/pam_faillock/faillock.8.xml @@ -1,36 +1,33 @@ - - - - + faillock 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + faillock Tool for displaying and modifying the authentication failure record files - + faillock - + --dir /path/to/tally-directory - + --user username - + --reset - + DESCRIPTION @@ -51,13 +48,13 @@ - + OPTIONS - + --conf /path/to/config-file @@ -68,7 +65,7 @@ - + --dir /path/to/tally-directory @@ -85,7 +82,7 @@ - + --user username @@ -95,7 +92,7 @@ - + --reset @@ -106,11 +103,11 @@ - + FILES - /var/run/faillock/* + /var/run/faillock/* the files logging the authentication failures for users @@ -118,7 +115,7 @@ - + SEE ALSO @@ -130,11 +127,11 @@ - + AUTHOR faillock was written by Tomas Mraz. - + \ No newline at end of file diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml index 8faa5915..cc750fbf 100644 --- a/modules/pam_faillock/faillock.conf.5.xml +++ b/modules/pam_faillock/faillock.conf.5.xml @@ -1,25 +1,22 @@ - - - - + faillock.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + faillock.conf pam_faillock configuration file - + DESCRIPTION - faillock.conf provides a way to configure the + faillock.conf provides a way to configure the default settings for locking the user after multiple failed authentication attempts. This file is read by the pam_faillock module and is the preferred method over configuring pam_faillock directly. @@ -31,13 +28,13 @@ - + OPTIONS - + dir=/path/to/tally-directory @@ -52,7 +49,7 @@ - + audit @@ -62,7 +59,7 @@ - + silent @@ -74,7 +71,7 @@ - + no_log_info @@ -84,7 +81,7 @@ - + local_users_only @@ -100,7 +97,7 @@ - + nodelay @@ -110,7 +107,7 @@ - + deny=n @@ -122,7 +119,7 @@ - + fail_interval=n @@ -135,7 +132,7 @@ - + unlock_time=n @@ -163,7 +160,7 @@ - + even_deny_root @@ -173,7 +170,7 @@ - + root_unlock_time=n @@ -187,7 +184,7 @@ - + admin_group=name @@ -202,7 +199,7 @@ - + EXAMPLES /etc/security/faillock.conf file example: @@ -214,11 +211,11 @@ silent - + FILES - /etc/security/faillock.conf + /etc/security/faillock.conf the config file for custom options @@ -226,7 +223,7 @@ silent - + SEE ALSO @@ -247,11 +244,11 @@ silent - + AUTHOR pam_faillock was written by Tomas Mraz. The support for faillock.conf was written by Brian Ward. - + \ No newline at end of file diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml index b7b7b0db..ce0ae050 100644 --- a/modules/pam_faillock/pam_faillock.8.xml +++ b/modules/pam_faillock/pam_faillock.8.xml @@ -1,8 +1,4 @@ - - - - + pam_faillock @@ -10,63 +6,63 @@ Linux-PAM Manual - + pam_faillock Module counting authentication failures during a specified interval - + auth ... pam_faillock.so - + preauth|authfail|authsucc - + conf=/path/to/config-file - + dir=/path/to/tally-directory - + even_deny_root - + deny=n - + fail_interval=n - + unlock_time=n - + root_unlock_time=n - + admin_group=name - + audit - + silent - + no_log_info - + account ... pam_faillock.so - + dir=/path/to/tally-directory - + no_log_info - + DESCRIPTION @@ -78,20 +74,20 @@ Normally, failed attempts to authenticate root will - not cause the root account to become + not cause the root account to become blocked, to prevent denial-of-service: if your users aren't given shell accounts and root may only login via su or at the machine console (not telnet/rsh, etc), this is safe. - + OPTIONS - + {preauth|authfail|authsucc} @@ -131,7 +127,7 @@ - + conf=/path/to/config-file @@ -156,7 +152,7 @@ - + MODULE TYPES PROVIDED The and module types are @@ -164,7 +160,7 @@ - + RETURN VALUES @@ -222,7 +218,7 @@ - + NOTES Configuring options on the module command line is not recommend. The @@ -234,7 +230,7 @@ Individual files with the failure records are created as owned by - the user. This allows pam_faillock.so module + the user. This allows pam_faillock.so module to work correctly when it is called from a screensaver. @@ -249,7 +245,7 @@ - + EXAMPLES Here are two possible configuration examples for /etc/pam.d/login. @@ -320,11 +316,11 @@ session required pam_selinux.so open - + FILES - /var/run/faillock/* + /var/run/faillock/* the files logging the authentication failures for users @@ -336,13 +332,13 @@ session required pam_selinux.so open - /etc/security/faillock.conf + /etc/security/faillock.conf the config file for pam_faillock options - %vendordir%/security/faillock.conf + %vendordir%/security/faillock.conf the config file for pam_faillock options. It will be used if @@ -353,7 +349,7 @@ session required pam_selinux.so open - + SEE ALSO @@ -374,11 +370,11 @@ session required pam_selinux.so open - + AUTHOR pam_faillock was written by Tomas Mraz. - + \ No newline at end of file diff --git a/modules/pam_filter/README.xml b/modules/pam_filter/README.xml index b76cb743..ab053174 100644 --- a/modules/pam_filter/README.xml +++ b/modules/pam_filter/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_filter.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_filter-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_filter.8.xml" xpointer='xpointer(id("pam_filter-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml index 7309c352..8015f41e 100644 --- a/modules/pam_filter/pam_filter.8.xml +++ b/modules/pam_filter/pam_filter.8.xml @@ -1,45 +1,42 @@ - - - - + pam_filter 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_filter PAM filter module - + pam_filter.so - + debug - + new_term - + non_term - + run1|run2 - + filter - + ... - + DESCRIPTION @@ -66,7 +63,7 @@ - + OPTIONS @@ -74,7 +71,7 @@ - + debug @@ -85,7 +82,7 @@ - + new_term @@ -101,7 +98,7 @@ - + non_term @@ -112,7 +109,7 @@ - + runX @@ -174,7 +171,7 @@ - + filter @@ -188,7 +185,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -196,7 +193,7 @@ - + RETURN VALUES @@ -223,7 +220,7 @@ - + EXAMPLES Add the following line to /etc/pam.d/login to @@ -236,7 +233,7 @@ - + SEE ALSO @@ -251,11 +248,11 @@ - + AUTHOR pam_filter was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_ftp/README.xml b/modules/pam_ftp/README.xml index 65de28e3..f4606bee 100644 --- a/modules/pam_ftp/README.xml +++ b/modules/pam_ftp/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_ftp.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_ftp-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_ftp.8.xml" xpointer='xpointer(id("pam_ftp-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml index 6f11f570..03f36781 100644 --- a/modules/pam_ftp/pam_ftp.8.xml +++ b/modules/pam_ftp/pam_ftp.8.xml @@ -1,36 +1,33 @@ - - - - + pam_ftp 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_ftp PAM module for anonymous access module - + pam_ftp.so - + debug - + ignore - + users=XXX,YYY, - + DESCRIPTION @@ -54,7 +51,7 @@ - + OPTIONS @@ -62,7 +59,7 @@ - + debug @@ -73,7 +70,7 @@ - + ignore @@ -85,7 +82,7 @@ - + ftp=XXX,YYY,... @@ -105,14 +102,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -139,7 +136,7 @@ - + EXAMPLES Add the following line to /etc/pam.d/ftpd to @@ -158,7 +155,7 @@ auth required pam_listfile.so \ - + SEE ALSO @@ -173,11 +170,11 @@ auth required pam_listfile.so \ - + AUTHOR pam_ftp was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_group/README.xml b/modules/pam_group/README.xml index 387d6987..8ccd55d0 100644 --- a/modules/pam_group/README.xml +++ b/modules/pam_group/README.xml @@ -1,34 +1,19 @@ - - ---> - -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_group.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_group-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_group.8.xml" xpointer='xpointer(id("pam_group-name")/*)'/> - +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml index 2b7fb345..a8875b30 100644 --- a/modules/pam_group/group.conf.5.xml +++ b/modules/pam_group/group.conf.5.xml @@ -1,13 +1,10 @@ - - - - + group.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual @@ -15,7 +12,7 @@ configuration file for the pam_group module - + DESCRIPTION @@ -98,7 +95,7 @@ - + EXAMPLES These are some example lines which might be specified in @@ -129,7 +126,7 @@ xsh; tty* ;%admin;Al0000-2400;plugdev - + SEE ALSO pam_group8, @@ -138,10 +135,10 @@ xsh; tty* ;%admin;Al0000-2400;plugdev - + AUTHOR pam_group was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml index e4a59dfd..695a7baf 100644 --- a/modules/pam_group/pam_group.8.xml +++ b/modules/pam_group/pam_group.8.xml @@ -1,16 +1,13 @@ - - - - + pam_group 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_group PAM module for group access @@ -20,13 +17,13 @@ - + pam_group.so - + DESCRIPTION The pam_group PAM module does not authenticate the user, but instead @@ -64,19 +61,19 @@ - + OPTIONS This module does not recognise any options. - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -130,11 +127,11 @@ - + FILES - /etc/security/group.conf + /etc/security/group.conf Default configuration file @@ -142,7 +139,7 @@ - + SEE ALSO @@ -157,10 +154,10 @@ - + AUTHORS pam_group was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_issue/README.xml b/modules/pam_issue/README.xml index b5b61c3a..36742c77 100644 --- a/modules/pam_issue/README.xml +++ b/modules/pam_issue/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_issue.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_issue-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_issue.8.xml" xpointer='xpointer(id("pam_issue-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml index fb9b7377..20d32451 100644 --- a/modules/pam_issue/pam_issue.8.xml +++ b/modules/pam_issue/pam_issue.8.xml @@ -1,110 +1,107 @@ - - - - + pam_issue 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_issue PAM module to add issue file to user prompt - + pam_issue.so - + noesc - + issue=issue-file-name - + DESCRIPTION pam_issue is a PAM module to prepend an issue file to the username prompt. It also by default parses escape codes in the issue file - similar to some common getty's (using \x format). + similar to some common getty's (using \x format). Recognized escapes: - \d + \d current day - \l + \l name of this tty - \m + \m machine architecture (uname -m) - \n + \n machine's network node hostname (uname -n) - \o + \o domain name of this system - \r + \r release number of operating system (uname -r) - \t + \t current time - \s + \s operating system name (uname -s) - \u + \u number of users currently logged in - \U + \U - same as \u except it is suffixed with "user" or + same as \u except it is suffixed with "user" or "users" (eg. "1 user" or "10 users") - \v + \v operating system version and build date (uname -v) @@ -113,7 +110,7 @@ - + OPTIONS @@ -121,7 +118,7 @@ - + noesc @@ -132,7 +129,7 @@ - + issue=issue-file-name @@ -146,14 +143,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -198,7 +195,7 @@ - + EXAMPLES Add the following line to /etc/pam.d/login to @@ -209,7 +206,7 @@ - + SEE ALSO @@ -224,11 +221,11 @@ - + AUTHOR pam_issue was written by Ben Collins <bcollins@debian.org>. - + \ No newline at end of file diff --git a/modules/pam_keyinit/README.xml b/modules/pam_keyinit/README.xml index 47659e89..33059c7e 100644 --- a/modules/pam_keyinit/README.xml +++ b/modules/pam_keyinit/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_keyinit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_keyinit-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_keyinit.8.xml" xpointer='xpointer(id("pam_keyinit-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml index ff1e7d00..7b0a73be 100644 --- a/modules/pam_keyinit/pam_keyinit.8.xml +++ b/modules/pam_keyinit/pam_keyinit.8.xml @@ -1,36 +1,33 @@ - - - - + pam_keyinit 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_keyinit Kernel session keyring initialiser module - + pam_keyinit.so - + debug - + force - + revoke - + DESCRIPTION The pam_keyinit PAM module ensures that the invoking process has a @@ -71,7 +68,7 @@ This module should not, generally, be invoked by programs like - su, since it is usually desirable for the + su, since it is usually desirable for the key set to percolate through to the alternate context. The keys have their own permissions system to manage this. @@ -80,18 +77,18 @@ can be obtained from: - + Keyutils - + - + OPTIONS - + debug @@ -104,7 +101,7 @@ - + force @@ -116,7 +113,7 @@ - + revoke @@ -130,14 +127,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -207,7 +204,7 @@ - + EXAMPLES Add this line to your login entries to start each login session with its @@ -222,7 +219,7 @@ session required pam_keyinit.so - + SEE ALSO @@ -240,11 +237,11 @@ session required pam_keyinit.so - + AUTHOR pam_keyinit was written by David Howells, <dhowells@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_lastlog/README.xml b/modules/pam_lastlog/README.xml index 7fe70339..6b312435 100644 --- a/modules/pam_lastlog/README.xml +++ b/modules/pam_lastlog/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_lastlog.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_lastlog-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(id("pam_lastlog-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml index bada2ea0..1fd9d9dd 100644 --- a/modules/pam_lastlog/pam_lastlog.8.xml +++ b/modules/pam_lastlog/pam_lastlog.8.xml @@ -1,60 +1,57 @@ - - - - + pam_lastlog 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_lastlog PAM module to display date of last login and perform inactive account lock out - + pam_lastlog.so - + debug - + silent - + never - + nodate - + nohost - + noterm - + nowtmp - + noupdate - + showfailed - + inactive=<days> - + unlimited - + DESCRIPTION @@ -83,13 +80,13 @@ - + OPTIONS - + debug @@ -99,7 +96,7 @@ - + silent @@ -111,7 +108,7 @@ - + never @@ -124,7 +121,7 @@ - + nodate @@ -134,7 +131,7 @@ - + noterm @@ -145,7 +142,7 @@ - + nohost @@ -156,7 +153,7 @@ - + nowtmp @@ -166,7 +163,7 @@ - + noupdate @@ -176,7 +173,7 @@ - + showfailed @@ -188,7 +185,7 @@ - + inactive=<days> @@ -201,7 +198,7 @@ - + unlimited @@ -214,7 +211,7 @@ - + MODULE TYPES PROVIDED The and module type @@ -225,7 +222,7 @@ - + RETURN VALUES @@ -282,7 +279,7 @@ - + EXAMPLES Add the following line to /etc/pam.d/login to @@ -300,11 +297,11 @@ - + FILES - /var/log/lastlog + /var/log/lastlog Lastlog logging file @@ -312,7 +309,7 @@ - + SEE ALSO @@ -330,7 +327,7 @@ - + AUTHOR pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>. @@ -340,4 +337,4 @@ - + \ No newline at end of file diff --git a/modules/pam_limits/README.xml b/modules/pam_limits/README.xml index 964a5a21..25a463cc 100644 --- a/modules/pam_limits/README.xml +++ b/modules/pam_limits/README.xml @@ -1,39 +1,23 @@ - - ---> - -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_limits.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_limits-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_limits.8.xml" xpointer='xpointer(id("pam_limits-name")/*)'/> - +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml index c5bd6768..2177da1f 100644 --- a/modules/pam_limits/limits.conf.5.xml +++ b/modules/pam_limits/limits.conf.5.xml @@ -1,13 +1,10 @@ - - - - + limits.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual @@ -15,7 +12,7 @@ configuration file for the pam_limits module - + DESCRIPTION The pam_limits.so module applies ulimit limits, @@ -38,7 +35,7 @@ - + <domain> @@ -49,38 +46,35 @@ - a groupname, with @group syntax. + a groupname, with @group syntax. This should not be confused with netgroups. - the wildcard *, for default entry. + the wildcard *, for default entry. - the wildcard %, for maxlogins limit only, - can also be used with %group syntax. If the - % wildcard is used alone it is identical - to using * with maxsyslogins limit. With - a group specified after % it limits the total + the wildcard %, for maxlogins limit only, + can also be used with %group syntax. If the + % wildcard is used alone it is identical + to using * with maxsyslogins limit. With + a group specified after % it limits the total number of logins of all users that are member of the group. - an uid range specified as <min_uid>:<max_uid>. If min_uid + an uid range specified as <min_uid>:<max_uid>. If min_uid is omitted, the match is exact for the max_uid. If max_uid is omitted, all uids greater than or equal min_uid match. - a gid range specified as @<min_gid>:<max_gid>. If min_gid + a gid range specified as @<min_gid>:<max_gid>. If min_gid is omitted, the match is exact for the max_gid. If max_gid is omitted, all gids greater than or equal min_gid match. For the exact match all groups including the user's supplementary groups are examined. For the range matches only @@ -89,8 +83,7 @@ - a gid specified as %:<gid> applicable + a gid specified as %:<gid> applicable to maxlogins limit only. It limits the total number of logins of all users that are member of the group with the specified gid. @@ -101,38 +94,38 @@ - + <type> - + hard - for enforcing hard resource limits. + for enforcing hard resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values. - + soft - for enforcing soft resource limits. + for enforcing soft resource limits. These limits are ones that the user can move up or down within the - permitted range by any pre-existing hard + permitted range by any pre-existing hard limits. The values specified with this token can be thought of as default values, for normal system usage. - + - - for enforcing both soft and - hard resource limits together. + for enforcing both soft and + hard resource limits together. Note, if you specify a type of '-' but neglect to supply the @@ -147,79 +140,79 @@ - + <item> - + core limits the core file size (KB) - + data maximum data size (KB) - + fsize maximum filesize (KB) - + memlock maximum locked-in-memory address space (KB) - + nofile maximum number of open file descriptors - + rss maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher) - + stack maximum stack size (KB) - + cpu maximum CPU time (minutes) - + nproc maximum number of processes - + as address space limit (KB) - + maxlogins maximum number of logins for this user (this limit does not apply to user with uid=0) - + maxsyslogins maximum number of all logins on system; user is not allowed to log-in if total number of all user logins is @@ -228,46 +221,46 @@ - + nonewprivs value of 0 or 1; if set to 1 disables acquiring new privileges by invoking prctl(PR_SET_NO_NEW_PRIVS) - + priority the priority to run user process with (negative values boost process priority) - + locks maximum locked files (Linux 2.4 and higher) - + sigpending maximum number of pending signals (Linux 2.6 and higher) - + msgqueue maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher) - + nice maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19] - + rtprio maximum realtime priority allowed for non-privileged processes (Linux 2.6.12 and higher) @@ -281,9 +274,9 @@ All items support the values -1, unlimited or infinity indicating no limit, - except for priority, nice, - and nonewprivs. - If nofile is to be set to one of these values, + except for priority, nice, + and nonewprivs. + If nofile is to be set to one of these values, it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)). @@ -309,7 +302,7 @@ In the limits configuration file, the - '#' character introduces a comment + '#' character introduces a comment - after which the rest of the line is ignored. @@ -319,7 +312,7 @@ - + EXAMPLES These are some example lines which might be specified in @@ -340,7 +333,7 @@ ftp hard nproc 0 - + SEE ALSO pam_limits8, @@ -351,10 +344,10 @@ ftp hard nproc 0 - + AUTHOR pam_limits was initially written by Cristian Gafton <gafton@redhat.com> - + \ No newline at end of file diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml index 422924fe..cca046cc 100644 --- a/modules/pam_limits/pam_limits.8.xml +++ b/modules/pam_limits/pam_limits.8.xml @@ -1,16 +1,13 @@ - - - - + pam_limits 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_limits PAM module to limit resources @@ -20,28 +17,28 @@ - + pam_limits.so - + conf=/path/to/limits.conf - + debug - + set_all - + utmp_early - + noaudit - + DESCRIPTION The pam_limits PAM module sets limits on the system resources that can be @@ -84,12 +81,12 @@ - + OPTIONS - + conf=/path/to/limits.conf @@ -100,7 +97,7 @@ - + debug @@ -110,7 +107,7 @@ - + set_all @@ -124,7 +121,7 @@ - + utmp_early @@ -139,7 +136,7 @@ - + noaudit @@ -150,14 +147,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -219,17 +216,17 @@ - + FILES - /etc/security/limits.conf + /etc/security/limits.conf Default configuration file - %vendordir%/security/limits.conf + %vendordir%/security/limits.conf Default configuration file if /etc/security/limits.conf does not exist. @@ -238,7 +235,7 @@ - + EXAMPLES For the services you need resources limits (login for example) put a @@ -257,7 +254,7 @@ session required pam_limits.so - + SEE ALSO @@ -272,10 +269,10 @@ session required pam_limits.so - + AUTHORS pam_limits was initially written by Cristian Gafton <gafton@redhat.com> - + \ No newline at end of file diff --git a/modules/pam_listfile/README.xml b/modules/pam_listfile/README.xml index d851aef3..d0b60107 100644 --- a/modules/pam_listfile/README.xml +++ b/modules/pam_listfile/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_listfile.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_listfile-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_listfile.8.xml" xpointer='xpointer(id("pam_listfile-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml index 15f047c2..8847415a 100644 --- a/modules/pam_listfile/pam_listfile.8.xml +++ b/modules/pam_listfile/pam_listfile.8.xml @@ -1,45 +1,42 @@ - - - - + pam_listfile 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_listfile deny or allow services based on an arbitrary file - + pam_listfile.so - + item=[tty|user|rhost|ruser|group|shell] - + sense=[allow|deny] - + file=/path/filename - + onerr=[succeed|fail] - + apply=[user|@group] - + quiet - + DESCRIPTION @@ -93,7 +90,7 @@ - + OPTIONS @@ -101,7 +98,7 @@ - + item=[tty|user|rhost|ruser|group|shell] @@ -112,7 +109,7 @@ - + sense=[allow|deny] @@ -124,7 +121,7 @@ - + file=/path/filename @@ -136,7 +133,7 @@ - + onerr=[succeed|fail] @@ -148,7 +145,7 @@ - + apply=[user|@group] @@ -161,7 +158,7 @@ - + quiet @@ -175,7 +172,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -183,7 +180,7 @@ - + RETURN VALUES @@ -235,7 +232,7 @@ - + EXAMPLES Classic 'ftpusers' authentication can be implemented with this entry @@ -271,7 +268,7 @@ auth required pam_listfile.so \ - + SEE ALSO @@ -286,7 +283,7 @@ auth required pam_listfile.so \ - + AUTHOR pam_listfile was written by Michael K. Johnson <johnsonm@redhat.com> @@ -294,4 +291,4 @@ auth required pam_listfile.so \ - + \ No newline at end of file diff --git a/modules/pam_localuser/README.xml b/modules/pam_localuser/README.xml index 4ab56d9d..f1b05d1a 100644 --- a/modules/pam_localuser/README.xml +++ b/modules/pam_localuser/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_localuser.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_localuser-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_localuser.8.xml" xpointer='xpointer(id("pam_localuser-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml index b3c1886b..2002d1d6 100644 --- a/modules/pam_localuser/pam_localuser.8.xml +++ b/modules/pam_localuser/pam_localuser.8.xml @@ -1,33 +1,30 @@ - - - - + pam_localuser 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_localuser require users to be listed in /etc/passwd - + pam_localuser.so - + debug - + file=/path/passwd - + DESCRIPTION @@ -47,7 +44,7 @@ - + OPTIONS @@ -55,7 +52,7 @@ - + debug @@ -66,7 +63,7 @@ - + file=/path/passwd @@ -80,7 +77,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -88,7 +85,7 @@ - + RETURN VALUES @@ -153,7 +150,7 @@ - + EXAMPLES Add the following lines to /etc/pam.d/su to @@ -165,11 +162,11 @@ account required pam_wheel.so - + FILES - /etc/passwd + /etc/passwd Local user account information. @@ -177,7 +174,7 @@ account required pam_wheel.so - + SEE ALSO @@ -192,11 +189,11 @@ account required pam_wheel.so - + AUTHOR pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_loginuid/README.xml b/modules/pam_loginuid/README.xml index 3bcd38ab..f972105f 100644 --- a/modules/pam_loginuid/README.xml +++ b/modules/pam_loginuid/README.xml @@ -1,36 +1,23 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_loginuid.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_loginuid-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_loginuid.8.xml" xpointer='xpointer(id("pam_loginuid-name")/*)'/> - +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml index 9513b0e4..d5285f02 100644 --- a/modules/pam_loginuid/pam_loginuid.8.xml +++ b/modules/pam_loginuid/pam_loginuid.8.xml @@ -1,30 +1,27 @@ - - - - + pam_loginuid 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_loginuid Record user's login uid to the process attribute - + pam_loginuid.so - + require_auditd - + DESCRIPTION @@ -40,12 +37,12 @@ - + OPTIONS - + require_auditd @@ -57,14 +54,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -98,7 +95,7 @@ - + EXAMPLES #%PAM-1.0 @@ -111,7 +108,7 @@ session required pam_loginuid.so - + SEE ALSO @@ -132,11 +129,11 @@ session required pam_loginuid.so - + AUTHOR pam_loginuid was written by Steve Grubb <sgrubb@redhat.com> - + \ No newline at end of file diff --git a/modules/pam_mail/README.xml b/modules/pam_mail/README.xml index 4165d857..5dc89a85 100644 --- a/modules/pam_mail/README.xml +++ b/modules/pam_mail/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_mail.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mail-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_mail.8.xml" xpointer='xpointer(id("pam_mail-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_mail/pam_mail.8.xml b/modules/pam_mail/pam_mail.8.xml index 95216b6c..2c0c0543 100644 --- a/modules/pam_mail/pam_mail.8.xml +++ b/modules/pam_mail/pam_mail.8.xml @@ -1,54 +1,51 @@ - - - - + pam_mail 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_mail Inform about available mail - + pam_mail.so - + close - + debug - + dir=maildir - + empty - + hash=count - + noenv - + nopen - + quiet - + standard - + DESCRIPTION @@ -58,18 +55,18 @@ that has credential or session hooks. It gives a single message indicating the newness of any mail it finds in the user's mail folder. This module also sets the PAM - environment variable, MAIL, to the + environment variable, MAIL, to the user's mail directory. If the mail spool file (be it /var/mail/$USER or a pathname given with the parameter) is a directory then pam_mail assumes it is in the - Maildir format. + Maildir format. - + OPTIONS @@ -77,7 +74,7 @@ - + close @@ -88,7 +85,7 @@ - + debug @@ -99,7 +96,7 @@ - + dir=maildir @@ -116,7 +113,7 @@ - + empty @@ -127,7 +124,7 @@ - + hash=count @@ -141,11 +138,11 @@ - + noenv - Do not set the MAIL + Do not set the MAIL environment variable. @@ -153,12 +150,12 @@ - + nopen Don't print any mail information on login. This flag is - useful to get the MAIL + useful to get the MAIL environment variable set, but to not display any information about it. @@ -167,7 +164,7 @@ - + quiet @@ -178,7 +175,7 @@ - + standard @@ -193,7 +190,7 @@ - + MODULE TYPES PROVIDED The and @@ -202,7 +199,7 @@ - + RETURN VALUES @@ -244,7 +241,7 @@ - + EXAMPLES Add the following line to /etc/pam.d/login to @@ -255,7 +252,7 @@ session optional pam_mail.so standard - + SEE ALSO @@ -270,11 +267,11 @@ session optional pam_mail.so standard - + AUTHOR pam_mail was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_mkhomedir/README.xml b/modules/pam_mkhomedir/README.xml index 978cbe77..ef998956 100644 --- a/modules/pam_mkhomedir/README.xml +++ b/modules/pam_mkhomedir/README.xml @@ -1,36 +1,23 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_mkhomedir.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mkhomedir-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_mkhomedir.8.xml" xpointer='xpointer(id("pam_mkhomedir-name")/*)'/> - +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8.xml b/modules/pam_mkhomedir/mkhomedir_helper.8.xml index 8a76f2d6..0f4c4b40 100644 --- a/modules/pam_mkhomedir/mkhomedir_helper.8.xml +++ b/modules/pam_mkhomedir/mkhomedir_helper.8.xml @@ -1,31 +1,28 @@ - - - - + mkhomedir_helper 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + mkhomedir_helper Helper binary that creates home directories - + mkhomedir_helper - + user - + umask - + path-to-skel - + home_mode @@ -33,7 +30,7 @@ - + DESCRIPTION @@ -63,7 +60,7 @@ - + SEE ALSO @@ -72,7 +69,7 @@ - + AUTHOR Written by Tomas Mraz based on the code originally in @@ -80,4 +77,4 @@ - + \ No newline at end of file diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml index 10109067..ad957248 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml +++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml @@ -1,16 +1,13 @@ - - - - + pam_mkhomedir 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_mkhomedir PAM module to create users home directory @@ -20,25 +17,25 @@ - + pam_mkhomedir.so - + silent - + debug - + umask=mode - + skel=skeldir - + DESCRIPTION The pam_mkhomedir PAM module will create a users home directory @@ -55,13 +52,13 @@ - + OPTIONS - + silent @@ -72,7 +69,7 @@ - + debug @@ -86,7 +83,7 @@ - + umask=mask @@ -106,7 +103,7 @@ - + skel=/path/to/skel/directory @@ -119,14 +116,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -165,11 +162,11 @@ - + FILES - /etc/skel + /etc/skel Default skel directory @@ -177,7 +174,7 @@ - + EXAMPLES A sample /etc/pam.d/login file: @@ -198,7 +195,7 @@ - + SEE ALSO @@ -210,10 +207,10 @@ - + AUTHOR pam_mkhomedir was written by Jason Gunthorpe <jgg@debian.org>. - + \ No newline at end of file diff --git a/modules/pam_motd/README.xml b/modules/pam_motd/README.xml index 779e4d17..9e8edadf 100644 --- a/modules/pam_motd/README.xml +++ b/modules/pam_motd/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_motd.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_motd-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(id("pam_motd-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index 0afd4c99..74420371 100644 --- a/modules/pam_motd/pam_motd.8.xml +++ b/modules/pam_motd/pam_motd.8.xml @@ -1,33 +1,30 @@ - - - - + pam_motd 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_motd Display the motd file - + pam_motd.so - + motd=/path/filename - + motd_dir=/path/dirname.d - + DESCRIPTION @@ -38,7 +35,7 @@ following locations: - + /etc/motd /run/motd /usr/lib/motd @@ -79,19 +76,19 @@ ln -s /dev/null /etc/motd.d/my_motd - The MOTD_SHOWN=pam environment variable + The MOTD_SHOWN=pam environment variable is set after showing the motd files, even when all of them were silenced using symbolic links. - + OPTIONS - + motd=/path/filename @@ -104,7 +101,7 @@ - + motd_dir=/path/dirname.d @@ -123,14 +120,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -160,7 +157,7 @@ - + EXAMPLES The suggested usage for /etc/pam.d/login is: @@ -183,7 +180,7 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d - + SEE ALSO @@ -201,7 +198,7 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d - + AUTHOR pam_motd was written by Ben Collins <bcollins@debian.org>. @@ -212,4 +209,4 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d - + \ No newline at end of file diff --git a/modules/pam_namespace/README.xml b/modules/pam_namespace/README.xml index 4ef99c9f..f94cb065 100644 --- a/modules/pam_namespace/README.xml +++ b/modules/pam_namespace/README.xml @@ -1,44 +1,27 @@ - - ---> - -]> - -
- - +
+ + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_namespace.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_namespace-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_namespace.8.xml" xpointer='xpointer(id("pam_namespace-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml index 67f8c043..d398639b 100644 --- a/modules/pam_namespace/namespace.conf.5.xml +++ b/modules/pam_namespace/namespace.conf.5.xml @@ -1,13 +1,10 @@ - - - - + namespace.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual @@ -16,7 +13,7 @@ - + DESCRIPTION @@ -175,7 +172,7 @@ - + EXAMPLES These are some example lines which might be specified in @@ -220,7 +217,7 @@ - + SEE ALSO pam_namespace8, @@ -229,11 +226,11 @@ - + AUTHORS The namespace.conf manual page was written by Janak Desai <janak@us.ibm.com>. More features added by Tomas Mraz <tmraz@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml index ddaa00b4..598037a4 100644 --- a/modules/pam_namespace/pam_namespace.8.xml +++ b/modules/pam_namespace/pam_namespace.8.xml @@ -1,16 +1,13 @@ - - - - + pam_namespace 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_namespace PAM module for configuring namespace for a session @@ -20,46 +17,46 @@ - + pam_namespace.so - + debug - + unmnt_remnt - + unmnt_only - + require_selinux - + gen_hash - + ignore_config_error - + ignore_instance_parent_mode - + unmount_on_close - + use_current_context - + use_default_context - + mount_private - + DESCRIPTION The pam_namespace PAM module sets up a private namespace for a session @@ -94,13 +91,13 @@ - + OPTIONS - + debug @@ -111,7 +108,7 @@ - + unmnt_remnt @@ -131,7 +128,7 @@ - + unmnt_only @@ -146,7 +143,7 @@ - + require_selinux @@ -157,7 +154,7 @@ - + gen_hash @@ -170,7 +167,7 @@ - + ignore_config_error @@ -186,7 +183,7 @@ - + ignore_instance_parent_mode @@ -201,7 +198,7 @@ - + unmount_on_close @@ -218,7 +215,7 @@ - + use_current_context @@ -232,7 +229,7 @@ - + use_default_context @@ -246,7 +243,7 @@ - + mount_private @@ -271,7 +268,7 @@ - + MODULE TYPES PROVIDED Only the module type is provided. @@ -279,7 +276,7 @@ - + RETURN VALUES @@ -309,18 +306,18 @@ - + FILES - /etc/security/namespace.conf + /etc/security/namespace.conf Main configuration file - %vendordir%/security/namespace.conf + %vendordir%/security/namespace.conf Default configuration file if /etc/security/namespace.conf does not exist. @@ -328,28 +325,28 @@ - /etc/security/namespace.d + /etc/security/namespace.d Directory for additional configuration files - %vendordir%/security/namespace.d + %vendordir%/security/namespace.d Directory for additional vendor specific configuration files. - /etc/security/namespace.init + /etc/security/namespace.init Init script for instance directories - %vendordir%/security/namespace.init + %vendordir%/security/namespace.init Vendor init script for instance directories if /etc/security/namespace.init does not exist. @@ -359,7 +356,7 @@ - + EXAMPLES @@ -379,7 +376,7 @@ - + SEE ALSO @@ -397,7 +394,7 @@ - + AUTHORS The namespace setup scheme was designed by Stephen Smalley, Janak Desai @@ -408,4 +405,4 @@ <tmraz@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_namespace/pam_namespace_helper.8.xml b/modules/pam_namespace/pam_namespace_helper.8.xml index 2f5adbed..002c254a 100644 --- a/modules/pam_namespace/pam_namespace_helper.8.xml +++ b/modules/pam_namespace/pam_namespace_helper.8.xml @@ -1,27 +1,24 @@ - - - - + pam_namespace_helper 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_namespace_helper Helper binary that creates home directories - + pam_namespace_helper - + DESCRIPTION @@ -43,7 +40,7 @@ - + SEE ALSO @@ -52,11 +49,11 @@ - + AUTHOR Written by Topi Miettinen. - + \ No newline at end of file diff --git a/modules/pam_nologin/README.xml b/modules/pam_nologin/README.xml index bc0808e7..5a993324 100644 --- a/modules/pam_nologin/README.xml +++ b/modules/pam_nologin/README.xml @@ -1,46 +1,31 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_nologin.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_nologin-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_nologin.8.xml" xpointer='xpointer(id("pam_nologin-name")/*)'/> - +
- +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml index c86e3763..1ea725ce 100644 --- a/modules/pam_nologin/pam_nologin.8.xml +++ b/modules/pam_nologin/pam_nologin.8.xml @@ -1,33 +1,30 @@ - - - - + pam_nologin 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_nologin Prevent non-root users from login - + pam_nologin.so - + file=/path/nologin - + successok - + DESCRIPTION @@ -40,13 +37,13 @@ - + OPTIONS - + file=/path/nologin @@ -58,7 +55,7 @@ - + successok @@ -69,7 +66,7 @@ - + MODULE TYPES PROVIDED The and module @@ -77,7 +74,7 @@ - + RETURN VALUES @@ -123,7 +120,7 @@ - + EXAMPLES The suggested usage for /etc/pam.d/login is: @@ -132,7 +129,7 @@ auth required pam_nologin.so - + NOTES In order to make this module effective, all login methods should be @@ -147,7 +144,7 @@ auth required pam_nologin.so - + SEE ALSO @@ -165,11 +162,11 @@ auth required pam_nologin.so - + AUTHOR pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_permit/README.xml b/modules/pam_permit/README.xml index acb38b51..c08425f8 100644 --- a/modules/pam_permit/README.xml +++ b/modules/pam_permit/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_permit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_permit-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_permit.8.xml" xpointer='xpointer(id("pam_permit-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_permit/pam_permit.8.xml b/modules/pam_permit/pam_permit.8.xml index 6bb49658..0634e5eb 100644 --- a/modules/pam_permit/pam_permit.8.xml +++ b/modules/pam_permit/pam_permit.8.xml @@ -1,27 +1,24 @@ - - - - + pam_permit 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_permit The promiscuous module - + pam_permit.so - + DESCRIPTION @@ -41,13 +38,13 @@ - + OPTIONS This module does not recognise any options. - + MODULE TYPES PROVIDED The , , @@ -56,7 +53,7 @@ - + RETURN VALUES @@ -70,7 +67,7 @@ - + EXAMPLES Add this line to your other login entries to disable account @@ -81,7 +78,7 @@ account required pam_permit.so - + SEE ALSO @@ -96,11 +93,11 @@ account required pam_permit.so - + AUTHOR pam_permit was written by Andrew G. Morgan, <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_pwhistory/README.xml b/modules/pam_pwhistory/README.xml index f048e321..194edbc7 100644 --- a/modules/pam_pwhistory/README.xml +++ b/modules/pam_pwhistory/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_pwhistory.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_pwhistory-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_pwhistory.8.xml" xpointer='xpointer(id("pam_pwhistory-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml index 2a8fa7f6..62848666 100644 --- a/modules/pam_pwhistory/pam_pwhistory.8.xml +++ b/modules/pam_pwhistory/pam_pwhistory.8.xml @@ -1,52 +1,49 @@ - - - - + pam_pwhistory 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_pwhistory PAM module to remember last passwords - + pam_pwhistory.so - + debug - + use_authtok - + enforce_for_root - + remember=N - + retry=N - + authtok_type=STRING - + file=/path/filename - + conf=/path/to/config-file - + DESCRIPTION @@ -64,12 +61,12 @@ - + OPTIONS - + debug @@ -82,7 +79,7 @@ - + use_authtok @@ -95,7 +92,7 @@ - + enforce_for_root @@ -105,7 +102,7 @@ - + remember=N @@ -119,7 +116,7 @@ - + retry=N @@ -132,7 +129,7 @@ - + authtok_type=STRING @@ -145,7 +142,7 @@ - + file=/path/filename @@ -158,7 +155,7 @@ - + conf=/path/to/config-file @@ -178,14 +175,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -224,7 +221,7 @@ - + EXAMPLES An example password section would be: @@ -245,11 +242,11 @@ password required pam_unix.so use_authtok - + FILES - /etc/security/opasswd + /etc/security/opasswd Default file with password history @@ -257,7 +254,7 @@ password required pam_unix.so use_authtok - + SEE ALSO @@ -278,11 +275,11 @@ password required pam_unix.so use_authtok - + AUTHOR pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> - + \ No newline at end of file diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml index bac5ffed..2a2dfd3a 100644 --- a/modules/pam_pwhistory/pwhistory.conf.5.xml +++ b/modules/pam_pwhistory/pwhistory.conf.5.xml @@ -1,25 +1,22 @@ - - - - + pwhistory.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pwhistory.conf pam_pwhistory configuration file - + DESCRIPTION - pwhistory.conf provides a way to configure the + pwhistory.conf provides a way to configure the default settings for saving the last passwords for each user. This file is read by the pam_pwhistory module and is the preferred method over configuring pam_pwhistory directly. @@ -31,13 +28,13 @@ - + OPTIONS - + debug @@ -50,7 +47,7 @@ - + enforce_for_root @@ -60,7 +57,7 @@ - + remember=N @@ -74,7 +71,7 @@ - + retry=N @@ -85,7 +82,7 @@ - + file=/path/filename @@ -99,7 +96,7 @@ - + EXAMPLES /etc/security/pwhistory.conf file example: @@ -111,11 +108,11 @@ file=/tmp/opasswd - + FILES - /etc/security/pwhistory.conf + /etc/security/pwhistory.conf the config file for custom options @@ -123,7 +120,7 @@ file=/tmp/opasswd - + SEE ALSO @@ -144,7 +141,7 @@ file=/tmp/opasswd - + AUTHOR pam_pwhistory was written by Thorsten Kukuk. The support for @@ -152,4 +149,4 @@ file=/tmp/opasswd - + \ No newline at end of file diff --git a/modules/pam_pwhistory/pwhistory_helper.8.xml b/modules/pam_pwhistory/pwhistory_helper.8.xml index a0301764..8370a485 100644 --- a/modules/pam_pwhistory/pwhistory_helper.8.xml +++ b/modules/pam_pwhistory/pwhistory_helper.8.xml @@ -1,30 +1,27 @@ - - - - + pwhistory_helper 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pwhistory_helper Helper binary that transfers password hashes from passwd or shadow to opasswd - + pwhistory_helper - + ... - + DESCRIPTION @@ -48,7 +45,7 @@ - + SEE ALSO @@ -57,7 +54,7 @@ - + AUTHOR Written by Tomas Mraz based on the code originally in @@ -65,4 +62,4 @@ - + \ No newline at end of file diff --git a/modules/pam_rhosts/README.xml b/modules/pam_rhosts/README.xml index 5d3307e7..2345dffd 100644 --- a/modules/pam_rhosts/README.xml +++ b/modules/pam_rhosts/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_rhosts.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rhosts-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_rhosts.8.xml" xpointer='xpointer(id("pam_rhosts-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml index eb96371d..b8a5c1cb 100644 --- a/modules/pam_rhosts/pam_rhosts.8.xml +++ b/modules/pam_rhosts/pam_rhosts.8.xml @@ -1,27 +1,24 @@ - - - - + pam_rhosts 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_rhosts The rhosts PAM module - + pam_rhosts.so - + DESCRIPTION @@ -53,12 +50,12 @@ - + OPTIONS - + debug @@ -68,7 +65,7 @@ - + silent @@ -78,7 +75,7 @@ - + superuser=account @@ -89,14 +86,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -120,7 +117,7 @@ - + EXAMPLES To grant a remote user access by /etc/hosts.equiv @@ -137,7 +134,7 @@ auth required pam_unix.so - + SEE ALSO @@ -161,11 +158,11 @@ auth required pam_unix.so - + AUTHOR pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de> - + \ No newline at end of file diff --git a/modules/pam_rootok/README.xml b/modules/pam_rootok/README.xml index 6fb58cd0..58f77967 100644 --- a/modules/pam_rootok/README.xml +++ b/modules/pam_rootok/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_rootok.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rootok-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_rootok.8.xml" xpointer='xpointer(id("pam_rootok-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml index 06457bf5..a79c073a 100644 --- a/modules/pam_rootok/pam_rootok.8.xml +++ b/modules/pam_rootok/pam_rootok.8.xml @@ -1,30 +1,27 @@ - - - - + pam_rootok 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_rootok Gain only root access - + pam_rootok.so - + debug - + DESCRIPTION @@ -38,12 +35,12 @@ - + OPTIONS - + debug @@ -54,7 +51,7 @@ - + MODULE TYPES PROVIDED The , and @@ -62,7 +59,7 @@ - + RETURN VALUES @@ -77,7 +74,7 @@ PAM_AUTH_ERR - The UID is not + The UID is not 0. @@ -85,7 +82,7 @@ - + EXAMPLES In the case of the @@ -103,7 +100,7 @@ auth required pam_unix.so - + SEE ALSO @@ -121,11 +118,11 @@ auth required pam_unix.so - + AUTHOR pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_securetty/README.xml b/modules/pam_securetty/README.xml index a8c098a0..70176d75 100644 --- a/modules/pam_securetty/README.xml +++ b/modules/pam_securetty/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_securetty.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_securetty-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_securetty.8.xml" xpointer='xpointer(id("pam_securetty-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml index e49d572b..9038f5b2 100644 --- a/modules/pam_securetty/pam_securetty.8.xml +++ b/modules/pam_securetty/pam_securetty.8.xml @@ -1,30 +1,27 @@ - - - - + pam_securetty 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_securetty Limit root login to special devices - + pam_securetty.so - + debug - + DESCRIPTION @@ -43,23 +40,23 @@ This module has no effect on non-root users and requires that the - application fills in the PAM_TTY + application fills in the PAM_TTY item correctly. For canonical usage, should be listed as a - required authentication method - before any sufficient + required authentication method + before any sufficient authentication methods. - + OPTIONS - + debug @@ -69,7 +66,7 @@ - + noconsole @@ -83,14 +80,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -164,7 +161,7 @@ - + EXAMPLES @@ -174,7 +171,7 @@ auth required pam_unix.so - + SEE ALSO @@ -192,11 +189,11 @@ auth required pam_unix.so - + AUTHOR pam_securetty was written by Elliot Lee <sopwith@cuc.edu>. - + \ No newline at end of file diff --git a/modules/pam_selinux/README.xml b/modules/pam_selinux/README.xml index 7e1baf55..dc1b5697 100644 --- a/modules/pam_selinux/README.xml +++ b/modules/pam_selinux/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_selinux.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_selinux-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(id("pam_selinux-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index 28d465f5..3aa632cf 100644 --- a/modules/pam_selinux/pam_selinux.8.xml +++ b/modules/pam_selinux/pam_selinux.8.xml @@ -1,54 +1,51 @@ - - - - + pam_selinux 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_selinux PAM module to set the default security context - + pam_selinux.so - + open - + close - + restore - + nottys - + debug - + verbose - + select_context - + env_params - + use_current_range - + DESCRIPTION pam_selinux is a PAM module that sets up the default SELinux security @@ -79,12 +76,12 @@ - + OPTIONS - + open @@ -94,7 +91,7 @@ - + close @@ -104,7 +101,7 @@ - + restore @@ -117,7 +114,7 @@ - + nottys @@ -127,7 +124,7 @@ - + debug @@ -140,7 +137,7 @@ - + verbose @@ -150,7 +147,7 @@ - + select_context @@ -161,7 +158,7 @@ - + env_params @@ -178,7 +175,7 @@ - + use_current_range @@ -191,14 +188,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -236,7 +233,7 @@ - + EXAMPLES auth required pam_unix.so @@ -245,7 +242,7 @@ session optional pam_selinux.so - + SEE ALSO @@ -266,11 +263,11 @@ session optional pam_selinux.so - + AUTHOR pam_selinux was written by Dan Walsh <dwalsh@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_sepermit/README.xml b/modules/pam_sepermit/README.xml index bb65951c..a8d31d8c 100644 --- a/modules/pam_sepermit/README.xml +++ b/modules/pam_sepermit/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_sepermit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_sepermit-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_sepermit.8.xml" xpointer='xpointer(id("pam_sepermit-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml index 5763c346..791d2bbe 100644 --- a/modules/pam_sepermit/pam_sepermit.8.xml +++ b/modules/pam_sepermit/pam_sepermit.8.xml @@ -1,33 +1,30 @@ - - - - + pam_sepermit 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_sepermit PAM module to allow/deny login depending on SELinux enforcement state - + pam_sepermit.so - + debug - + conf=/path/to/config/file - + DESCRIPTION The pam_sepermit module allows or denies login depending on SELinux @@ -61,12 +58,12 @@ - + OPTIONS - + debug @@ -79,7 +76,7 @@ - + conf=/path/to/config/file @@ -90,7 +87,7 @@ - + MODULE TYPES PROVIDED The and @@ -98,7 +95,7 @@ - + RETURN VALUES @@ -145,11 +142,11 @@ - + FILES - /etc/security/sepermit.conf + /etc/security/sepermit.conf Default configuration file @@ -157,7 +154,7 @@ - + EXAMPLES auth [success=done ignore=ignore default=bad] pam_sepermit.so @@ -167,7 +164,7 @@ session required pam_permit.so - + SEE ALSO @@ -188,11 +185,11 @@ session required pam_permit.so - + AUTHOR pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_sepermit/sepermit.conf.5.xml b/modules/pam_sepermit/sepermit.conf.5.xml index 511480f6..ff924ce1 100644 --- a/modules/pam_sepermit/sepermit.conf.5.xml +++ b/modules/pam_sepermit/sepermit.conf.5.xml @@ -1,13 +1,10 @@ - - - - + sepermit.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual @@ -15,7 +12,7 @@ configuration file for the pam_sepermit module - + DESCRIPTION The lines of the configuration file have the following syntax: @@ -24,7 +21,7 @@ <user>[:<option>:<option>...] - The user can be specified in the following manner: + The user can be specified in the following manner: @@ -34,13 +31,13 @@ - a groupname, with @group syntax. + a groupname, with @group syntax. This should not be confused with netgroups. - a SELinux user name with %seuser syntax. + a SELinux user name with %seuser syntax. @@ -51,7 +48,7 @@ - + exclusive Only single login session will be allowed for the user @@ -60,7 +57,7 @@ - + ignore The module will never return PAM_SUCCESS status for the user. @@ -78,7 +75,7 @@ - + EXAMPLES These are some example lines which might be specified in @@ -91,7 +88,7 @@ - + SEE ALSO pam_sepermit8, @@ -101,10 +98,10 @@ - + AUTHOR pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat.com> - + \ No newline at end of file diff --git a/modules/pam_setquota/README.xml b/modules/pam_setquota/README.xml index 4eeddecc..7f5e429d 100644 --- a/modules/pam_setquota/README.xml +++ b/modules/pam_setquota/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_setquota.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_setquota-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_setquota.8.xml" xpointer='xpointer(id("pam_setquota-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_setquota/pam_setquota.8.xml b/modules/pam_setquota/pam_setquota.8.xml index fe83c805..41644eeb 100644 --- a/modules/pam_setquota/pam_setquota.8.xml +++ b/modules/pam_setquota/pam_setquota.8.xml @@ -1,53 +1,51 @@ - - - - + pam_setquota 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_setquota PAM module to set or modify disk quotas on session start - + pam_setquota.so - + fs=/home - + overwrite=0 - + debug=0 - + startuid=1000 - + enduid=0 - + bsoftlimit=19000 - + bhardlimit=20000 - + isoftlimit=3000 - + ihardlimit=4000 - + DESCRIPTION @@ -60,14 +58,14 @@ - + OPTIONS - + fs=/home @@ -78,7 +76,7 @@ - + overwrite=0 @@ -91,7 +89,7 @@ - + debug=0 @@ -103,7 +101,7 @@ - + startuid=1000 @@ -115,7 +113,7 @@ - + enduid=0 @@ -128,7 +126,7 @@ - + bsoftlimit=19000 @@ -142,7 +140,7 @@ - + bhardlimit=20000 @@ -156,7 +154,7 @@ - + isoftlimit=3000 @@ -169,7 +167,7 @@ - + ihardlimit=4000 @@ -184,14 +182,14 @@ - + MODULE TYPES PROVIDED Only the module type is provided. - + RETURN VALUES @@ -255,7 +253,7 @@ - + EXAMPLES A single invocation of `pam_setquota` applies a specific policy to a UID @@ -270,7 +268,7 @@ - + SEE ALSO @@ -285,7 +283,7 @@ - + AUTHOR pam_setquota was originally written by @@ -298,4 +296,4 @@ - + \ No newline at end of file diff --git a/modules/pam_shells/README.xml b/modules/pam_shells/README.xml index 154b97b5..c4da1a06 100644 --- a/modules/pam_shells/README.xml +++ b/modules/pam_shells/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_shells.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_shells-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_shells.8.xml" xpointer='xpointer(id("pam_shells-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml index 73b4855a..b9f90e94 100644 --- a/modules/pam_shells/pam_shells.8.xml +++ b/modules/pam_shells/pam_shells.8.xml @@ -1,27 +1,24 @@ - - - - + pam_shells 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_shells PAM module to check for valid login shell - + pam_shells.so - + DESCRIPTION @@ -43,13 +40,13 @@ - + OPTIONS This module does not recognise any options. - + MODULE TYPES PROVIDED The and @@ -57,7 +54,7 @@ - + RETURN VALUES @@ -88,7 +85,7 @@ - + EXAMPLES @@ -97,7 +94,7 @@ auth required pam_shells.so - + SEE ALSO @@ -115,11 +112,11 @@ auth required pam_shells.so - + AUTHOR pam_shells was written by Erik Troan <ewt@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_stress/README.xml b/modules/pam_stress/README.xml index 6f94685e..cc7a1848 100644 --- a/modules/pam_stress/README.xml +++ b/modules/pam_stress/README.xml @@ -1,31 +1,19 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_stress.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_stress-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_stress.8.xml" xpointer='xpointer(id("pam_stress-name")/*)'/> - +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_stress/pam_stress.8.xml b/modules/pam_stress/pam_stress.8.xml index 98888b1c..617b7aae 100644 --- a/modules/pam_stress/pam_stress.8.xml +++ b/modules/pam_stress/pam_stress.8.xml @@ -1,16 +1,13 @@ - - - - + pam_stress 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_stress The stress-testing PAM module @@ -18,42 +15,42 @@ - + pam_stress.so - + debug - + no_warn - + use_first_pass - + try_first_pass - + rootok - + expired - + fail_1 - + fail_2 - + prelim - + required - + DESCRIPTION The pam_stress PAM module is mainly intended to give the impression of failing as a fully @@ -61,13 +58,13 @@ functioning module might. - + OPTIONS - + debug @@ -79,7 +76,7 @@ functioning module might. - + no_warn @@ -91,7 +88,7 @@ functioning module might. - + use_first_pass @@ -103,7 +100,7 @@ functioning module might. - + try_first_pass @@ -115,7 +112,7 @@ functioning module might. - + rootok @@ -128,7 +125,7 @@ functioning module might. - + expired @@ -141,7 +138,7 @@ functioning module might. - + fail_1 @@ -152,7 +149,7 @@ functioning module might. - + fail_2 @@ -164,7 +161,7 @@ functioning module might. - + prelim @@ -175,7 +172,7 @@ functioning module might. - + required @@ -189,7 +186,7 @@ functioning module might. - + MODULE TYPES PROVIDED All module types (, , @@ -197,7 +194,7 @@ functioning module might. - + RETURN VALUES @@ -307,7 +304,7 @@ functioning module might. - + NOTES This module uses the stress_new_pwd data string which tells @@ -316,7 +313,7 @@ functioning module might. - + EXAMPLES #%PAM-1.0 @@ -329,7 +326,7 @@ session required pam_stress.so - + SEE ALSO @@ -344,7 +341,7 @@ session required pam_stress.so - + AUTHORS The pam_stress PAM module was developed by @@ -353,4 +350,4 @@ session required pam_stress.so Lucas Ramage <ramage.lucas@protonmail.com>. - + \ No newline at end of file diff --git a/modules/pam_succeed_if/README.xml b/modules/pam_succeed_if/README.xml index c52f00a0..1c174af0 100644 --- a/modules/pam_succeed_if/README.xml +++ b/modules/pam_succeed_if/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_succeed_if.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_succeed_if-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_succeed_if.8.xml" xpointer='xpointer(id("pam_succeed_if-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index 14d939a3..90fd1145 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -1,34 +1,30 @@ - - - - - + pam_succeed_if 8 - Linux-PAM + Linux-PAM + Linux-PAM Manual - + pam_succeed_if test account characteristics - + pam_succeed_if.so - flag - condition + flag + condition - + DESCRIPTION pam_succeed_if.so is designed to succeed or fail authentication @@ -43,7 +39,7 @@ - + OPTIONS The following flags are supported: @@ -51,13 +47,13 @@ - + debug Turns on debugging messages sent to syslog. - + use_uid Evaluate conditions using the account of the user whose UID @@ -67,13 +63,13 @@ - + quiet Don't log failure or success to the system log. - + quiet_fail Don't log failure to the system log. @@ -81,7 +77,7 @@ - + quiet_success Don't log success to the system log. @@ -89,7 +85,7 @@ - + audit Log unknown users to the system log. @@ -112,13 +108,13 @@ - + field < number Field has a value numerically less than number. - + field <= number Field has a value numerically less than or equal to number. @@ -126,7 +122,7 @@ - + field eq number Field has a value numerically equal to number. @@ -134,7 +130,7 @@ - + field >= number Field has a value numerically greater than or equal to number. @@ -142,7 +138,7 @@ - + field > number Field has a value numerically greater than number. @@ -150,7 +146,7 @@ - + field ne number Field has a value numerically different from number. @@ -158,7 +154,7 @@ - + field = string Field exactly matches the given string. @@ -166,7 +162,7 @@ - + field != string Field does not match the given string. @@ -174,49 +170,49 @@ - + field =~ glob Field matches the given glob. - + field !~ glob Field does not match the given glob. - + field in item:item:... Field is contained in the list of items separated by colons. - + field notin item:item:... Field is not contained in the list of items separated by colons. - + user ingroup group[:group:....] User is in given group(s). - + user notingroup group[:group:....] User is not in given group(s). - + user innetgr netgroup (user,host) is in given netgroup. - + user notinnetgr group (user,host) is not in given netgroup. @@ -224,7 +220,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -232,7 +228,7 @@ - + RETURN VALUES @@ -267,7 +263,7 @@ - + EXAMPLES To emulate the behaviour of pam_wheel, except @@ -288,7 +284,7 @@ type required othermodule.so arguments... - + SEE ALSO @@ -300,8 +296,8 @@ type required othermodule.so arguments... - + AUTHOR Nalin Dahyabhai <nalin@redhat.com> - + \ No newline at end of file diff --git a/modules/pam_time/README.xml b/modules/pam_time/README.xml index 6c11eec1..8a2faa0b 100644 --- a/modules/pam_time/README.xml +++ b/modules/pam_time/README.xml @@ -1,34 +1,19 @@ - - ---> - -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_time.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_time-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_time.8.xml" xpointer='xpointer(id("pam_time-name")/*)'/> - +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml index a33744ea..1fa60a10 100644 --- a/modules/pam_time/pam_time.8.xml +++ b/modules/pam_time/pam_time.8.xml @@ -1,16 +1,13 @@ - - - - + pam_time 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_time PAM module for time control access @@ -20,22 +17,22 @@ - + pam_time.so - + conffile=conf-file - + debug - + noaudit - + DESCRIPTION The pam_time PAM module does not authenticate the user, but instead @@ -62,13 +59,13 @@ - + OPTIONS - + conffile=/path/to/time.conf @@ -79,7 +76,7 @@ - + debug @@ -91,7 +88,7 @@ - + noaudit @@ -103,14 +100,14 @@ - + MODULE TYPES PROVIDED Only the type is provided. - + RETURN VALUES @@ -156,11 +153,11 @@ - + FILES - /etc/security/time.conf + /etc/security/time.conf Default configuration file @@ -168,7 +165,7 @@ - + EXAMPLES #%PAM-1.0 @@ -179,7 +176,7 @@ login account required pam_time.so - + SEE ALSO @@ -194,10 +191,10 @@ login account required pam_time.so - + AUTHOR pam_time was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml index acbe2329..3fe263d5 100644 --- a/modules/pam_time/time.conf.5.xml +++ b/modules/pam_time/time.conf.5.xml @@ -1,13 +1,10 @@ - - - - + time.conf 5 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual @@ -15,7 +12,7 @@ configuration file for the pam_time module - + DESCRIPTION @@ -43,9 +40,9 @@ In words, each rule occupies a line, terminated with a newline - or the beginning of a comment; a '#'. + or the beginning of a comment; a '#'. It contains four fields separated with semicolons, - ';'. + ';'. @@ -107,7 +104,7 @@ - + EXAMPLES These are some example lines which might be specified in @@ -131,7 +128,7 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 - + SEE ALSO pam_time8, @@ -140,10 +137,10 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 - + AUTHOR pam_time was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_timestamp/README.xml b/modules/pam_timestamp/README.xml index 5b72deb1..fe01080b 100644 --- a/modules/pam_timestamp/README.xml +++ b/modules/pam_timestamp/README.xml @@ -1,46 +1,31 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_timestamp.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_timestamp-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_timestamp.8.xml" xpointer='xpointer(id("pam_timestamp-name")/*)'/> - +
- +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml index 83e5aea8..a763ad86 100644 --- a/modules/pam_timestamp/pam_timestamp.8.xml +++ b/modules/pam_timestamp/pam_timestamp.8.xml @@ -1,39 +1,36 @@ - - - - + pam_timestamp 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_timestamp Authenticate using cached successful authentication attempts - + pam_timestamp.so - + timestampdir=directory - + timestamp_timeout=number - + verbose - + debug - + DESCRIPTION @@ -52,18 +49,18 @@ file as grounds for succeeding. The default encryption hash is taken from the - HMAC_CRYPTO_ALGO variable from + HMAC_CRYPTO_ALGO variable from /etc/login.defs. - + OPTIONS - + timestampdir=directory @@ -74,7 +71,7 @@ file as grounds for succeeding. - + timestamp_timeout=number @@ -86,7 +83,7 @@ file as grounds for succeeding. - + verbose @@ -96,7 +93,7 @@ file as grounds for succeeding. - + debug @@ -109,7 +106,7 @@ file as grounds for succeeding. - + MODULE TYPES PROVIDED The and @@ -117,7 +114,7 @@ file as grounds for succeeding. - + RETURN VALUES @@ -148,7 +145,7 @@ file as grounds for succeeding. - + NOTES Users can get confused when they are not always asked for passwords when @@ -157,7 +154,7 @@ noticing that it is not being asked for. - + EXAMPLES auth sufficient pam_timestamp.so verbose @@ -168,11 +165,11 @@ session optional pam_timestamp.so - + FILES - /var/run/pam_timestamp/... + /var/run/pam_timestamp/... timestamp files and directories @@ -180,7 +177,7 @@ session optional pam_timestamp.so - + SEE ALSO @@ -198,11 +195,11 @@ session optional pam_timestamp.so - + AUTHOR pam_timestamp was written by Nalin Dahyabhai. - + \ No newline at end of file diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml index 3a65d7ef..f0c09560 100644 --- a/modules/pam_timestamp/pam_timestamp_check.8.xml +++ b/modules/pam_timestamp/pam_timestamp_check.8.xml @@ -1,36 +1,33 @@ - - - - + pam_timestamp_check 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_timestamp_check Check to see if the default timestamp is valid - + pam_timestamp_check - + -k - + -d - + target_user - + DESCRIPTION @@ -40,13 +37,13 @@ see if the default timestamp is valid, or optionally remove it. - + OPTIONS - + -k @@ -57,7 +54,7 @@ see if the default timestamp is valid, or optionally remove it. - + -d @@ -69,7 +66,7 @@ see if the default timestamp is valid, or optionally remove it. - + target_user @@ -85,7 +82,7 @@ see if the default timestamp is valid, or optionally remove it. - + RETURN VALUES @@ -147,7 +144,7 @@ see if the default timestamp is valid, or optionally remove it. - + NOTES Users can get confused when they are not always asked for passwords when @@ -156,7 +153,7 @@ noticing that it is not being asked for. - + EXAMPLES auth sufficient pam_timestamp.so verbose @@ -167,11 +164,11 @@ session optional pam_timestamp.so - + FILES - /var/run/sudo/... + /var/run/sudo/... timestamp files and directories @@ -179,7 +176,7 @@ session optional pam_timestamp.so - + SEE ALSO @@ -197,11 +194,11 @@ session optional pam_timestamp.so - + AUTHOR pam_timestamp was written by Nalin Dahyabhai. - + \ No newline at end of file diff --git a/modules/pam_tty_audit/README.xml b/modules/pam_tty_audit/README.xml index 4dad6bbe..95b851cb 100644 --- a/modules/pam_tty_audit/README.xml +++ b/modules/pam_tty_audit/README.xml @@ -1,41 +1,31 @@ - - +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_tty_audit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tty_audit-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_tty_audit.8.xml" xpointer='xpointer(id("pam_tty_audit-name")/*)'/> - +
- +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml index 1c0ba5c4..b46bbf7b 100644 --- a/modules/pam_tty_audit/pam_tty_audit.8.xml +++ b/modules/pam_tty_audit/pam_tty_audit.8.xml @@ -1,33 +1,30 @@ - - - - + pam_tty_audit 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_tty_audit Enable or disable TTY auditing for specified users - + pam_tty_audit.so - + disable=patterns - + enable=patterns - + DESCRIPTION The pam_tty_audit PAM module is used to enable or disable TTY auditing. @@ -35,12 +32,12 @@ - + OPTIONS - + disable=patterns @@ -53,7 +50,7 @@ - + enable=patterns @@ -66,7 +63,7 @@ - + open_only @@ -79,7 +76,7 @@ - + log_passwd @@ -93,14 +90,14 @@ - + MODULE TYPES PROVIDED - Only the session type is supported. + Only the session type is supported. - + RETURN VALUES @@ -125,7 +122,7 @@ - + NOTES When TTY auditing is enabled, it is inherited by all processes started by @@ -158,7 +155,7 @@ - + EXAMPLES Audit all administrative actions. @@ -168,7 +165,7 @@ session required pam_tty_audit.so disable=* enable=root - + SEE ALSO @@ -186,14 +183,14 @@ session required pam_tty_audit.so disable=* enable=root - + AUTHOR - pam_tty_audit was written by Miloslav Trmač + pam_tty_audit was written by Miloslav Trmač <mitr@redhat.com>. The log_passwd option was added by Richard Guy Briggs <rgb@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_umask/README.xml b/modules/pam_umask/README.xml index 9afbe543..d2b82d10 100644 --- a/modules/pam_umask/README.xml +++ b/modules/pam_umask/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_umask.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_umask-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_umask.8.xml" xpointer='xpointer(id("pam_umask-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml index 7c4a310b..05276672 100644 --- a/modules/pam_umask/pam_umask.8.xml +++ b/modules/pam_umask/pam_umask.8.xml @@ -1,42 +1,39 @@ - - - - + pam_umask 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_umask PAM module to set the file mode creation mask - + pam_umask.so - + debug - + silent - + usergroups - + nousergroups - + umask=mask - + DESCRIPTION @@ -81,7 +78,7 @@ - + OPTIONS @@ -89,7 +86,7 @@ - + debug @@ -100,7 +97,7 @@ - + silent @@ -111,20 +108,20 @@ - + usergroups If the user is not root and the username is the same as primary group name, the umask group bits are set to be the - same as owner bits (examples: 022 -> 002, 077 -> 007). + same as owner bits (examples: 022 -> 002, 077 -> 007). - + nousergroups @@ -137,7 +134,7 @@ - + umask=mask @@ -153,14 +150,14 @@ - + MODULE TYPES PROVIDED Only the type is provided. - + RETURN VALUES @@ -225,7 +222,7 @@ - + EXAMPLES Add the following line to /etc/pam.d/login to @@ -236,7 +233,7 @@ - + SEE ALSO @@ -251,11 +248,11 @@ - + AUTHOR pam_umask was written by Thorsten Kukuk <kukuk@thkukuk.de>. - + \ No newline at end of file diff --git a/modules/pam_unix/README.xml b/modules/pam_unix/README.xml index 7fd340b3..49a65946 100644 --- a/modules/pam_unix/README.xml +++ b/modules/pam_unix/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_unix.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_unix-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_unix.8.xml" xpointer='xpointer(id("pam_unix-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index 9f9c8185..dfc04274 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -1,30 +1,27 @@ - - - - + pam_unix 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_unix Module for traditional password authentication - + pam_unix.so - + ... - + DESCRIPTION @@ -42,7 +39,7 @@ shadow elements: expire, last_change, max_change, min_change, warn_change. In the case of the latter, it may offer advice to the user on changing their password or, through the - PAM_AUTHTOKEN_REQD return, delay + PAM_AUTHTOKEN_REQD return, delay giving service to the user until they have established a new password. The entries listed above are documented in the shadow5 @@ -89,7 +86,7 @@ The password component of this module performs the task of updating the user's password. The default encryption hash is taken from the - ENCRYPT_METHOD variable from + ENCRYPT_METHOD variable from /etc/login.defs @@ -107,13 +104,13 @@ - + OPTIONS - + debug @@ -127,7 +124,7 @@ - + audit @@ -138,7 +135,7 @@ - + quiet @@ -153,7 +150,7 @@ - + nullok @@ -165,7 +162,7 @@ - + nullresetok @@ -178,7 +175,7 @@ - + try_first_pass @@ -190,7 +187,7 @@ - + use_first_pass @@ -203,7 +200,7 @@ - + nodelay @@ -216,7 +213,7 @@ - + use_authtok @@ -230,7 +227,7 @@ - + authtok_type=type @@ -242,7 +239,7 @@ - + nis @@ -252,7 +249,7 @@ - + remember=n @@ -269,7 +266,7 @@ - + shadow @@ -279,7 +276,7 @@ - + md5 @@ -290,7 +287,7 @@ - + bigcrypt @@ -301,7 +298,7 @@ - + sha256 @@ -315,7 +312,7 @@ - + sha512 @@ -329,7 +326,7 @@ - + blowfish @@ -343,7 +340,7 @@ - + gost_yescrypt @@ -357,7 +354,7 @@ - + yescrypt @@ -371,7 +368,7 @@ - + rounds=n @@ -384,7 +381,7 @@ - + broken_shadow @@ -395,7 +392,7 @@ - + minlen=n @@ -407,7 +404,7 @@ - + no_pass_expiry @@ -418,9 +415,9 @@ meaning that other authentication source or method succeeded. The example can be public key authentication in sshd. The module will return - PAM_SUCCESS instead of eventual - PAM_NEW_AUTHTOK_REQD or - PAM_AUTHTOK_EXPIRED. + PAM_SUCCESS instead of eventual + PAM_NEW_AUTHTOK_REQD or + PAM_AUTHTOK_EXPIRED. @@ -432,7 +429,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -440,7 +437,7 @@ - + RETURN VALUES @@ -454,7 +451,7 @@ - + EXAMPLES An example usage for /etc/pam.d/login @@ -473,7 +470,7 @@ session required pam_unix.so - + SEE ALSO @@ -491,11 +488,11 @@ session required pam_unix.so - + AUTHOR pam_unix was written by various people. - + \ No newline at end of file diff --git a/modules/pam_unix/unix_chkpwd.8.xml b/modules/pam_unix/unix_chkpwd.8.xml index a10dbe33..ca0fa109 100644 --- a/modules/pam_unix/unix_chkpwd.8.xml +++ b/modules/pam_unix/unix_chkpwd.8.xml @@ -1,30 +1,27 @@ - - - - + unix_chkpwd 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + unix_chkpwd Helper binary that verifies the password of the current user - + unix_chkpwd - + ... - + DESCRIPTION @@ -48,7 +45,7 @@ - + SEE ALSO @@ -57,11 +54,11 @@ - + AUTHOR Written by Andrew Morgan and other various people. - + \ No newline at end of file diff --git a/modules/pam_unix/unix_update.8.xml b/modules/pam_unix/unix_update.8.xml index 6c7467b9..1a968652 100644 --- a/modules/pam_unix/unix_update.8.xml +++ b/modules/pam_unix/unix_update.8.xml @@ -1,30 +1,27 @@ - - - - + unix_update 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + unix_update Helper binary that updates the password of a given user - + unix_update - + ... - + DESCRIPTION @@ -48,7 +45,7 @@ - + SEE ALSO @@ -57,11 +54,11 @@ - + AUTHOR Written by Tomas Mraz and other various people. - + \ No newline at end of file diff --git a/modules/pam_userdb/README.xml b/modules/pam_userdb/README.xml index b22c09e7..4e8f8ee7 100644 --- a/modules/pam_userdb/README.xml +++ b/modules/pam_userdb/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_userdb.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_userdb-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_userdb.8.xml" xpointer='xpointer(id("pam_userdb-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml index bce92850..0f964102 100644 --- a/modules/pam_userdb/pam_userdb.8.xml +++ b/modules/pam_userdb/pam_userdb.8.xml @@ -1,54 +1,51 @@ - - - - + pam_userdb 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_userdb PAM module to authenticate against a db database - + pam_userdb.so - + db=/path/database - + debug - + crypt=[crypt|none] - + icase - + dump - + try_first_pass - + use_first_pass - + unknown_ok - + key_only - + DESCRIPTION @@ -60,13 +57,13 @@ - + OPTIONS - + crypt=[crypt|none] @@ -82,13 +79,13 @@ - + db=/path/database Use the /path/database database for performing lookup. There is no default; the module will - return PAM_IGNORE if no + return PAM_IGNORE if no database is provided. Note that the path to the database file should be specified without the .db suffix. @@ -96,7 +93,7 @@ - + debug @@ -107,7 +104,7 @@ - + dump @@ -118,7 +115,7 @@ - + icase @@ -131,7 +128,7 @@ - + try_first_pass @@ -146,7 +143,7 @@ - + use_first_pass @@ -161,7 +158,7 @@ - + unknown_ok @@ -174,7 +171,7 @@ - + key_only @@ -191,7 +188,7 @@ - + MODULE TYPES PROVIDED The and module @@ -199,7 +196,7 @@ - + RETURN VALUES @@ -259,14 +256,14 @@ - + EXAMPLES auth sufficient pam_userdb.so icase db=/etc/dbtest - + SEE ALSO @@ -284,11 +281,11 @@ auth sufficient pam_userdb.so icase db=/etc/dbtest - + AUTHOR pam_userdb was written by Cristian Gafton >gafton@redhat.com<. - + \ No newline at end of file diff --git a/modules/pam_usertype/README.xml b/modules/pam_usertype/README.xml index 58550465..7faf549e 100644 --- a/modules/pam_usertype/README.xml +++ b/modules/pam_usertype/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_usertype.8.xml" xpointer='xpointer(id("pam_usertype-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml index d9307ba3..87ad0796 100644 --- a/modules/pam_usertype/pam_usertype.8.xml +++ b/modules/pam_usertype/pam_usertype.8.xml @@ -1,31 +1,27 @@ - - - - - + pam_usertype 8 - Linux-PAM + Linux-PAM + Linux-PAM Manual - + pam_usertype check if the authenticated user is a system or regular account - + pam_usertype.so - flag - condition + flag + condition - + DESCRIPTION pam_usertype.so is designed to succeed or fail authentication @@ -42,7 +38,7 @@ - + OPTIONS The following flags are supported: @@ -50,7 +46,7 @@ - + use_uid Evaluate conditions using the account of the user whose UID @@ -60,7 +56,7 @@ - + audit Log unknown users to the system log. @@ -75,13 +71,13 @@ - + issystem Succeed if the user is a system user. - + isregular Succeed if the user is a regular user. @@ -89,7 +85,7 @@ - + MODULE TYPES PROVIDED All module types (, , @@ -97,7 +93,7 @@ - + RETURN VALUES @@ -170,7 +166,7 @@ - + EXAMPLES Skip remaining modules if the user is a system user: @@ -180,7 +176,7 @@ account sufficient pam_usertype.so issystem - + SEE ALSO @@ -192,8 +188,8 @@ account sufficient pam_usertype.so issystem - + AUTHOR Pavel Březina <pbrezina@redhat.com> - + \ No newline at end of file diff --git a/modules/pam_warn/README.xml b/modules/pam_warn/README.xml index 4367c28f..56093f80 100644 --- a/modules/pam_warn/README.xml +++ b/modules/pam_warn/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_warn.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_warn-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_warn.8.xml" xpointer='xpointer(id("pam_warn-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_warn/pam_warn.8.xml b/modules/pam_warn/pam_warn.8.xml index 1764ec92..a20c5f71 100644 --- a/modules/pam_warn/pam_warn.8.xml +++ b/modules/pam_warn/pam_warn.8.xml @@ -1,25 +1,22 @@ - - - - + pam_warn 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_warn PAM module which logs all PAM items if called - + pam_warn.so - + DESCRIPTION pam_warn is a PAM module that logs the service, terminal, user, @@ -28,17 +25,17 @@ syslog3 . The items are not probed for, but instead obtained from the standard PAM items. The module always returns - PAM_IGNORE, indicating that it + PAM_IGNORE, indicating that it does not want to affect the authentication process. - + OPTIONS This module does not recognise any options. - + MODULE TYPES PROVIDED The , , @@ -47,7 +44,7 @@ - + RETURN VALUES @@ -61,7 +58,7 @@ - + EXAMPLES #%PAM-1.0 @@ -80,7 +77,7 @@ other session required pam_deny.so - + SEE ALSO @@ -95,11 +92,11 @@ other session required pam_deny.so - + AUTHOR pam_warn was written by Andrew G. Morgan <morgan@kernel.org>. - + \ No newline at end of file diff --git a/modules/pam_wheel/README.xml b/modules/pam_wheel/README.xml index 9e33d7ff..e40c46e8 100644 --- a/modules/pam_wheel/README.xml +++ b/modules/pam_wheel/README.xml @@ -1,41 +1,27 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_wheel.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_wheel-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_wheel.8.xml" xpointer='xpointer(id("pam_wheel-name")/*)'/> - +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml index ee8c7d26..af0fd619 100644 --- a/modules/pam_wheel/pam_wheel.8.xml +++ b/modules/pam_wheel/pam_wheel.8.xml @@ -1,45 +1,42 @@ - - - - + pam_wheel 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_wheel Only permit root access to members of group wheel - + pam_wheel.so - + debug - + deny - + group=name - + root_only - + trust - + use_uid - + DESCRIPTION The pam_wheel PAM module is used to enforce the so-called @@ -47,16 +44,16 @@ access to the target user if the applicant user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID - 0. + 0. - + OPTIONS - + debug @@ -66,7 +63,7 @@ - + deny @@ -81,7 +78,7 @@ - + group=name @@ -93,7 +90,7 @@ - + root_only @@ -104,7 +101,7 @@ - + trust @@ -118,7 +115,7 @@ - + use_uid @@ -131,15 +128,15 @@ - + MODULE TYPES PROVIDED - The auth and - account module types are provided. + The auth and + account module types are provided. - + RETURN VALUES @@ -204,7 +201,7 @@ - + EXAMPLES The root account gains access by default (rootok), only wheel @@ -218,7 +215,7 @@ su auth required pam_unix.so - + SEE ALSO @@ -233,11 +230,11 @@ su auth required pam_unix.so - + AUTHOR pam_wheel was written by Cristian Gafton <gafton@redhat.com>. - + \ No newline at end of file diff --git a/modules/pam_xauth/README.xml b/modules/pam_xauth/README.xml index adefbd98..04fc2468 100644 --- a/modules/pam_xauth/README.xml +++ b/modules/pam_xauth/README.xml @@ -1,46 +1,31 @@ - - ---> -]> +
-
- - + - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_xauth.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_xauth-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_xauth.8.xml" xpointer='xpointer(id("pam_xauth-name")/*)'/> - +
- +
- +
- +
- +
- +
-
+
\ No newline at end of file diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml index 08c06cf8..f5fc5a3c 100644 --- a/modules/pam_xauth/pam_xauth.8.xml +++ b/modules/pam_xauth/pam_xauth.8.xml @@ -1,39 +1,36 @@ - - - - + pam_xauth 8 - Linux-PAM Manual + Linux-PAM + Linux-PAM Manual - + pam_xauth PAM module to forward xauth keys between users - + pam_xauth.so - + debug - + xauthpath=/path/to/xauth - + systemuser=UID - + targetuser=UID - + DESCRIPTION The pam_xauth PAM module is designed to forward xauth keys @@ -81,25 +78,25 @@ If a user has a .xauth/export file, the user will only forward cookies to users listed in the file. If there is no ~/.xauth/export file, and the invoking user is - not root, the user will forward cookies + not root, the user will forward cookies to any other user. If there is no ~/.xauth/export - file, and the invoking user is root, - the user will not forward cookies to + file, and the invoking user is root, + the user will not forward cookies to other users. Both the import and export files support wildcards (such as - *). Both the import and export files + *). Both the import and export files can be empty, signifying that no users are allowed. - + OPTIONS - + debug @@ -109,7 +106,7 @@ - + xauthpath=/path/to/xauth @@ -122,7 +119,7 @@ - + systemuser=UID @@ -135,7 +132,7 @@ - + targetuser=UID @@ -147,14 +144,14 @@ - + MODULE TYPES PROVIDED - Only the session type is provided. + Only the session type is provided. - + RETURN VALUES @@ -205,7 +202,7 @@ - + EXAMPLES Add the following line to /etc/pam.d/su to @@ -216,10 +213,10 @@ session optional pam_xauth.so - + IMPLEMENTATION DETAILS - pam_xauth will work only if it is + pam_xauth will work only if it is used from a setuid application in which the getuid() call returns the id of the user running the application, and for which PAM can supply the name @@ -247,17 +244,17 @@ session optional pam_xauth.so - + FILES - ~/.xauth/import + ~/.xauth/import XXX - ~/.xauth/export + ~/.xauth/export XXX @@ -266,7 +263,7 @@ session optional pam_xauth.so - + SEE ALSO @@ -281,7 +278,7 @@ session optional pam_xauth.so - + AUTHOR pam_xauth was written by Nalin Dahyabhai <nalin@redhat.com>, @@ -290,4 +287,4 @@ session optional pam_xauth.so - + \ No newline at end of file -- cgit v1.2.3