Hello community,
here is the log from the commit of package pam for openSUSE:Factory
checked in at Mon Jun 29 14:50:09 CEST 2009.
--------
--- pam/pam.changes 2009-05-05 18:06:32.000000000 +0200
+++ pam/pam.changes 2009-06-24 09:53:08.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de
+
+- Update to final version 1.1.0 (spelling fixes)
+
+-------------------------------------------------------------------
@@ -4 +9 @@
-- Update to versin 1.0.92:
+- Update to version 1.0.92:
calling whatdependson for head-i586
Old:
----
Linux-PAM-1.0.92-docs.tar.bz2
Linux-PAM-1.0.92.tar.bz2
New:
----
Linux-PAM-1.1.0-docs.tar.bz2
Linux-PAM-1.1.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam.spec ++++++
--- /var/tmp/diff_new_pack.o27732/_old 2009-06-29 14:31:51.000000000 +0200
+++ /var/tmp/diff_new_pack.o27732/_new 2009-06-29 14:31:51.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package pam (Version 1.0.92)
+# spec file for package pam (Version 1.1.0)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -35,7 +35,7 @@
%define libpam_so_version 0.82.1
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
-License: BSD 3-Clause; GPL v2 or later
+License: BSD 3-clause (or similar) ; GPL v2 or later
Group: System/Libraries
AutoReqProv: on
# bug437293
@@ -43,7 +43,7 @@
Obsoletes: pam-64bit
%endif
#
-Version: 1.0.92
+Version: 1.1.0
Release: 1
Summary: A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2
@@ -66,7 +66,7 @@
%package doc
-License: Beerware, Cardware, Shareware (not restricted); BSD 3-Clause; GPL v2 or later
+License: Beerware, Cardware, Shareware (not restricted) ; BSD 3-clause (or similar) ; GPL v2 or later
Summary: Documentation for Pluggable Authentication Modules
Group: Documentation/HTML
@@ -80,7 +80,7 @@
%package devel
-License: Beerware, Cardware, Shareware (not restricted); BSD 3-Clause; GPL v2 or later
+License: Beerware, Cardware, Shareware (not restricted) ; BSD 3-clause (or similar) ; GPL v2 or later
Summary: Include Files and Libraries for PAM-Development
Group: Development/Libraries/C and C++
Requires: pam = %{version} glibc-devel
@@ -307,518 +307,3 @@
%{_libdir}/libpam_misc.so
%changelog
-* Tue May 05 2009 kukuk@suse.de
-- Update to versin 1.0.92:
- * Update translations
- * pam_succeed_if: Use provided username
- * pam_mkhomedir: Fix handling of options
-* Fri Apr 03 2009 rguenther@suse.de
-- Remove cracklib-dict-full and pwdutils BuildRequires again.
-* Fri Mar 27 2009 kukuk@suse.de
-- Update to version 1.0.91 aka 1.1 Beta2:
- * Changes in the behavior of the password stack. Results of
- PRELIM_CHECK are not used for the final run.
- * Redefine LOCAL keyword of pam_access configuration file
- * Add support for try_first_pass and use_first_pass to
- pam_cracklib
- * New password quality tests in pam_cracklib
- * Add support for passing PAM_AUTHTOK to stdin of helpers from
- pam_exec
- * New options for pam_lastlog to show last failed login attempt and
- to disable lastlog update
- * New pam_pwhistory module to store last used passwords
- * New pam_tally2 module similar to pam_tally with wordsize independent
- tally data format, obsoletes pam_tally
- * Make libpam not log missing module if its type is prepended with '-'
- * New pam_timestamp module for authentication based on recent successful
- login.
- * Add blowfish support to pam_unix.
- * Add support for user specific environment file to pam_env.
- * Add pam_get_authtok to libpam as Linux-PAM extension.
-* Wed Feb 11 2009 ro@suse.de
-- use sr@latin instead of sr@Latn
-* Thu Feb 05 2009 kukuk@suse.de
-- Log failures of setrlimit in pam_limits [bnc#448314]
-- Fix using of requisite in password stack [bnc#470337]
-* Tue Jan 20 2009 kukuk@suse.de
-- Regenerate documentation [bnc#448314]
-* Wed Dec 10 2008 olh@suse.de
-- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
- (bnc#437293)
-* Thu Dec 04 2008 olh@suse.de
-- obsolete old -XXbit packages (bnc#437293)
-* Thu Nov 27 2008 mc@suse.de
-- enhance the man page for limits.conf (bnc#448314)
-* Mon Nov 24 2008 kukuk@suse.de
-- pam_time: fix parsing if '|' is used [bdo#326407]
-* Wed Nov 19 2008 kukuk@suse.de
-- pam_xauth: update last patch
-- pam_pwhistory: add missing type option
-* Tue Nov 04 2008 mc@suse.de
-- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment
- (bnc#441314)
-* Fri Oct 17 2008 kukuk@suse.de
-- Add pam_tally2
-- Regenerate Documentation
-* Sat Oct 11 2008 kukuk@suse.de
-- Enhance pam_lastlog with status output
-- Add pam_pwhistory as tech preview
-* Fri Sep 26 2008 kukuk@suse.de
-- pam_tally: fix fd leak
-- pam_mail: fix "quiet" option
-* Fri Aug 29 2008 kukuk@suse.de
-- Update to version 1.0.2 (fix SELinux regression)
-- enhance pam_tally [FATE#303753]
-- Backport fixes from CVS
-* Wed Aug 20 2008 prusnak@suse.cz
-- enabled SELinux support [Fate#303662]
-* Wed Apr 16 2008 kukuk@suse.de
-- Update to version 1.0.1:
- - Fixes regression in pam_set_item().
-* Thu Apr 10 2008 ro@suse.de
-- added baselibs.conf file to build xxbit packages
- for multilib support
-* Fri Apr 04 2008 kukuk@suse.de
-- Remove devfs lines from securetty [bnc#372241]
-* Thu Apr 03 2008 kukuk@suse.de
-- Update to version 1.0.0:
- - Official first "stable" release
- - bug fixes
- - translation updates
-* Fri Feb 15 2008 kukuk@suse.de
-- Update to version 0.99.10.0:
- - New substack directive in config file syntax
- - New module pam_tty_audit.so for enabling and disabling tty
- auditing
- - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA
- - Improved functionality of pam_namespace.so module (method flags,
- namespace.d configuration directory, new options).
- - Finaly removed deprecated pam_rhosts_auth module.
-* Wed Oct 10 2007 kukuk@suse.de
-- Update to version 0.99.9.0:
- - misc_conv no longer blocks SIGINT; applications that don't want
- user-interruptable prompts should block SIGINT themselves
- - Merge fixes from Debian
- - Fix parser for pam_group and pam_time
-* Wed Jul 18 2007 kukuk@suse.de
-- Update to version 0.99.8.1:
- - Fix regression in pam_audit
-* Fri Jul 06 2007 kukuk@suse.de
-- Update to version 0.99.8.0:
- - Add translations for ar, ca, da, ru, sv and zu.
- - Update hungarian translation.
- - Add support for limits.d directory to pam_limits.
- - Add minclass option to pam_cracklib
- - Add new group syntax to pam_access
-* Thu Apr 19 2007 mc@suse.de
-- move the documentation into a seperate package (pam-doc)
- [partly fixes Bug #265733]
-* Mon Mar 26 2007 rguenther@suse.de
-- add flex and bison BuildRequires
-* Wed Jan 24 2007 mc@suse.de
-- add %%verify_permissions for /sbin/unix_chkpwd
- [#237625]
-* Tue Jan 23 2007 kukuk@suse.de
-- Update to Version 0.99.7.1 (security fix)
-* Wed Jan 17 2007 kukuk@suse.de
-- Update to Version 0.99.7.0
- * Add manual page for pam_unix.so.
- * Add pam_faildelay module to set pam_fail_delay() value.
- * Fix possible seg.fault in libpam/pam_set_data().
- * Cleanup of configure options.
- * Update hungarian translation, fix german translation.
-* Wed Jan 17 2007 lnussel@suse.de
-- install unix_chkpwd setuid root instead of setgid shadow (#216816)
-* Tue Oct 24 2006 kukuk@suse.de
-- pam_unix.so/unix_chkpwd: teach about blowfish [#213929]
-- pam_namespace.so: Fix two possible buffer overflow
-- link against libxcrypt
-* Sat Oct 07 2006 kukuk@suse.de
-- Update hungarian translation [#210091]
-* Tue Sep 19 2006 kukuk@suse.de
-- Don't remove pam_unix.so
-- Use cracklib again (goes lost with one of the last cleanups)
-* Thu Sep 14 2006 kukuk@suse.de
-- Add pam_umask.so to common-session [Fate#3621]
-* Wed Sep 06 2006 kukuk@suse.de
-- Update to Linux-PAM 0.99.6.3 (merges all patches)
-* Wed Aug 30 2006 kukuk@suse.de
-- Update to Linux-PAM 0.99.6.2 (incorporate last change)
-- Add pam_loginuid and fixes from CVS [Fate#300486]
-* Wed Aug 23 2006 kukuk@suse.de
-- Fix seg.fault in pam_cracklib if retyped password is empty
-* Tue Aug 22 2006 kukuk@suse.de
-- Remove use_first_pass from pam_unix2.so in password section
-* Fri Aug 11 2006 kukuk@suse.de
-- Update to Linux-PAM 0.99.6.1 (big documentation update)
-* Fri Jul 28 2006 kukuk@suse.de
-- Add missing namespace.init script
-* Thu Jul 27 2006 kukuk@suse.de
-- Reenable audit subsystem [Fate#300486]
-* Wed Jun 28 2006 kukuk@suse.de
-- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM
- modules: pam_keyinit, pam_namespace, pam_rhosts)
-* Mon Jun 12 2006 kukuk@suse.de
-- Update to current CVS (lot of new manual pages and docu)
-* Tue May 30 2006 kukuk@suse.de
-- Update to Linux-PAM 0.99.4.0 (merge all patches and translations)
-* Wed May 24 2006 kukuk@suse.de
-- Fix problems found by Coverity
-* Wed May 17 2006 schwab@suse.de
-- Don't strip binaries.
-* Fri May 05 2006 kukuk@suse.de
-- Fix pam_tally LFS support [#172492]
-* Fri Apr 21 2006 kukuk@suse.de
-- Update fr.po and pl.po
-* Tue Apr 11 2006 kukuk@suse.de
-- Update km.po
-* Tue Apr 04 2006 kukuk@suse.de
-- Remove obsolete pam-laus from the system
-* Mon Mar 27 2006 kukuk@suse.de
-- Update translations for pt, pl, fr, fi and cs
-- Add translation for uk
-* Tue Mar 21 2006 kukuk@suse.de
-- Update hu.po
-* Tue Mar 21 2006 kukuk@suse.de
-- Add translation for tr
-* Mon Mar 13 2006 kukuk@suse.de
-- Fix order of NULL checks in pam_get_user
-- Fix comment in pam_lastlog for translators to be visible in
- pot file
-- Docu update, remove pam_selinux docu
-* Thu Mar 02 2006 kukuk@suse.de
-- Update km translation
-* Thu Feb 23 2006 kukuk@suse.de
-- pam_lastlog:
- - Initialize correct struct member [SF#1427401]
- - Mark strftime fmt string for translation [SF#1428269]
-* Sun Feb 19 2006 kukuk@suse.de
-- Update more manual pages
-* Sat Feb 18 2006 ro@suse.de
-- really disable audit if header file not present
-* Tue Feb 14 2006 kukuk@suse.de
-- Update fi.po
-- Add km.po
-- Update pl.po
-* Mon Feb 13 2006 kukuk@suse.de
-- Update with better manual pages
-* Thu Feb 09 2006 kukuk@suse.de
-- Add translation for nl, update pt translation
-* Fri Jan 27 2006 kukuk@suse.de
-- Move devel manual pages to -devel package
-- Mark PAM config files as noreplace
-- Mark /etc/securetty as noreplace
-- Run ldconfig
-- Fix libdb/ndbm compat detection with gdbm
-- Adjust german translation
-- Add all services to pam_listfile
-* Wed Jan 25 2006 mls@suse.de
-- converted neededforbuild to BuildRequires
-* Fri Jan 13 2006 kukuk@suse.de
-- Update to Linux-PAM 0.99.3.0 release candiate tar balls
- (new translations)
-* Mon Jan 09 2006 kukuk@suse.de
-- Fix NULL handling for LSB-pam test suite [#141240]
-* Sun Jan 08 2006 kukuk@suse.de
-- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR
-* Fri Jan 06 2006 kukuk@suse.de
-- NULL is allowed as thirs argument for pam_get_item [#141240]
-* Wed Dec 21 2005 kukuk@suse.de
-- Add fixes from CVS
-* Thu Dec 15 2005 kukuk@suse.de
-- Fix pam_lastlog: don't report error on first login
-* Tue Dec 13 2005 kukuk@suse.de
-- Update to 0.99.2.1
-* Fri Dec 09 2005 kukuk@suse.de
-- Add /etc/environment to avoid warnings in syslog
-* Mon Dec 05 2005 kukuk@suse.de
-- disable SELinux
-* Wed Nov 23 2005 kukuk@suse.de
-- Update getlogin() fix to final one
-* Mon Nov 21 2005 kukuk@suse.de
-- Fix PAM getlogin() implementation
-* Mon Nov 21 2005 kukuk@suse.de
-- Update to official 0.99.2.0 release
-* Tue Nov 08 2005 kukuk@suse.de
-- Update to new snapshot
-* Mon Oct 10 2005 kukuk@suse.de
-- Enable original pam_wheel module
-* Tue Sep 27 2005 kukuk@suse.de
-- Update to current CVS
-- Compile libpam_misc with -fno-strict-aliasing
-* Mon Sep 19 2005 kukuk@suse.de
-- Update to current CVS
-- Fix compiling of pammodutil with -fPIC
-* Sun Sep 18 2005 kukuk@suse.de
-- Update to current CVS
-* Tue Aug 23 2005 kukuk@suse.de
-- Update to new snapshot (Major version is back to 0)
-* Fri Aug 19 2005 kukuk@suse.de
-- Update to Linux-PAM 0.99.0.3 snapshot
-* Mon Jul 11 2005 kukuk@suse.de
-- Add pam_umask
-* Mon Jul 04 2005 kukuk@suse.de
-- Update to current CVS snapshot
-* Thu Jun 23 2005 kukuk@suse.de
-- Update to current CVS snapshot
-- Add pam_loginuid
-* Thu Jun 09 2005 kukuk@suse.de
-- Update to current CVS snapshot
-* Mon Jun 06 2005 kukuk@suse.de
-- Don't reset priority [#81690]
-- Fix creating of symlinks
-* Fri May 20 2005 kukuk@suse.de
-- Update to current CVS snapshot
-- Real fix for [#82687] (don't include kernel header files)
-* Thu May 12 2005 schubi@suse.de
-- Bug 82687 - pam_client.h redefines __u8 and __u32
-* Fri Apr 29 2005 kukuk@suse.de
-- Apply lot of fixes from CVS (including SELinux support)
-* Fri Apr 01 2005 kukuk@suse.de
-- Update to final 0.79 release
-* Mon Mar 14 2005 kukuk@suse.de
-- Apply patch for pam_xauth to preserve DISPLAY variable [#66885]
-* Mon Jan 24 2005 kukuk@suse.de
-- Compile with large file support
-* Mon Jan 24 2005 schubi@suse.de
-- Made patch of latest CVS tree
-- Removed patch pam_handler.diff ( included in CVS now )
-- moved Linux-PAM-0.78.dif to pam_group_time.diff
-* Wed Jan 05 2005 kukuk@suse.de
-- Fix seg.fault, if a PAM config line is incomplete
-* Thu Nov 18 2004 kukuk@suse.de
-- Update to final 0.78
-* Mon Nov 08 2004 kukuk@suse.de
-- Add pam_env.so to common-auth
-- Add pam_limit.so to common-session
-* Wed Oct 13 2004 kukuk@suse.de
-- Update to 0.78-Beta1
-* Wed Sep 22 2004 kukuk@suse.de
-- Create pam.d/common-{auth,account,password,session} and include
- them in pam.d/other
-- Update to current CVS version of upcoming 0.78 release
-* Mon Aug 23 2004 kukuk@suse.de
-- Update "code cleanup" patch
-- Disable reading of /etc/environment in pam_env.so per default
-* Thu Aug 19 2004 kukuk@suse.de
-- Reenable a "fixed" version of "code cleanup" patch
-- Use pam_wheel from pam-modules package
-* Wed Aug 18 2004 kukuk@suse.de
-- Disable "code cleanup" patch (no more comments about security
- fixes)
-* Fri Aug 13 2004 kukuk@suse.de
-- Apply big "code cleanup" patch [Bug #39673]
-* Fri Mar 12 2004 kukuk@suse.de
-- pam_wheel: Use original getlogin again, PAM internal does not
- work without application help [Bug #35682]
-* Sun Jan 18 2004 meissner@suse.de
-- We no longer have pam in the buildsystem, so we
- need some buildroot magic flags for the dlopen tests.
-* Fri Jan 16 2004 kukuk@suse.de
-- Cleanup neededforbuild
-* Fri Dec 05 2003 kukuk@suse.de
-- Add manual pages from SLES8
-* Fri Nov 28 2003 kukuk@suse.de
-- Fix installing manual pages of modules
-- Remove pthread check (db is now linked against pthread)
-* Thu Nov 27 2003 kukuk@suse.de
-- Merge with current CVS
-- Apply bug fixes from bugtracking system
-- Build as normal user
-* Fri Nov 21 2003 kukuk@suse.de
-- Compile with noexecstack
-* Thu Nov 06 2003 kukuk@suse.de
-- Fix pam_securetty CVS patch
-* Wed Oct 29 2003 kukuk@suse.de
-- Sync with current CVS version
-* Thu Oct 02 2003 kukuk@suse.de
-- Add patch to implement "include" statement in pamd files
-* Wed Sep 10 2003 uli@suse.de
-- added ttyS1 (VT220) to securetty on s390* (bug #29239)
-* Mon Jul 28 2003 kukuk@suse.de
-- Apply lot of fixes for various problems
-* Tue Jun 10 2003 kukuk@suse.de
-- Fix getlogin handling in pam_wheel.so
-* Tue May 27 2003 ro@suse.de
-- added cracklib-devel to neededforbuild
-* Thu Feb 13 2003 kukuk@suse.de
-- Update pam_localuser and pam_xauth.
-* Wed Nov 13 2002 kukuk@suse.de
-- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants)
-* Mon Nov 11 2002 ro@suse.de
-- changed neededforbuild <sp> to <opensp>
-* Sat Sep 14 2002 ro@suse.de
-- changed securetty / use extra file
-* Fri Sep 13 2002 bk@suse.de
-- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty
-* Tue Aug 27 2002 kukuk@suse.de
-- Call password checking helper from pam_unix.so whenever the
- passwd field is invalid.
-* Sat Aug 24 2002 kukuk@suse.de
-- Don't build ps and pdf documentation
-* Fri Aug 09 2002 kukuk@suse.de
-- pam-devel requires pam [Bug #17543]
-* Wed Jul 17 2002 kukuk@suse.de
-- Remove explicit requires
-* Wed Jul 10 2002 kukuk@suse.de
-- Update to Linux-PAM 0.76
-- Remove reentrant patch for original PAM modules (needs to be
- rewritten for new PAM version)
-- Add docu in PDF format
-* Thu Jul 04 2002 kukuk@suse.de
-- Fix build on different partitions
-* Tue Apr 16 2002 mmj@suse.de
-- Fix to not own /usr/shar/man/man3
-* Wed Mar 13 2002 kukuk@suse.de
-- Add /usr/include/security to pam-devel filelist
-* Mon Feb 11 2002 ro@suse.de
-- tar option for bz2 is "j"
-* Fri Jan 25 2002 kukuk@suse.de
-- Fix last pam_securetty patch
-* Thu Jan 24 2002 kukuk@suse.de
-- Use reentrant getpwnam functions for most modules
-- Fix unresolved symbols in pam_access and pam_userdb
-* Sun Jan 20 2002 kukuk@suse.de
-- libpam_misc: Don't handle Ctrl-D as error.
-* Wed Jan 16 2002 kukuk@suse.de
-- Remove SuSEconfig.pam
-- Update pam_localuser and pam_xauth
-- Add new READMEs about blowfish and cracklib
-* Mon Nov 12 2001 kukuk@suse.de
-- Remove pam_unix.so (is part of pam-modules)
-* Fri Nov 09 2001 kukuk@suse.de
-- Move extra PAM modules to separate package
-- Require pam-modules package
-* Fri Aug 24 2001 kukuk@suse.de
-- Move susehelp config file to susehelp package
-* Mon Aug 13 2001 ro@suse.de
-- changed neededforbuild to <sp-devel>
-* Tue Aug 07 2001 kukuk@suse.de
-- Fixes wrong symlink handling of pam_homecheck [Bug #3905]
-* Wed Jul 11 2001 kukuk@suse.de
-- Sync pam_homecheck and pam_unix2 fixes from 7.2
-- Always ask for the old password if it is expired
-* Sat May 05 2001 kukuk@suse.de
-- Cleanup Patches, make tar archive from extra pam modules
-* Fri May 04 2001 kukuk@suse.de
-- Use LOG_NOTICE for trace option [Bug #7673]
-* Thu Apr 12 2001 kukuk@suse.de
-- Linux-PAM: link pam_access against libnsl
-- Add pam.conf for susehelp/pam html docu
-* Tue Apr 10 2001 kukuk@suse.de
-- Linux-PAM: Update to version 0.75
-* Tue Apr 03 2001 kukuk@suse.de
-- Linux-PAM: link libpam_misc against libpam [Bug #6890]
-* Thu Mar 08 2001 kukuk@suse.de
-- Linux-PAM: Fix manual pages (.so reference)
-- pam_pwcheck: fix Makefile
-* Tue Mar 06 2001 kukuk@suse.de
-- Update for Linux-PAM 0.74
-- Drop pwdb subpackage
-* Tue Feb 13 2001 kukuk@suse.de
-- pam_unix2: Create temp files with permission 0600
-* Tue Feb 06 2001 ro@suse.de
-- pam_issue.c: include time.h to make it compile
-* Fri Jan 05 2001 kukuk@suse.de
-- Don't print error message about failed initialization from
- pam_limits with kernel 2.2 [Bug #5198]
-* Thu Jan 04 2001 kukuk@suse.de
-- Adjust docu for pam_limits
-* Sun Dec 17 2000 kukuk@suse.de
-- Adjust docu for pam_pwcheck
-* Thu Dec 07 2000 kukuk@suse.de
-- Add fix for pam_limits from 0.73
-* Thu Oct 26 2000 kukuk@suse.de
-- Add db-devel to need for build
-* Fri Oct 20 2000 kukuk@suse.de
-- Don't link PAM modules against old libpam library
-* Wed Oct 18 2000 kukuk@suse.de
-- Create new "devel" subpackage
-* Thu Oct 12 2000 kukuk@suse.de
-- Add SuSEconfig.pam
-* Tue Oct 03 2000 kukuk@suse.de
-- Fix problems with new gcc and glibc 2.2 header files
-* Wed Sep 13 2000 kukuk@suse.de
-- Fix problem with passwords longer then PASS_MAX_LEN
-* Wed Sep 06 2000 kukuk@suse.de
-- Add missing PAM modules to filelist
-- Fix seg.fault in pam_pwcheck [BUG #3894]
-- Clean spec file
-* Fri Jun 23 2000 kukuk@suse.de
-- Lot of bug fixes in pam_unix2 and pam_pwcheck
-- compress postscript docu
-* Mon May 15 2000 kukuk@suse.de
-- Move docu to /usr/share/doc/pam
-- Fix some bugs in pam_unix2 and pam_pwcheck
-* Tue Apr 25 2000 kukuk@suse.de
-- Add pam_homecheck Module
-* Tue Apr 25 2000 kukuk@suse.de
-- Add devfs devices to /etc/securetty
-* Wed Mar 01 2000 kukuk@suse.de
-- Fix handling of changing passwords to empty one
-* Tue Feb 22 2000 kukuk@suse.de
-- Set correct attr for unix_chkpwd and pwdb_chkpwd
-* Tue Feb 15 2000 kukuk@suse.de
-- Update pam_pwcheck
-- Update pam_unix2
-* Mon Feb 07 2000 kukuk@suse.de
-- pwdb: Update to 0.61
-* Thu Jan 27 2000 kukuk@suse.de
-- Add config files and README for md5 passwords
-- Update pam_pwcheck
-- Update pam_unix2
-* Thu Jan 13 2000 kukuk@suse.de
-- Update pam_unix2
-- New: pam_pwcheck
-- Update to Linux-PAM 0.72
-* Wed Oct 13 1999 kukuk@suse.de
-- pam_pwdb: Add security fixes from RedHat
-* Mon Oct 11 1999 kukuk@suse.de
-- Update to Linux-PAM 0.70
-- Update to pwdb-0.60
-- Fix more pam_unix2 shadow bugs
-* Fri Oct 08 1999 kukuk@suse.de
-- Add more PAM fixes
-- Implement Password changing request (sp_lstchg == 0)
-* Mon Sep 13 1999 bs@suse.de
-- ran old prepare_spec on spec file to switch to new prepare_spec.
-* Sat Sep 11 1999 kukuk@suse.de
-- Add pam_wheel to file list
-- pam_wheel: Minor fixes
-- pam_unix2: root is allowed to change passwords with wrong
- password aging information
-* Mon Aug 30 1999 kukuk@suse.de
-- pam_unix2: Fix typo
-* Thu Aug 19 1999 kukuk@suse.de
-- Linux-PAM: Update to version 0.69
-* Fri Jul 16 1999 kukuk@suse.de
-- pam_unix2: Root is allowed to use the old password again.
-* Tue Jul 13 1999 kukuk@suse.de
-- pam_unix2: Allow root to set an empty password.
-* Sat Jul 10 1999 kukuk@suse.de
-- Add HP-UX password aging to pam_unix2.
-* Wed Jul 07 1999 kukuk@suse.de
-- Don't install .cvsignore files
-- Make sure, /etc/shadow has the correct rights
-* Tue Jul 06 1999 kukuk@suse.de
-- Update to Linux-PAM 0.68
-* Wed Jun 30 1999 kukuk@suse.de
-- pam_unix2: more bug fixes
-* Tue Jun 29 1999 kukuk@suse.de
-- pam_unix2: Fix "inactive" password
-* Mon Jun 28 1999 kukuk@suse.de
-- pam_warn: Add missing functions
-- other.pamd: Update
-- Add more doku
-* Thu Jun 24 1999 kukuk@suse.de
-- Add securetty config file
-- Fix Debian pam_env patch
-* Mon Jun 21 1999 kukuk@suse.de
-- Update to Linux-PAM 0.67
-- Add Debian pam_env patch
-* Thu Jun 17 1999 kukuk@suse.de
-- pam_ftp malloc (core dump) fix
-* Tue Jun 15 1999 kukuk@suse.de
-- pam_unix2 fixes
-* Mon Jun 07 1999 kukuk@suse.de
-- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2
++++++ Linux-PAM-1.0.92-docs.tar.bz2 -> Linux-PAM-1.1.0-docs.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-glossary.html new/Linux-PAM-1.1.0/doc/adg/html/adg-glossary.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-glossary.html 2009-03-24 19:04:34.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-glossary.html 2009-06-16 10:48:20.000000000 +0200
@@ -5,7 +5,7 @@
him/herself in a variety of ways. Updating the user's
authentication token thus corresponds to
<span class="emphasis"><em>refreshing</em></span> the object they use to
- authenticate themself with the system. The word password is
+ authenticate them self with the system. The word password is
avoided to keep open the possibility that the authentication
involves a retinal scan or other non-textual mode of
challenge/response.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-libpam_misc.html new/Linux-PAM-1.1.0/doc/adg/html/adg-libpam_misc.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-libpam_misc.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-libpam_misc.html 2009-06-16 10:48:20.000000000 +0200
@@ -1,7 +1,7 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�5.�A library of miscellaneous helper functions</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="prev" href="adg-security-resources.html" title="4.5.�Sufficient resources"><link rel="next" href="adg-libpam-functions.html" title="5.1.�Functions supplied"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�5.�A library of miscellaneous helper functions</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-resources.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="adg-libpam-functions.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="adg-libpam_misc"></a>Chapter�5.�A library of miscellaneous helper functions</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="adg-libpam-functions.html">5.1. Functions supplied</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html#adg-misc_conv">5.1.1. Text based conversation function</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_paste_env">5.1.2. Transcribing an environment to that of PAM</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_drop_env">5.1.3. Liberating a locally saved environment</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_setenv">5.1.4. BSD like PAM environment variable setting</a></span></dt></dl></dd></dl></div><p>
To aid the work of the application developer a library of
miscellaneous functions is provided. It is called
- <span class="command"><strong>libpam_miscy</strong></span>, and contains a text based
+ <span class="command"><strong>libpam_misc</strong></span>, and contains a text based
conversation function, and routines for enhancing the standard
PAM-environment variable support.
</p><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-porting.html new/Linux-PAM-1.1.0/doc/adg/html/adg-porting.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-porting.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-porting.html 2009-06-16 10:48:20.000000000 +0200
@@ -18,8 +18,9 @@
being be attached to it. The point being that the "standard"
pop-authentication protocol(s) [which will be needed to satisfy
inflexible/legacy clients] would be supported by inserting an
- appropriate pam_qpopper module(s). However, having rewritten popd
- once in this way any new protocols can be implemented in-situ.
+ appropriate pam_qpopper module(s). However, having rewritten
+ <span class="command"><strong>popd</strong></span> once in this way any new protocols can be
+ implemented in-situ.
</p><p>
One simple test of a ported application would be to insert the
<span class="command"><strong>pam_permit</strong></span> module and see if the application
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-security-conv-function.html new/Linux-PAM-1.1.0/doc/adg/html/adg-security-conv-function.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-security-conv-function.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-security-conv-function.html 2009-06-16 10:48:19.000000000 +0200
@@ -1,8 +1,8 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.3.�The conversation function</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-service-name.html" title="4.2.�Choice of a service name"><link rel="next" href="adg-security-usre-identity.html" title="4.4.�The identity of the user"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3.�The conversation function</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-service-name.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.3.�The conversation function</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-service-name.html" title="4.2.�Choice of a service name"><link rel="next" href="adg-security-user-identity.html" title="4.4.�The identity of the user"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3.�The conversation function</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-service-name.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
Security issues of Linux-PAM
- </th><td width="20%" align="right">�<a accesskey="n" href="adg-security-usre-identity.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-conv-function"></a>4.3.�The conversation function</h2></div></div></div><p>
+ </th><td width="20%" align="right">�<a accesskey="n" href="adg-security-user-identity.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-conv-function"></a>4.3.�The conversation function</h2></div></div></div><p>
Care should be taken to ensure that the <code class="function">conv()</code>
function is robust. Such a function is provided in the library
<span class="command"><strong>libpam_misc</strong></span> (see
<a class="link" href="adg-libpam-functions.html" title="5.1.�Functions supplied">below</a>).
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-service-name.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-security-usre-identity.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2.�Choice of a service name�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�4.4.�The identity of the user</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-service-name.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-security-user-identity.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2.�Choice of a service name�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�4.4.�The identity of the user</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-security.html new/Linux-PAM-1.1.0/doc/adg/html/adg-security.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-security.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-security.html 2009-06-16 10:48:19.000000000 +0200
@@ -2,7 +2,7 @@
Security issues of Linux-PAM
</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-interface-programming-notes.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="adg-security-library-calls.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="adg-security"></a>Chapter�4.�
Security issues of <span class="emphasis"><em>Linux-PAM</em></span>
- </h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-usre-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></div><p>
+ </h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-user-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></div><p>
PAM, from the perspective of an application, is a convenient API for
authenticating users. PAM modules generally have no increased
privilege over that possessed by the application that is making use of
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-security-resources.html new/Linux-PAM-1.1.0/doc/adg/html/adg-security-resources.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-security-resources.html 2009-03-24 19:04:33.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-security-resources.html 2009-06-16 10:48:19.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.5.�Sufficient resources</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-usre-identity.html" title="4.4.�The identity of the user"><link rel="next" href="adg-libpam_misc.html" title="Chapter�5.�A library of miscellaneous helper functions"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.5.�Sufficient resources</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-usre-identity.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.5.�Sufficient resources</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-user-identity.html" title="4.4.�The identity of the user"><link rel="next" href="adg-libpam_misc.html" title="Chapter�5.�A library of miscellaneous helper functions"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.5.�Sufficient resources</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-user-identity.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
Security issues of Linux-PAM
</th><td width="20%" align="right">�<a accesskey="n" href="adg-libpam_misc.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-resources"></a>4.5.�Sufficient resources</h2></div></div></div><p>
Care should be taken to ensure that the proper execution of an
@@ -10,6 +10,6 @@
This is also true of conversation prompts. The application should not
accept prompts of arbitrary length with out checking for resource
allocation failure and dealing with such extreme conditions gracefully
- and in a mannor that preserves the PAM API. Such tolerance may be
+ and in a manner that preserves the PAM API. Such tolerance may be
especially important when attempting to track a malicious adversary.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-usre-identity.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-libpam_misc.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.4.�The identity of the user�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�5.�A library of miscellaneous helper functions</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-user-identity.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-libpam_misc.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.4.�The identity of the user�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�5.�A library of miscellaneous helper functions</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/adg-security-user-identity.html new/Linux-PAM-1.1.0/doc/adg/html/adg-security-user-identity.html
--- old/Linux-PAM-1.0.92/doc/adg/html/adg-security-user-identity.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/adg-security-user-identity.html 2009-06-16 10:48:19.000000000 +0200
@@ -0,0 +1,52 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.4.�The identity of the user</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="adg-security.html" title="Chapter�4.� Security issues of Linux-PAM"><link rel="prev" href="adg-security-conv-function.html" title="4.3.�The conversation function"><link rel="next" href="adg-security-resources.html" title="4.5.�Sufficient resources"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.4.�The identity of the user</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-security-conv-function.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�
+ Security issues of Linux-PAM
+ </th><td width="20%" align="right">�<a accesskey="n" href="adg-security-resources.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="adg-security-user-identity"></a>4.4.�The identity of the user</h2></div></div></div><p>
+ The <span class="emphasis"><em>Linux-PAM</em></span> modules will need
+ to determine the identity of the user who requests a service,
+ and the identity of the user who grants the service. These two
+ users will seldom be the same. Indeed there is generally a third
+ user identity to be considered, the new (assumed) identity of
+ the user once the service is granted.
+ </p><p>
+ The need for keeping tabs on these identities is clearly an
+ issue of security. One convention that is actively used by
+ some modules is that the identity of the user requesting a
+ service should be the current <span class="emphasis"><em>UID</em></span>
+ (user ID) of the running process; the identity of the
+ privilege granting user is the <span class="emphasis"><em>EUID</em></span>
+ (effective user ID) of the running process; the identity of
+ the user, under whose name the service will be executed, is
+ given by the contents of the <span class="emphasis"><em>PAM_USER</em></span>
+ <span class="citerefentry"><span class="refentrytitle">pam_get_item</span>(3)</span>. Note, modules can change the values of
+ <span class="emphasis"><em>PAM_USER</em></span> and <span class="emphasis"><em>PAM_RUSER</em></span>
+ during any of the <code class="function">pam_*()</code> library calls.
+ For this reason, the application should take care to use the
+ <code class="function">pam_get_item()</code> every time it wishes to
+ establish who the authenticated user is (or will currently be).
+ </p><p>
+ For network-serving databases and other applications that provide
+ their own security model (independent of the OS kernel) the above
+ scheme is insufficient to identify the requesting user.
+ </p><p>
+ A more portable solution to storing the identity of the requesting
+ user is to use the <span class="emphasis"><em>PAM_RUSER</em></span> <span class="citerefentry"><span class="refentrytitle">pam_get_item</span>(3)</span>. The application should supply this value before
+ attempting to authenticate the user with
+ <code class="function">pam_authenticate()</code>. How well this name can be
+ trusted will ultimately be at the discretion of the local
+ administrator (who configures PAM for your application) and a
+ selected module may attempt to override the value where it can
+ obtain more reliable data. If an application is unable to determine
+ the identity of the requesting entity/user, it should not call
+ <span class="citerefentry"><span class="refentrytitle">pam_set_item</span>(3)</span> to set <span class="emphasis"><em>PAM_RUSER</em></span>.
+ </p><p>
+ In addition to the <span class="emphasis"><em>PAM_RUSER</em></span> item, the
+ application should supply the <span class="emphasis"><em>PAM_RHOST</em></span>
+ (<span class="emphasis"><em>requesting host</em></span>) item. As a general rule,
+ the following convention for its value can be assumed:
+ NULL = unknown; localhost = invoked directly from the local system;
+ <span class="emphasis"><em>other.place.xyz</em></span> = some component of the
+ user's connection originates from this remote/requesting host. At
+ present, PAM has no established convention for indicating whether
+ the application supports a trusted path to communication from
+ this host.
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-security-conv-function.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="adg-security.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="adg-security-resources.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.3.�The conversation function�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top">�4.5.�Sufficient resources</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/html/Linux-PAM_ADG.html new/Linux-PAM-1.1.0/doc/adg/html/Linux-PAM_ADG.html
--- old/Linux-PAM-1.0.92/doc/adg/html/Linux-PAM_ADG.html 2009-03-24 19:04:34.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/html/Linux-PAM_ADG.html 2009-06-16 10:48:20.000000000 +0200
@@ -1,9 +1,9 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM Application Developers' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what an application developer needs to know about the Linux-PAM library. It describes how an application might use the Linux-PAM library to authenticate users. In addition it contains a description of the funtions to be found in libpam_misc library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer."><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="next" href="adg-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM Application Developers' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="adg-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="adg"></a>The Linux-PAM Application Developers' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan@kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk@thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.0, 3. April 2008</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM Application Developers' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what an application developer needs to know about the Linux-PAM library. It describes how an application might use the Linux-PAM library to authenticate users. In addition it contains a description of the functions to be found in libpam_misc library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer."><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="next" href="adg-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM Application Developers' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="adg-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="adg"></a>The Linux-PAM Application Developers' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan@kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk@thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.1, 16. June 2009</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
This manual documents what an application developer needs to know
about the <span class="emphasis"><em>Linux-PAM</em></span> library. It
describes how an application might use the
<span class="emphasis"><em>Linux-PAM</em></span> library to authenticate
- users. In addition it contains a description of the funtions
+ users. In addition it contains a description of the functions
to be found in <code class="filename">libpam_misc</code> library, that can
be used in general applications. Finally, it contains some comments
on PAM related security issues for the application developer.
@@ -11,4 +11,4 @@
The public interface to Linux-PAM
</a></span></dt><dd><dl><dt><span class="section"><a href="adg-interface-by-app-expected.html">3.1. What can be expected by the application</a></span></dt><dd><dl><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_start">3.1.1. Initialization of PAM transaction</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_end">3.1.2. Termination of PAM transaction</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_set_item">3.1.3. Setting PAM items</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_get_item">3.1.4. Getting PAM items</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_strerror">3.1.5. Strings describing PAM error codes</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_fail_delay">3.1.6. Request a delay on failure</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_authenticate">3.1.7. Authenticating the user</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_setcred">3.1.8. Setting user credentials</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_acct_mgmt">3.1.9. Account validation management</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_chauthtok">3.1.10. Updating authentication tokens</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_open_session">3.1.11. Start PAM session management</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_close_session">3.1.12. terminating PAM session management</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_putenv">3.1.13. Set or change PAM environment variable</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_getenv">3.1.14. Get a PAM environment variable</a></span></dt><dt><span class="section"><a href="adg-interface-by-app-expected.html#adg-pam_getenvlist">3.1.15. Getting the PAM environment</a></span></dt></dl></dd><dt><span class="section"><a href="adg-interface-of-app-expected.html">3.2. What is expected of an application</a></span></dt><dd><dl><dt><span class="section"><a href="adg-interface-of-app-expected.html#adg-pam_conv">3.2.1. The conversation function</a></span></dt></dl></dd><dt><span class="section"><a href="adg-interface-programming-notes.html">3.3. Programming notes</a></span></dt></dl></dd><dt><span class="chapter"><a href="adg-security.html">4.
Security issues of Linux-PAM
- </a></span></dt><dd><dl><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-usre-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></dd><dt><span class="chapter"><a href="adg-libpam_misc.html">5. A library of miscellaneous helper functions</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html">5.1. Functions supplied</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html#adg-misc_conv">5.1.1. Text based conversation function</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_paste_env">5.1.2. Transcribing an environment to that of PAM</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_drop_env">5.1.3. Liberating a locally saved environment</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_setenv">5.1.4. BSD like PAM environment variable setting</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="adg-porting.html">6. Porting legacy applications</a></span></dt><dt><span class="chapter"><a href="adg-glossary.html">7. Glossary of PAM related terms</a></span></dt><dt><span class="chapter"><a href="adg-example.html">8. An example application</a></span></dt><dt><span class="chapter"><a href="adg-files.html">9. Files</a></span></dt><dt><span class="chapter"><a href="adg-see-also.html">10. See also</a></span></dt><dt><span class="chapter"><a href="adg-author.html">11. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="adg-copyright.html">12. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left">�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="adg-introduction.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">�</td><td width="20%" align="center">�</td><td width="40%" align="right" valign="top">�Chapter�1.�Introduction</td></tr></table></div></body></html>
+ </a></span></dt><dd><dl><dt><span class="section"><a href="adg-security-library-calls.html">4.1. Care about standard library calls</a></span></dt><dt><span class="section"><a href="adg-security-service-name.html">4.2. Choice of a service name</a></span></dt><dt><span class="section"><a href="adg-security-conv-function.html">4.3. The conversation function</a></span></dt><dt><span class="section"><a href="adg-security-user-identity.html">4.4. The identity of the user</a></span></dt><dt><span class="section"><a href="adg-security-resources.html">4.5. Sufficient resources</a></span></dt></dl></dd><dt><span class="chapter"><a href="adg-libpam_misc.html">5. A library of miscellaneous helper functions</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html">5.1. Functions supplied</a></span></dt><dd><dl><dt><span class="section"><a href="adg-libpam-functions.html#adg-misc_conv">5.1.1. Text based conversation function</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_paste_env">5.1.2. Transcribing an environment to that of PAM</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_drop_env">5.1.3. Liberating a locally saved environment</a></span></dt><dt><span class="section"><a href="adg-libpam-functions.html#adg-pam_misc_setenv">5.1.4. BSD like PAM environment variable setting</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="adg-porting.html">6. Porting legacy applications</a></span></dt><dt><span class="chapter"><a href="adg-glossary.html">7. Glossary of PAM related terms</a></span></dt><dt><span class="chapter"><a href="adg-example.html">8. An example application</a></span></dt><dt><span class="chapter"><a href="adg-files.html">9. Files</a></span></dt><dt><span class="chapter"><a href="adg-see-also.html">10. See also</a></span></dt><dt><span class="chapter"><a href="adg-author.html">11. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="adg-copyright.html">12. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left">�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="adg-introduction.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">�</td><td width="20%" align="center">�</td><td width="40%" align="right" valign="top">�Chapter�1.�Introduction</td></tr></table></div></body></html>
Files old/Linux-PAM-1.0.92/doc/adg/Linux-PAM_ADG.pdf and new/Linux-PAM-1.1.0/doc/adg/Linux-PAM_ADG.pdf differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/adg/Linux-PAM_ADG.txt new/Linux-PAM-1.1.0/doc/adg/Linux-PAM_ADG.txt
--- old/Linux-PAM-1.0.92/doc/adg/Linux-PAM_ADG.txt 2009-03-24 19:04:25.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/adg/Linux-PAM_ADG.txt 2009-06-16 10:48:11.000000000 +0200
@@ -8,14 +8,14 @@
-Version 1.0, 3. April 2008
+Version 1.1, 16. June 2009
Abstract
This manual documents what an application developer needs to know about the
Linux-PAM library. It describes how an application might use the Linux-PAM
library to authenticate users. In addition it contains a description of the
-funtions to be found in libpam_misc library, that can be used in general
+functions to be found in libpam_misc library, that can be used in general
applications. Finally, it contains some comments on PAM related security issues
for the application developer.
@@ -1359,14 +1359,14 @@
The need for keeping tabs on these identities is clearly an issue of security.
One convention that is actively used by some modules is that the identity of
-the user requesting a service should be the current UID (userid) of the running
-process; the identity of the privilege granting user is the EUID (effective
-userid) of the running process; the identity of the user, under whose name the
-service will be executed, is given by the contents of the PAM_USER pam_get_item
-(3). Note, modules can change the values of PAM_USER and PAM_RUSER during any
-of the pam_*() library calls. For this reason, the application should take care
-to use the pam_get_item() every time it wishes to establish who the
-authenticated user is (or will currently be).
+the user requesting a service should be the current UID (user ID) of the
+running process; the identity of the privilege granting user is the EUID
+(effective user ID) of the running process; the identity of the user, under
+whose name the service will be executed, is given by the contents of the
+PAM_USER pam_get_item(3). Note, modules can change the values of PAM_USER and
+PAM_RUSER during any of the pam_*() library calls. For this reason, the
+application should take care to use the pam_get_item() every time it wishes to
+establish who the authenticated user is (or will currently be).
For network-serving databases and other applications that provide their own
security model (independent of the OS kernel) the above scheme is insufficient
@@ -1399,14 +1399,14 @@
This is also true of conversation prompts. The application should not accept
prompts of arbitrary length with out checking for resource allocation failure
-and dealing with such extreme conditions gracefully and in a mannor that
+and dealing with such extreme conditions gracefully and in a manner that
preserves the PAM API. Such tolerance may be especially important when
attempting to track a malicious adversary.
Chapter 5. A library of miscellaneous helper functions
To aid the work of the application developer a library of miscellaneous
-functions is provided. It is called libpam_miscy, and contains a text based
+functions is provided. It is called libpam_misc, and contains a text based
conversation function, and routines for enhancing the standard PAM-environment
variable support.
@@ -1593,10 +1593,10 @@
Generally, this is a password. However, a user can authenticate him/herself
in a variety of ways. Updating the user's authentication token thus
- corresponds to refreshing the object they use to authenticate themself with
- the system. The word password is avoided to keep open the possibility that
- the authentication involves a retinal scan or other non-textual mode of
- challenge/response.
+ corresponds to refreshing the object they use to authenticate them self
+ with the system. The word password is avoided to keep open the possibility
+ that the authentication involves a retinal scan or other non-textual mode
+ of challenge/response.
Credentials
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/Linux-PAM_MWG.html new/Linux-PAM-1.1.0/doc/mwg/html/Linux-PAM_MWG.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/Linux-PAM_MWG.html 2009-03-24 19:05:03.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/Linux-PAM_MWG.html 2009-06-16 10:48:52.000000000 +0200
@@ -1,10 +1,10 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM Module Writers' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what a programmer needs to know in order to write a module that conforms to the Linux-PAM standard.It also discusses some security issues from the point of view of the module programmer."><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="next" href="mwg-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM Module Writers' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="mwg"></a>The Linux-PAM Module Writers' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan@kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk@thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.0, 3. April 2008</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM Module Writers' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what a programmer needs to know in order to write a module that conforms to the Linux-PAM standard.It also discusses some security issues from the point of view of the module programmer."><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="next" href="mwg-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM Module Writers' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="mwg"></a>The Linux-PAM Module Writers' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan@kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk@thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.1, 16. June 2009</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
This manual documents what a programmer needs to know in order
to write a module that conforms to the
<span class="emphasis"><em>Linux-PAM</em></span> standard.It also
discusses some security issues from the point of view of the
module programmer.
- </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="mwg-introduction.html">1. Introduction</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-introduction-description.html">1.1. Description</a></span></dt><dt><span class="section"><a href="mwg-introducton-synopsis.html">1.2. Synopsis</a></span></dt></dl></dd><dt><span class="chapter"><a href="mwg-expected-by-module.html">2. What can be expected by the module</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html">2.1.
+ </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="mwg-introduction.html">1. Introduction</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-introduction-description.html">1.1. Description</a></span></dt><dt><span class="section"><a href="mwg-introduction-synopsis.html">1.2. Synopsis</a></span></dt></dl></dd><dt><span class="chapter"><a href="mwg-expected-by-module.html">2. What can be expected by the module</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html">2.1.
Getting and setting PAM_ITEMs and
data
</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_set_data">2.1.1. Set module internal data</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_data">2.1.2. Get module internal data</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_set_item">2.1.3. Setting PAM items</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_item">2.1.4. Getting PAM items</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_user">2.1.5. Get user name</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_conv">2.1.6. The conversation function</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_putenv">2.1.7. Set or change PAM environment variable</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_getenv">2.1.8. Get a PAM environment variable</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_getenvlist">2.1.9. Getting the PAM environment</a></span></dt></dl></dd><dt><span class="section"><a href="mwg-expected-by-module-other.html">2.2.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-by-module.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-by-module.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-by-module.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-by-module.html 2009-06-16 10:48:51.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�2.�What can be expected by the module</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="prev" href="mwg-introducton-synopsis.html" title="1.2.�Synopsis"><link rel="next" href="mwg-expected-by-module-item.html" title="2.1.� Getting and setting PAM_ITEMs and data"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�2.�What can be expected by the module</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introducton-synopsis.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-expected-by-module-item.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="mwg-expected-by-module"></a>Chapter�2.�What can be expected by the module</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html">2.1.
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�2.�What can be expected by the module</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="prev" href="mwg-introduction-synopsis.html" title="1.2.�Synopsis"><link rel="next" href="mwg-expected-by-module-item.html" title="2.1.� Getting and setting PAM_ITEMs and data"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�2.�What can be expected by the module</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introduction-synopsis.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-expected-by-module-item.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="mwg-expected-by-module"></a>Chapter�2.�What can be expected by the module</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html">2.1.
Getting and setting PAM_ITEMs and
data
</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_set_data">2.1.1. Set module internal data</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_data">2.1.2. Get module internal data</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_set_item">2.1.3. Setting PAM items</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_item">2.1.4. Getting PAM items</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_get_user">2.1.5. Get user name</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#mwg-pam_conv">2.1.6. The conversation function</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_putenv">2.1.7. Set or change PAM environment variable</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_getenv">2.1.8. Get a PAM environment variable</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-item.html#adg-pam_getenvlist">2.1.9. Getting the PAM environment</a></span></dt></dl></dd><dt><span class="section"><a href="mwg-expected-by-module-other.html">2.2.
@@ -6,7 +6,7 @@
</a></span></dt><dd><dl><dt><span class="section"><a href="mwg-expected-by-module-other.html#adg-pam_strerror">2.2.1. Strings describing PAM error codes</a></span></dt><dt><span class="section"><a href="mwg-expected-by-module-other.html#adg-pam_fail_delay">2.2.2. Request a delay on failure</a></span></dt></dl></dd></dl></div><p>
Here we list the interface that the conventions that all
<span class="emphasis"><em>Linux-PAM</em></span> modules must adhere to.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introducton-synopsis.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="mwg-expected-by-module-item.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">1.2.�Synopsis�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�2.1.�
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introduction-synopsis.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="mwg-expected-by-module-item.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">1.2.�Synopsis�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�2.1.�
Getting and setting PAM_ITEMs and
data
</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-by-module-item.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-by-module-item.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-by-module-item.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-by-module-item.html 2009-06-16 10:48:51.000000000 +0200
@@ -8,7 +8,7 @@
First, we cover what the module should expect from the
<span class="emphasis"><em>Linux-PAM</em></span> library and a
<span class="emphasis"><em>Linux-PAM</em></span> aware application.
- Essesntially this is the <code class="filename">libpam.*</code> library.
+ Essentially this is the <code class="filename">libpam.*</code> library.
</p><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="mwg-pam_set_data"></a>2.1.1.�Set module internal data</h3></div></div></div><div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <security/pam_modules.h></pre><table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" class="funcprototype-table"><tr><td><code class="funcdef">int <b class="fsfunc">pam_set_data</b>(</code></td><td><var class="pdparam">pamh</var>, </td><td>�</td></tr><tr><td>�</td><td><var class="pdparam">module_data_name</var>, </td><td>�</td></tr><tr><td>�</td><td><var class="pdparam">data</var>, </td><td>�</td></tr><tr><td>�</td><td><var class="pdparam">(*cleanup)(pam_handle_t *pamh, void *data, int error_status)</var><code>)</code>;</td><td>�</td></tr></table><div class="paramdef-list"><code>pam_handle_t *<var class="pdparam">pamh</var></code>;<br><code>const char *<var class="pdparam">module_data_name</var></code>;<br><code>void *<var class="pdparam">data</var></code>;<br><code>void <var class="pdparam">(*cleanup)(pam_handle_t *pamh, void *data, int error_status)</var></code>;</div><div class="funcprototype-spacer">�</div></div><div class="section" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="mwg-pam_set_data-description"></a>2.1.1.1.�DESCRIPTION</h4></div></div></div><p>
The <code class="function">pam_set_data</code> function associates a pointer
to an object with the (hopefully) unique string
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-of-module-overview.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-of-module-overview.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-expected-of-module-overview.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-expected-of-module-overview.html 2009-06-16 10:48:51.000000000 +0200
@@ -23,7 +23,7 @@
token of some lesser user. In other cases it may not be
appropriate: when <span class="command"><strong>joe</strong></span> maliciously wants
to reset <span class="command"><strong>alice</strong></span>'s password; or when anyone
- other than the user themself wishes to reset their
+ other than the user them self wishes to reset their
<span class="emphasis"><em>KERBEROS</em></span> authentication token. A policy
for this action should be defined by any reasonable
authentication scheme, the module writer should consider
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction-description.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction-description.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction-description.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction-description.html 2009-06-16 10:48:50.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>1.1.�Description</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="prev" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="next" href="mwg-introducton-synopsis.html" title="1.2.�Synopsis"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">1.1.�Description</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introduction.html">Prev</a>�</td><th width="60%" align="center">Chapter�1.�Introduction</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introducton-synopsis.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="mwg-introduction-description"></a>1.1.�Description</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>1.1.�Description</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="prev" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="next" href="mwg-introduction-synopsis.html" title="1.2.�Synopsis"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">1.1.�Description</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introduction.html">Prev</a>�</td><th width="60%" align="center">Chapter�1.�Introduction</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction-synopsis.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="mwg-introduction-description"></a>1.1.�Description</h2></div></div></div><p>
<span class="emphasis"><em>Linux-PAM</em></span> (Pluggable Authentication
Modules for Linux) is a library that enables the local system
administrator to choose how individual applications authenticate
@@ -30,4 +30,4 @@
(entering a password etc..) the module should never call the
application directly. This exception requires a "conversation
mechanism" which is documented below.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introduction.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="mwg-introduction.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="mwg-introducton-synopsis.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�1.�Introduction�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�1.2.�Synopsis</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introduction.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="mwg-introduction.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="mwg-introduction-synopsis.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�1.�Introduction�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�1.2.�Synopsis</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction.html 2009-03-24 19:05:02.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction.html 2009-06-16 10:48:50.000000000 +0200
@@ -1 +1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�1.�Introduction</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="prev" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="next" href="mwg-introduction-description.html" title="1.1.�Description"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Linux-PAM_MWG.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction-description.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="mwg-introduction"></a>Chapter�1.�Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="mwg-introduction-description.html">1.1. Description</a></span></dt><dt><span class="section"><a href="mwg-introducton-synopsis.html">1.2. Synopsis</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Linux-PAM_MWG.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="mwg-introduction-description.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">The Linux-PAM Module Writers' Guide�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�1.1.�Description</td></tr></table></div></body></html>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�1.�Introduction</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="prev" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="next" href="mwg-introduction-description.html" title="1.1.�Description"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Linux-PAM_MWG.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="mwg-introduction-description.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="mwg-introduction"></a>Chapter�1.�Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="mwg-introduction-description.html">1.1. Description</a></span></dt><dt><span class="section"><a href="mwg-introduction-synopsis.html">1.2. Synopsis</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Linux-PAM_MWG.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="mwg-introduction-description.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">The Linux-PAM Module Writers' Guide�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�1.1.�Description</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction-synopsis.html new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction-synopsis.html
--- old/Linux-PAM-1.0.92/doc/mwg/html/mwg-introduction-synopsis.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/html/mwg-introduction-synopsis.html 2009-06-16 10:48:50.000000000 +0200
@@ -0,0 +1,6 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>1.2.�Synopsis</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_MWG.html" title="The Linux-PAM Module Writers' Guide"><link rel="up" href="mwg-introduction.html" title="Chapter�1.�Introduction"><link rel="prev" href="mwg-introduction-description.html" title="1.1.�Description"><link rel="next" href="mwg-expected-by-module.html" title="Chapter�2.�What can be expected by the module"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">1.2.�Synopsis</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="mwg-introduction-description.html">Prev</a>�</td><th width="60%" align="center">Chapter�1.�Introduction</th><td width="20%" align="right">�<a accesskey="n" href="mwg-expected-by-module.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="mwg-introduction-synopsis"></a>1.2.�Synopsis</h2></div></div></div><pre class="programlisting">
+#include <security/pam_modules.h>
+
+gcc -fPIC -c pam_module.c
+gcc -shared -o pam_module.so pam_module.o -lpam
+ </pre></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="mwg-introduction-description.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="mwg-introduction.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="mwg-expected-by-module.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">1.1.�Description�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_MWG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�2.�What can be expected by the module</td></tr></table></div></body></html>
Files old/Linux-PAM-1.0.92/doc/mwg/Linux-PAM_MWG.pdf and new/Linux-PAM-1.1.0/doc/mwg/Linux-PAM_MWG.pdf differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/mwg/Linux-PAM_MWG.txt new/Linux-PAM-1.1.0/doc/mwg/Linux-PAM_MWG.txt
--- old/Linux-PAM-1.0.92/doc/mwg/Linux-PAM_MWG.txt 2009-03-24 19:04:55.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/mwg/Linux-PAM_MWG.txt 2009-06-16 10:48:45.000000000 +0200
@@ -8,7 +8,7 @@
-Version 1.0, 3. April 2008
+Version 1.1, 16. June 2009
Abstract
@@ -128,7 +128,7 @@
2.1. Getting and setting PAM_ITEMs and data
First, we cover what the module should expect from the Linux-PAM library and a
-Linux-PAM aware application. Essesntially this is the libpam.* library.
+Linux-PAM aware application. Essentially this is the libpam.* library.
2.1.1. Set module internal data
@@ -902,7 +902,7 @@
Linux-PAM authenticate the user. In some cases this may be deemed appropriate:
when root wants to change the authentication token of some lesser user. In
other cases it may not be appropriate: when joe maliciously wants to reset
-alice's password; or when anyone other than the user themself wishes to reset
+alice's password; or when anyone other than the user them self wishes to reset
their KERBEROS authentication token. A policy for this action should be defined
by any reasonable authentication scheme, the module writer should consider this
when implementing a given module.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/Linux-PAM_SAG.html new/Linux-PAM-1.1.0/doc/sag/html/Linux-PAM_SAG.html
--- old/Linux-PAM-1.0.92/doc/sag/html/Linux-PAM_SAG.html 2009-05-05 16:04:28.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/Linux-PAM_SAG.html 2009-06-16 10:47:26.000000000 +0200
@@ -1,6 +1,6 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM System Administrators' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what a system-administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system."><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="next" href="sag-introductoin.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM System Administrators' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-introductoin.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="sag"></a>The Linux-PAM System Administrators' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan@kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk@thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.0, 3. April 2008</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>The Linux-PAM System Administrators' Guide</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><meta name="description" content="This manual documents what a system-administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system."><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="next" href="sag-introduction.html" title="Chapter�1.�Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM System Administrators' Guide</th></tr><tr><td width="20%" align="left">�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-introduction.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="sag"></a>The Linux-PAM System Administrators' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan@kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk@thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.1, 16. June 2009</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
This manual documents what a system-administrator needs to know about
the <span class="emphasis"><em>Linux-PAM</em></span> library. It covers the
correct syntax of the PAM configuration file and discusses strategies
for maintaining a secure system.
- </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="sag-introductoin.html">1. Introduction</a></span></dt><dt><span class="chapter"><a href="sag-text-conventions.html">2. Some comments on the text</a></span></dt><dt><span class="chapter"><a href="sag-overview.html">3. Overview</a></span></dt><dt><span class="chapter"><a href="sag-configuration.html">4. The Linux-PAM configuration file</a></span></dt><dd><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuratin-dirctory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-security-issues.html">5. Security issues</a></span></dt><dd><dl><dt><span class="section"><a href="sag-scurity-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-module-reference.html">6. A reference guide for available modules</a></span></dt><dd><dl><dt><span class="section"><a href="sag-pam_access.html">6.1. pam_access - logdaemon style login access control</a></span></dt><dt><span class="section"><a href="sag-pam_cracklib.html">6.2. pam_cracklib - checks the password against dictionary words</a></span></dt><dt><span class="section"><a href="sag-pam_debug.html">6.3. pam_debug - debug the PAM stack</a></span></dt><dt><span class="section"><a href="sag-pam_deny.html">6.4. pam_deny - locking-out PAM module</a></span></dt><dt><span class="section"><a href="sag-pam_echo.html">6.5. pam_echo - print text messages</a></span></dt><dt><span class="section"><a href="sag-pam_env.html">6.6. pam_env - set/unset environment variables</a></span></dt><dt><span class="section"><a href="sag-pam_exec.html">6.7. pam_exec - call an external command</a></span></dt><dt><span class="section"><a href="sag-pam_faildelay.html">6.8. pam_faildelay - change the delay on failure per-application</a></span></dt><dt><span class="section"><a href="sag-pam_filter.html">6.9. pam_filter - filter module</a></span></dt><dt><span class="section"><a href="sag-pam_ftp.html">6.10. pam_ftp - module for anonymous access</a></span></dt><dt><span class="section"><a href="sag-pam_group.html">6.11. pam_group - module to modify group access</a></span></dt><dt><span class="section"><a href="sag-pam_issue.html">6.12. pam_issue - add issue file to user prompt</a></span></dt><dt><span class="section"><a href="sag-pam_keyinit.html">6.13. pam_keyinit - display the keyinit file</a></span></dt><dt><span class="section"><a href="sag-pam_lastlog.html">6.14. pam_lastlog - display date of last login</a></span></dt><dt><span class="section"><a href="sag-pam_limits.html">6.15. pam_limits - limit resources</a></span></dt><dt><span class="section"><a href="sag-pam_listfile.html">6.16. pam_listfile - deny or allow services based on an arbitrary file</a></span></dt><dt><span class="section"><a href="sag-pam_localuser.html">6.17. pam_localuser - require users to be listed in /etc/passwd</a></span></dt><dt><span class="section"><a href="sag-pam_loginuid.html">6.18. pam_loginuid - record user's login uid to the process attribute</a></span></dt><dt><span class="section"><a href="sag-pam_mail.html">6.19. pam_mail - inform about available mail</a></span></dt><dt><span class="section"><a href="sag-pam_mkhomedir.html">6.20. pam_mkhomedir - create users home directory</a></span></dt><dt><span class="section"><a href="sag-pam_motd.html">6.21. pam_motd - display the motd file</a></span></dt><dt><span class="section"><a href="sag-pam_namespace.html">6.22. pam_namespace - setup a private namespace</a></span></dt><dt><span class="section"><a href="sag-pam_nologin.html">6.23. pam_nologin - prevent non-root users from login</a></span></dt><dt><span class="section"><a href="sag-pam_permit.html">6.24. pam_permit - the promiscuous module</a></span></dt><dt><span class="section"><a href="sag-pam_pwhistory.html">6.25. pam_pwhistory - grant access using .pwhistory file</a></span></dt><dt><span class="section"><a href="sag-pam_rhosts.html">6.26. pam_rhosts - grant access using .rhosts file</a></span></dt><dt><span class="section"><a href="sag-pam_rootok.html">6.27. pam_rootok - gain only root access</a></span></dt><dt><span class="section"><a href="sag-pam_securetty.html">6.28. pam_securetty - limit root login to special devices</a></span></dt><dt><span class="section"><a href="sag-pam_selinux.html">6.29. pam_selinux - set the default security context</a></span></dt><dt><span class="section"><a href="sag-pam_shells.html">6.30. pam_shells - check for valid login shell</a></span></dt><dt><span class="section"><a href="sag-pam_succeed_if.html">6.31. pam_succeed_if - test account characteristics</a></span></dt><dt><span class="section"><a href="sag-pam_tally.html">6.32. pam_tally - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_tally2.html">6.33. pam_tally2 - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_time.html">6.34. pam_time - time controled access</a></span></dt><dt><span class="section"><a href="sag-pam_timestamp.html">6.35. pam_timestamp - authenticate using cached successful authentication attempts</a></span></dt><dt><span class="section"><a href="sag-pam_umask.html">6.36. pam_umask - set the file mode creation mask</a></span></dt><dt><span class="section"><a href="sag-pam_unix.html">6.37. pam_unix - traditional password authentication</a></span></dt><dt><span class="section"><a href="sag-pam_userdb.html">6.38. pam_userdb - authenticate against a db database</a></span></dt><dt><span class="section"><a href="sag-pam_warn.html">6.39. pam_warn - logs all PAM items</a></span></dt><dt><span class="section"><a href="sag-pam_wheel.html">6.40. pam_wheel - only permit root access to members of group wheel</a></span></dt><dt><span class="section"><a href="sag-pam_xauth.html">6.41. pam_xauth - forward xauth keys between users</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-see-also.html">7. See also</a></span></dt><dt><span class="chapter"><a href="sag-author.html">8. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="sag-copyright.html">9. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left">�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-introductoin.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">�</td><td width="20%" align="center">�</td><td width="40%" align="right" valign="top">�Chapter�1.�Introduction</td></tr></table></div></body></html>
+ </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="sag-introduction.html">1. Introduction</a></span></dt><dt><span class="chapter"><a href="sag-text-conventions.html">2. Some comments on the text</a></span></dt><dt><span class="chapter"><a href="sag-overview.html">3. Overview</a></span></dt><dt><span class="chapter"><a href="sag-configuration.html">4. The Linux-PAM configuration file</a></span></dt><dd><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuration-directory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-security-issues.html">5. Security issues</a></span></dt><dd><dl><dt><span class="section"><a href="sag-security-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-module-reference.html">6. A reference guide for available modules</a></span></dt><dd><dl><dt><span class="section"><a href="sag-pam_access.html">6.1. pam_access - logdaemon style login access control</a></span></dt><dt><span class="section"><a href="sag-pam_cracklib.html">6.2. pam_cracklib - checks the password against dictionary words</a></span></dt><dt><span class="section"><a href="sag-pam_debug.html">6.3. pam_debug - debug the PAM stack</a></span></dt><dt><span class="section"><a href="sag-pam_deny.html">6.4. pam_deny - locking-out PAM module</a></span></dt><dt><span class="section"><a href="sag-pam_echo.html">6.5. pam_echo - print text messages</a></span></dt><dt><span class="section"><a href="sag-pam_env.html">6.6. pam_env - set/unset environment variables</a></span></dt><dt><span class="section"><a href="sag-pam_exec.html">6.7. pam_exec - call an external command</a></span></dt><dt><span class="section"><a href="sag-pam_faildelay.html">6.8. pam_faildelay - change the delay on failure per-application</a></span></dt><dt><span class="section"><a href="sag-pam_filter.html">6.9. pam_filter - filter module</a></span></dt><dt><span class="section"><a href="sag-pam_ftp.html">6.10. pam_ftp - module for anonymous access</a></span></dt><dt><span class="section"><a href="sag-pam_group.html">6.11. pam_group - module to modify group access</a></span></dt><dt><span class="section"><a href="sag-pam_issue.html">6.12. pam_issue - add issue file to user prompt</a></span></dt><dt><span class="section"><a href="sag-pam_keyinit.html">6.13. pam_keyinit - display the keyinit file</a></span></dt><dt><span class="section"><a href="sag-pam_lastlog.html">6.14. pam_lastlog - display date of last login</a></span></dt><dt><span class="section"><a href="sag-pam_limits.html">6.15. pam_limits - limit resources</a></span></dt><dt><span class="section"><a href="sag-pam_listfile.html">6.16. pam_listfile - deny or allow services based on an arbitrary file</a></span></dt><dt><span class="section"><a href="sag-pam_localuser.html">6.17. pam_localuser - require users to be listed in /etc/passwd</a></span></dt><dt><span class="section"><a href="sag-pam_loginuid.html">6.18. pam_loginuid - record user's login uid to the process attribute</a></span></dt><dt><span class="section"><a href="sag-pam_mail.html">6.19. pam_mail - inform about available mail</a></span></dt><dt><span class="section"><a href="sag-pam_mkhomedir.html">6.20. pam_mkhomedir - create users home directory</a></span></dt><dt><span class="section"><a href="sag-pam_motd.html">6.21. pam_motd - display the motd file</a></span></dt><dt><span class="section"><a href="sag-pam_namespace.html">6.22. pam_namespace - setup a private namespace</a></span></dt><dt><span class="section"><a href="sag-pam_nologin.html">6.23. pam_nologin - prevent non-root users from login</a></span></dt><dt><span class="section"><a href="sag-pam_permit.html">6.24. pam_permit - the promiscuous module</a></span></dt><dt><span class="section"><a href="sag-pam_pwhistory.html">6.25. pam_pwhistory - grant access using .pwhistory file</a></span></dt><dt><span class="section"><a href="sag-pam_rhosts.html">6.26. pam_rhosts - grant access using .rhosts file</a></span></dt><dt><span class="section"><a href="sag-pam_rootok.html">6.27. pam_rootok - gain only root access</a></span></dt><dt><span class="section"><a href="sag-pam_securetty.html">6.28. pam_securetty - limit root login to special devices</a></span></dt><dt><span class="section"><a href="sag-pam_selinux.html">6.29. pam_selinux - set the default security context</a></span></dt><dt><span class="section"><a href="sag-pam_shells.html">6.30. pam_shells - check for valid login shell</a></span></dt><dt><span class="section"><a href="sag-pam_succeed_if.html">6.31. pam_succeed_if - test account characteristics</a></span></dt><dt><span class="section"><a href="sag-pam_tally.html">6.32. pam_tally - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_tally2.html">6.33. pam_tally2 - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_time.html">6.34. pam_time - time controled access</a></span></dt><dt><span class="section"><a href="sag-pam_timestamp.html">6.35. pam_timestamp - authenticate using cached successful authentication attempts</a></span></dt><dt><span class="section"><a href="sag-pam_umask.html">6.36. pam_umask - set the file mode creation mask</a></span></dt><dt><span class="section"><a href="sag-pam_unix.html">6.37. pam_unix - traditional password authentication</a></span></dt><dt><span class="section"><a href="sag-pam_userdb.html">6.38. pam_userdb - authenticate against a db database</a></span></dt><dt><span class="section"><a href="sag-pam_warn.html">6.39. pam_warn - logs all PAM items</a></span></dt><dt><span class="section"><a href="sag-pam_wheel.html">6.40. pam_wheel - only permit root access to members of group wheel</a></span></dt><dt><span class="section"><a href="sag-pam_xauth.html">6.41. pam_xauth - forward xauth keys between users</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-see-also.html">7. See also</a></span></dt><dt><span class="chapter"><a href="sag-author.html">8. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="sag-copyright.html">9. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left">�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-introduction.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">�</td><td width="20%" align="center">�</td><td width="40%" align="right" valign="top">�Chapter�1.�Introduction</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-directory.html new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-directory.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-directory.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-directory.html 2009-06-16 10:47:20.000000000 +0200
@@ -0,0 +1,19 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.2.�Directory based configuration</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuration-file.html" title="4.1.�Configuration file syntax"><link rel="next" href="sag-configuration-example.html" title="4.3.�Example configuration file entries"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.2.�Directory based configuration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-file.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuration-example.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-directory"></a>4.2.�Directory based configuration</h2></div></div></div><p>
+ More flexible than the single configuration file is it to
+ configure libpam via the contents of the
+ <code class="filename">/etc/pam.d/</code> directory. In this case the
+ directory is filled with files each of which has a filename
+ equal to a service-name (in lower-case): it is the personal
+ configuration file for the named service.
+ </p><p>
+ The syntax of each file in /etc/pam.d/ is similar to that of the
+ <code class="filename">/etc/pam.conf</code> file and is made up of lines
+ of the following form:
+ </p><pre class="programlisting">
+type control module-path module-arguments
+ </pre><p>
+ The only difference being that the service-name is not present. The
+ service-name is of course the name of the given configuration file.
+ For example, <code class="filename">/etc/pam.d/login</code> contains the
+ configuration for the <span class="emphasis"><em>login</em></span> service.
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-file.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-configuration-example.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.1.�Configuration file syntax�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�4.3.�Example configuration file entries</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-example.html new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-example.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-example.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-example.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.3.�Example configuration file entries</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuratin-dirctory.html" title="4.2.�Directory based configuration"><link rel="next" href="sag-security-issues.html" title="Chapter�5.�Security issues"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3.�Example configuration file entries</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuratin-dirctory.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-security-issues.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-example"></a>4.3.�Example configuration file entries</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.3.�Example configuration file entries</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuration-directory.html" title="4.2.�Directory based configuration"><link rel="next" href="sag-security-issues.html" title="Chapter�5.�Security issues"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3.�Example configuration file entries</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-directory.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-security-issues.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-example"></a>4.3.�Example configuration file entries</h2></div></div></div><p>
In this section, we give some examples of entries that can
be present in the <span class="emphasis"><em>Linux-PAM</em></span>
configuration file. As a first attempt at configuring your
@@ -77,4 +77,4 @@
session required pam_unix.so
</pre><p>
In general this will provide a starting place for most applications.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuratin-dirctory.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-security-issues.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2.�Directory based configuration�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�5.�Security issues</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-directory.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-security-issues.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2.�Directory based configuration�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�5.�Security issues</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-file.html new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-file.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration-file.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration-file.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.1.�Configuration file syntax</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="next" href="sag-configuratin-dirctory.html" title="4.2.�Directory based configuration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.1.�Configuration file syntax</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuratin-dirctory.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-file"></a>4.1.�Configuration file syntax</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.1.�Configuration file syntax</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="prev" href="sag-configuration.html" title="Chapter�4.�The Linux-PAM configuration file"><link rel="next" href="sag-configuration-directory.html" title="4.2.�Directory based configuration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.1.�Configuration file syntax</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration.html">Prev</a>�</td><th width="60%" align="center">Chapter�4.�The Linux-PAM configuration file</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuration-directory.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-file"></a>4.1.�Configuration file syntax</h2></div></div></div><p>
The syntax of the <code class="filename">/etc/pam.conf</code>
configuration file is as follows. The file is made up of a list
of rules, each rule is typically placed on a single line,
@@ -227,4 +227,4 @@
the authentication process fail. A corresponding error is written to
the system log files with a call to
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-configuratin-dirctory.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�4.�The Linux-PAM configuration file�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�4.2.�Directory based configuration</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-configuration-directory.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�4.�The Linux-PAM configuration file�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�4.2.�Directory based configuration</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration.html new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-configuration.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-configuration.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�4.�The Linux-PAM configuration file</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-overview.html" title="Chapter�3.�Overview"><link rel="next" href="sag-configuration-file.html" title="4.1.�Configuration file syntax"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�4.�The Linux-PAM configuration file</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-overview.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuration-file.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-configuration"></a>Chapter�4.�The Linux-PAM configuration file</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuratin-dirctory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�4.�The Linux-PAM configuration file</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-overview.html" title="Chapter�3.�Overview"><link rel="next" href="sag-configuration-file.html" title="4.1.�Configuration file syntax"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�4.�The Linux-PAM configuration file</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-overview.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-configuration-file.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-configuration"></a>Chapter�4.�The Linux-PAM configuration file</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuration-directory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></div><p>
When a <span class="emphasis"><em>PAM</em></span> aware privilege granting application
is started, it activates its attachment to the PAM-API. This
activation performs a number of tasks, the most important being the
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-introduction.html new/Linux-PAM-1.1.0/doc/sag/html/sag-introduction.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-introduction.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-introduction.html 2009-06-16 10:47:20.000000000 +0200
@@ -0,0 +1,40 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�1.�Introduction</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="next" href="sag-text-conventions.html" title="Chapter�2.�Some comments on the text"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Linux-PAM_SAG.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-text-conventions.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-introduction"></a>Chapter�1.�Introduction</h2></div></div></div><p>
+ <span class="emphasis"><em>Linux-PAM</em></span> (Pluggable Authentication
+ Modules for Linux) is a suite of shared libraries that enable the
+ local system administrator to choose how applications authenticate users.
+ </p><p>
+ In other words, without (rewriting and) recompiling a PAM-aware
+ application, it is possible to switch between the authentication
+ mechanism(s) it uses. Indeed, one may entirely upgrade the local
+ authentication system without touching the applications themselves.
+ </p><p>
+ Historically an application that has required a given user to be
+ authenticated, has had to be compiled to use a specific authentication
+ mechanism. For example, in the case of traditional UN*X systems, the
+ identity of the user is verified by the user entering a correct
+ password. This password, after being prefixed by a two character
+ ``salt'', is encrypted (with crypt(3)). The user is then authenticated
+ if this encrypted password is identical to the second field of the
+ user's entry in the system password database (the
+ <code class="filename">/etc/passwd</code> file). On such systems, most if
+ not all forms of privileges are granted based on this single
+ authentication scheme. Privilege comes in the form of a personal
+ user-identifier (UID) and membership of various groups. Services and
+ applications are available based on the personal and group identity
+ of the user. Traditionally, group membership has been assigned based
+ on entries in the <code class="filename">/etc/group</code> file.
+ </p><p>
+ It is the purpose of the <span class="emphasis"><em>Linux-PAM</em></span>
+ project to separate the development of privilege granting software
+ from the development of secure and appropriate authentication schemes.
+ This is accomplished by providing a library of functions that an
+ application may use to request that a user be authenticated. This
+ PAM library is configured locally with a system file,
+ <code class="filename">/etc/pam.conf</code> (or a series of configuration
+ files located in <code class="filename">/etc/pam.d/</code>) to authenticate a
+ user request via the locally available authentication modules. The
+ modules themselves will usually be located in the directory
+ <code class="filename">/lib/security</code> or
+ <code class="filename">/lib64/security</code> and take the form of dynamically
+ loadable object files (see <span class="citerefentry"><span class="refentrytitle">dlopen</span>(3)</span>).
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Linux-PAM_SAG.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-text-conventions.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">The Linux-PAM System Administrators' Guide�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�2.�Some comments on the text</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-overview.html new/Linux-PAM-1.1.0/doc/sag/html/sag-overview.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-overview.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-overview.html 2009-06-16 10:47:20.000000000 +0200
@@ -96,7 +96,7 @@
If a program is going to use PAM, then it has to have PAM
functions explicitly coded into the program. If you have
access to the source code you can add the appropriate PAM
- functions. If you do not have accessto the source code, and
+ functions. If you do not have access to the source code, and
the binary does not have the PAM functions included, then
it is not possible to use PAM.
</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-text-conventions.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-configuration.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�2.�Some comments on the text�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�4.�The Linux-PAM configuration file</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_access.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_access.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_access.html 2009-05-05 16:04:23.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_access.html 2009-06-16 10:47:21.000000000 +0200
@@ -87,7 +87,7 @@
</p></dd><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
- A lot of debug informations are printed with
+ A lot of debug information is printed with
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
</p></dd><dt><span class="term">
<code class="option">noaudit</code>
@@ -102,7 +102,7 @@
<span class="emphasis"><em>fieldsep=|</em></span> will cause the
default `:' character to be treated as part of a field value
and `|' becomes the field separator. Doing this may be
- useful in conjuction with a system that wants to use
+ useful in conjunction with a system that wants to use
pam_access with X based applications, since the
<span class="emphasis"><em>PAM_TTY</em></span> item is likely to be
of the form "hostname:0" which includes a `:' character in
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_cracklib.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_cracklib.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_cracklib.html 2009-05-05 16:04:23.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_cracklib.html 2009-06-16 10:47:21.000000000 +0200
@@ -221,7 +221,7 @@
The first error can happen if <code class="option">use_authtok</code>
is specified.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
- A internal error occured.
+ A internal error occurred.
</p></dd></dl></div><p>
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_cracklib-examples"></a>6.2.5.�EXAMPLES</h3></div></div></div><p>
For an example of the use of this module, we show how it may be
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_echo.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_echo.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_echo.html 2009-05-05 16:04:23.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_echo.html 2009-06-16 10:47:22.000000000 +0200
@@ -27,7 +27,7 @@
exist, no message printed.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_echo-examples"></a>6.5.5.�EXAMPLES</h3></div></div></div><p>
For an example of the use of this module, we show how it may be
- used to print informations about good passwords:
+ used to print information about good passwords:
</p><pre class="programlisting">
password optional pam_echo.so file=/usr/share/doc/good-password.txt
password required pam_unix.so
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_env.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_env.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_env.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_env.html 2009-06-16 10:47:22.000000000 +0200
@@ -66,7 +66,7 @@
</p></dd><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
- A lot of debug informations are printed with
+ A lot of debug information is printed with
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
</p></dd><dt><span class="term">
<code class="option">envfile=<em class="replaceable"><code>/path/to/environment</code></em></code>
@@ -84,7 +84,7 @@
</span></dt><dd><p>
Indicate an alternative <code class="filename">.pam_environment</code>
file to override the default. This can be useful when different
- services need different environments. The filename is relativ to
+ services need different environments. The filename is relative to
the user home directory.
</p></dd><dt><span class="term">
<code class="option">user_readenv=<em class="replaceable"><code>0|1</code></em></code>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_exec.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_exec.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_exec.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_exec.html 2009-06-16 10:47:22.000000000 +0200
@@ -62,11 +62,11 @@
<code class="option">password</code> and <code class="option">session</code>) are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_exec-return_values"></a>6.7.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The external command runs successfull.
+ The external command was run successfully.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
No argument or a wrong number of arguments were given.
</p></dd><dt><span class="term">PAM_SYSTEM_ERR</span></dt><dd><p>
- A system error occured or the command to execute failed.
+ A system error occurred or the command to execute failed.
</p></dd><dt><span class="term">PAM_IGNORE</span></dt><dd><p>
<code class="function">pam_setcred</code> was called, which
does not execute the command.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_filter.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_filter.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_filter.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_filter.html 2009-06-16 10:47:22.000000000 +0200
@@ -96,7 +96,7 @@
<code class="option">password</code> and <code class="option">session</code>) are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_filter-return_values"></a>6.9.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The new filter was set successfull.
+ The new filter was set successfully.
</p></dd><dt><span class="term">PAM_ABORT</span></dt><dd><p>
Critical error, immediate abort.
</p></dd></dl></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_ftp.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_ftp.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_ftp.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_ftp.html 2009-06-16 10:47:22.000000000 +0200
@@ -45,7 +45,7 @@
Only the <code class="option">auth</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_ftp-return_values"></a>6.10.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The authentication was successfull.
+ The authentication was successful.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User not known.
</p></dd></dl></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_group.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_group.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_group.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_group.html 2009-06-16 10:47:22.000000000 +0200
@@ -19,7 +19,7 @@
provide any level of security, all file-systems that the user has write
access to should be mounted <span class="emphasis"><em>nosuid</em></span>.
</p><p>
- The pam_group module fuctions in parallel with the
+ The pam_group module functions in parallel with the
<code class="filename">/etc/group</code> file. If the user is granted any groups
based on the behavior of this module, they are granted
<span class="emphasis"><em>in addition</em></span> to those entries
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_issue.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_issue.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_issue.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_issue.html 2009-06-16 10:47:22.000000000 +0200
@@ -30,9 +30,9 @@
</p></dd><dt><span class="term">PAM_IGNORE</span></dt><dd><p>
The prompt was already changed.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
- A service module error occured.
+ A service module error occurred.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The new prompt was set successfull.
+ The new prompt was set successfully.
</p></dd></dl></div><p>
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_issue-examples"></a>6.12.5.�EXAMPLES</h3></div></div></div><p>
Add the following line to <code class="filename">/etc/pam.d/login</code> to
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_lastlog.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_lastlog.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_lastlog.html 2009-05-05 16:04:24.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_lastlog.html 2009-06-16 10:47:22.000000000 +0200
@@ -31,7 +31,7 @@
<code class="option">silent</code>
</span></dt><dd><p>
Don't inform the user about any previous login,
- just upate the <code class="filename">/var/log/lastlog</code> file.
+ just update the <code class="filename">/var/log/lastlog</code> file.
</p></dd><dt><span class="term">
<code class="option">never</code>
</span></dt><dd><p>
@@ -71,7 +71,7 @@
Only the <code class="option">session</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_lastlog-return_values"></a>6.14.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- Everything was successfull.
+ Everything was successful.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
Internal service module error.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_limits.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_limits.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_limits.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_limits.html 2009-06-16 10:47:23.000000000 +0200
@@ -14,11 +14,11 @@
by this limits, too.
</p><p>
By default limits are taken from the <code class="filename">/etc/security/limits.conf</code>
- config file. Then individual files from the <code class="filename">/etc/security/limits.d/</code>
+ config file. Then individual *.conf files from the <code class="filename">/etc/security/limits.d/</code>
directory are read. The files are parsed one after another in the order of "C" locale.
The effect of the individual files is the same as if all the files were
concatenated together in the order of parsing.
- If a config file is explicitely specified with a module option then the
+ If a config file is explicitly specified with a module option then the
files in the above directory are not parsed.
</p><p>
The module must not be called by a multithreaded application.
@@ -135,7 +135,7 @@
New limits could not be set.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
Cannot read config file.
- </p></dd><dt><span class="term">PAM_SESSEION_ERR</span></dt><dd><p>
+ </p></dd><dt><span class="term">PAM_SESSION_ERR</span></dt><dd><p>
Error recovering account name.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
Limits were changed.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_listfile.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_listfile.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_listfile.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_listfile.html 2009-06-16 10:47:23.000000000 +0200
@@ -66,7 +66,7 @@
<code class="option">file=<em class="replaceable"><code>/path/filename</code></em></code>
</span></dt><dd><p>
File containing one item per line. The file needs to be a plain
- file and not world writeable.
+ file and not world writable.
</p></dd><dt><span class="term">
<code class="option">onerr=[succeed|fail]</code>
</span></dt><dd><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_localuser.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_localuser.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_localuser.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_localuser.html 2009-06-16 10:47:23.000000000 +0200
@@ -29,7 +29,7 @@
<code class="option">password</code> and <code class="option">session</code>) are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_localuser-return_values"></a>6.17.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The new localuser was set successfull.
+ The new localuser was set successfully.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
No username was given.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_loginuid.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_loginuid.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_loginuid.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_loginuid.html 2009-06-16 10:47:23.000000000 +0200
@@ -18,7 +18,7 @@
Only the <code class="option">session</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_loginuid-return_values"></a>6.18.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SESSION_ERR</span></dt><dd><p>
- An error occured during session management.
+ An error occurred during session management.
</p></dd></dl></div><p>
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_loginuid-examples"></a>6.18.5.�EXAMPLES</h3></div></div></div><pre class="programlisting">
#%PAM-1.0
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_mkhomedir.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_mkhomedir.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_mkhomedir.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_mkhomedir.html 2009-06-16 10:47:23.000000000 +0200
@@ -11,7 +11,7 @@
without using a distributed file system or pre-creating a large
number of directories. The skeleton directory (usually
<code class="filename">/etc/skel/</code>) is used to copy default files
- and also set's a umask for the creation.
+ and also sets a umask for the creation.
</p><p>
The new users home directory will not be removed after logout
of the user.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_motd.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_motd.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_motd.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_motd.html 2009-06-16 10:47:23.000000000 +0200
@@ -2,7 +2,7 @@
motd=<em class="replaceable"><code>/path/filename</code></em>
]</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-description"></a>6.21.1.�DESCRIPTION</h3></div></div></div><p>
pam_motd is a PAM module that can be used to display
- arbitrary motd (message of the day) files after a succesful
+ arbitrary motd (message of the day) files after a successful
login. By default the <code class="filename">/etc/motd</code> file is
shown. The message size is limited to 64KB.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_motd-options"></a>6.21.2.�OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_namespace.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_namespace.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_namespace.html 2009-05-05 16:04:25.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_namespace.html 2009-06-16 10:47:23.000000000 +0200
@@ -25,7 +25,7 @@
using SELinux, user name, security context or both. If an executable
script <code class="filename">/etc/security/namespace.init</code> exists, it
is used to initialize the instance directory after it is set up
- and mounted on the polyinstantiated direcory. The script receives the
+ and mounted on the polyinstantiated directory. The script receives the
polyinstantiated directory path, the instance directory path, flag
whether the instance directory was newly created (0 for no, 1 for yes),
and the user name as its arguments.
@@ -188,7 +188,7 @@
<code class="option">no_unmount_on_close</code>
</span></dt><dd><p>
For certain trusted programs such as newrole, open session
- is called from a child process while the parent perfoms
+ is called from a child process while the parent performs
close session and pam end functions. For these commands
use this option to instruct pam_close_session to not
unmount the bind mounted polyinstantiated directory in the
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_pwhistory.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_pwhistory.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_pwhistory.html 2009-05-05 16:04:26.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_pwhistory.html 2009-06-16 10:47:24.000000000 +0200
@@ -15,8 +15,8 @@
to force password change history and keep the user from
alternating between the same password too frequently.
</p><p>
- This module does not work togehter with kerberos. In general,
- it does not make much sense to use this module in conjuction
+ This module does not work together with kerberos. In general,
+ it does not make much sense to use this module in conjunction
with NIS or LDAP, since the old passwords are stored on the
local machine and are not available on another machine for
password history checking.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_selinux.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_selinux.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_selinux.html 2009-05-05 16:04:26.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_selinux.html 2009-06-16 10:47:24.000000000 +0200
@@ -74,14 +74,14 @@
<code class="option">use_current_range</code>
</span></dt><dd><p>
Use the sensitivity level of the current process for the user context
- instead of the default level. Also supresses asking of the
+ instead of the default level. Also suppresses asking of the
sensitivity level from the user or obtaining it from PAM environment.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_selinux-types"></a>6.29.3.�MODULE TYPES PROVIDED</h3></div></div></div><p>
Only the <code class="option">session</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_selinux-return_values"></a>6.29.4.�RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
Unable to get or set a valid context.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The security context was set successfull.
+ The security context was set successfully.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
The user is not known to the system.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_selinux-examples"></a>6.29.5.�EXAMPLES</h3></div></div></div><pre class="programlisting">
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_succeed_if.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_succeed_if.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_succeed_if.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_succeed_if.html 2009-06-16 10:47:24.000000000 +0200
@@ -46,7 +46,7 @@
</p></dd><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
The condition was false.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
- A service error occured or the arguments can't be
+ A service error occurred or the arguments can't be
parsed correctly.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_succeed_if-examples"></a>6.31.5.�EXAMPLES</h3></div></div></div><p>
To emulate the behaviour of <span class="emphasis"><em>pam_wheel</em></span>, except
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_tally2.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_tally2.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_tally2.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_tally2.html 2009-06-16 10:47:25.000000000 +0200
@@ -59,7 +59,7 @@
<code class="option">onerr=[<em class="replaceable"><code>fail</code></em>|<em class="replaceable"><code>succeed</code></em>]</code>
</span></dt><dd><p>
If something weird happens (like unable to open the file),
- return with <span class="errorcode">PAM_SUCESS</span> if
+ return with <span class="errorcode">PAM_SUCCESS</span> if
<code class="option">onerr=<em class="replaceable"><code>succeed</code></em></code>
is given, else with the corresponding PAM error code.
</p></dd><dt><span class="term">
@@ -108,7 +108,7 @@
<code class="option">magic_root</code>
</span></dt><dd><p>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <span class="command"><strong>su</strong></span>,
otherwise this argument should be omitted.
</p></dd><dt><span class="term">
@@ -125,7 +125,7 @@
</span></dt><dd><p>
This option implies <code class="option">even_deny_root</code> option.
Allow access after <em class="replaceable"><code>n</code></em> seconds
- to root acccount after failed attempt. If this option is used
+ to root account after failed attempt. If this option is used
the root user will be locked out for the specified amount of
time after he exceeded his maximum allowed attempts.
</p></dd><dt><span class="term">
@@ -144,14 +144,14 @@
</span></dt><dd><p>
Account phase resets attempts counter if the user is
<span class="emphasis"><em>not</em></span> magic root.
- This phase can be used optionaly for services which don't call
+ This phase can be used optionally for services which don't call
<span class="citerefentry"><span class="refentrytitle">pam_setcred</span>(3)</span> correctly or if the reset should be done regardless
of the failure of the account phase of other modules.
</p><div class="variablelist"><dl><dt><span class="term">
<code class="option">magic_root</code>
</span></dt><dd><p>
If the module is invoked by a user with uid=0 the
- counter is not changed. The sys-admin should use this
+ counter is not changed. The sysadmin should use this
for user launched services, like <span class="command"><strong>su</strong></span>,
otherwise this argument should be omitted.
</p></dd></dl></div></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally2-types"></a>6.33.3.�MODULE TYPES PROVIDED</h3></div></div></div><p>
@@ -159,10 +159,10 @@
module types are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally2-return_values"></a>6.33.4.�RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
A invalid option was given, the module was not able
- to retrive the user name, no valid counter file
+ to retrieve the user name, no valid counter file
was found, or too many failed logins.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- Everything was successfull.
+ Everything was successful.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User not known.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally2-notes"></a>6.33.5.�NOTES</h3></div></div></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_tally.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_tally.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_tally.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_tally.html 2009-06-16 10:47:24.000000000 +0200
@@ -63,7 +63,7 @@
<code class="option">onerr=[<em class="replaceable"><code>fail</code></em>|<em class="replaceable"><code>succeed</code></em>]</code>
</span></dt><dd><p>
If something weird happens (like unable to open the file),
- return with <span class="errorcode">PAM_SUCESS</span> if
+ return with <span class="errorcode">PAM_SUCCESS</span> if
<code class="option">onerr=<em class="replaceable"><code>succeed</code></em></code>
is given, else with the corresponding PAM error code.
</p></dd><dt><span class="term">
@@ -112,7 +112,7 @@
<code class="option">magic_root</code>
</span></dt><dd><p>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <span class="command"><strong>su</strong></span>,
otherwise this argument should be omitted.
</p></dd><dt><span class="term">
@@ -145,14 +145,14 @@
</span></dt><dd><p>
Account phase resets attempts counter if the user is
<span class="emphasis"><em>not</em></span> magic root.
- This phase can be used optionaly for services which don't call
+ This phase can be used optionally for services which don't call
<span class="citerefentry"><span class="refentrytitle">pam_setcred</span>(3)</span> correctly or if the reset should be done regardless
of the failure of the account phase of other modules.
</p><div class="variablelist"><dl><dt><span class="term">
<code class="option">magic_root</code>
</span></dt><dd><p>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <span class="command"><strong>su</strong></span>,
otherwise this argument should be omitted.
</p></dd><dt><span class="term">
@@ -164,10 +164,10 @@
module types are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally-return_values"></a>6.32.4.�RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
A invalid option was given, the module was not able
- to retrive the user name, no valid counter file
+ to retrieve the user name, no valid counter file
was found, or too many failed logins.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- Everything was successfull.
+ Everything was successful.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User not known.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_tally-examples"></a>6.32.5.�EXAMPLES</h3></div></div></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_time.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_time.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_time.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_time.html 2009-06-16 10:47:25.000000000 +0200
@@ -78,7 +78,7 @@
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_time-options"></a>6.34.3.�OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
- Some debug informations are printed with
+ Some debug information is printed with
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
</p></dd><dt><span class="term">
<code class="option">noaudit</code>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_timestamp.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_timestamp.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_timestamp.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_timestamp.html 2009-06-16 10:47:25.000000000 +0200
@@ -32,10 +32,10 @@
The <code class="option">auth</code> and <code class="option">session</code>
module types are provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_timestamp-return_values"></a>6.35.4.�RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
- The module was not able to retrive the user name or
+ The module was not able to retrieve the user name or
no valid timestamp file was found.
</p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- Everything was successfull.
+ Everything was successful.
</p></dd><dt><span class="term">PAM_SESSION_ERR</span></dt><dd><p>
Timestamp file could not be created or updated.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_timestamp-notes"></a>6.35.5.�NOTES</h3></div></div></div><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_umask.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_umask.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_umask.html 2009-05-05 16:04:27.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_umask.html 2009-06-16 10:47:25.000000000 +0200
@@ -54,7 +54,7 @@
Only the <code class="option">session</code> type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_umask-return_values"></a>6.36.4.�RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
- The new umask was set successfull.
+ The new umask was set successfully.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
No username was given.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_unix.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_unix.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_unix.html 2009-05-05 16:04:28.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_unix.html 2009-06-16 10:47:25.000000000 +0200
@@ -151,7 +151,7 @@
</p></dd><dt><span class="term">
<code class="option">broken_shadow</code>
</span></dt><dd><p>
- Ignore errors reading shadow inforation for
+ Ignore errors reading shadow information for
users in the account management module.
</p></dd></dl></div><p>
Invalid arguments are logged with <span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_xauth.html new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_xauth.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-pam_xauth.html 2009-05-05 16:04:28.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-pam_xauth.html 2009-06-16 10:47:25.000000000 +0200
@@ -11,7 +11,7 @@
(sometimes referred to as "cookies") between users.
</p><p>
Without pam_xauth, when xauth is enabled and a user uses the
- <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> command to assume another user's priviledges,
+ <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> command to assume another user's privileges,
that user is no longer able to access the original user's X display
because the new user does not have the key needed to access the
display. pam_xauth solves the problem by forwarding the key from
@@ -20,7 +20,7 @@
and destroying the key when the session is torn down.
</p><p>
This means, for example, that when you run
- <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> from an xterm sesssion, you will be able to run
+ <span class="citerefentry"><span class="refentrytitle">su</span>(1)</span> from an xterm session, you will be able to run
X programs without explicitly dealing with the
<span class="citerefentry"><span class="refentrytitle">xauth</span>(1)</span> xauth command or ~/.Xauthority files.
</p><p>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues.html new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues.html 2009-06-16 10:47:20.000000000 +0200
@@ -1 +1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�5.�Security issues</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-configuration-example.html" title="4.3.�Example configuration file entries"><link rel="next" href="sag-scurity-issues-wrong.html" title="5.1.�If something goes wrong"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�5.�Security issues</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-example.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-scurity-issues-wrong.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-security-issues"></a>Chapter�5.�Security issues</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="sag-scurity-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-example.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-scurity-issues-wrong.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.3.�Example configuration file entries�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�5.1.�If something goes wrong</td></tr></table></div></body></html>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�5.�Security issues</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-configuration-example.html" title="4.3.�Example configuration file entries"><link rel="next" href="sag-security-issues-wrong.html" title="5.1.�If something goes wrong"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�5.�Security issues</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-example.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-security-issues-wrong.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-security-issues"></a>Chapter�5.�Security issues</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="sag-security-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-example.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-security-issues-wrong.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.3.�Example configuration file entries�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�5.1.�If something goes wrong</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues-other.html new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues-other.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues-other.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues-other.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>5.2.�Avoid having a weak `other' configuration</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-security-issues.html" title="Chapter�5.�Security issues"><link rel="prev" href="sag-scurity-issues-wrong.html" title="5.1.�If something goes wrong"><link rel="next" href="sag-module-reference.html" title="Chapter�6.�A reference guide for available modules"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">5.2.�Avoid having a weak `other' configuration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-scurity-issues-wrong.html">Prev</a>�</td><th width="60%" align="center">Chapter�5.�Security issues</th><td width="20%" align="right">�<a accesskey="n" href="sag-module-reference.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-security-issues-other"></a>5.2.�Avoid having a weak `other' configuration</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>5.2.�Avoid having a weak `other' configuration</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-security-issues.html" title="Chapter�5.�Security issues"><link rel="prev" href="sag-security-issues-wrong.html" title="5.1.�If something goes wrong"><link rel="next" href="sag-module-reference.html" title="Chapter�6.�A reference guide for available modules"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">5.2.�Avoid having a weak `other' configuration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-security-issues-wrong.html">Prev</a>�</td><th width="60%" align="center">Chapter�5.�Security issues</th><td width="20%" align="right">�<a accesskey="n" href="sag-module-reference.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-security-issues-other"></a>5.2.�Avoid having a weak `other' configuration</h2></div></div></div><p>
It is not a good thing to have a weak default
(<span class="emphasis"><em>other</em></span>) entry.
This service is the default configuration for all PAM aware
@@ -21,4 +21,4 @@
password required pam_warn.so
session required pam_deny.so
session required pam_warn.so
- </pre></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-scurity-issues-wrong.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-security-issues.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-module-reference.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">5.1.�If something goes wrong�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�6.�A reference guide for available modules</td></tr></table></div></body></html>
+ </pre></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-security-issues-wrong.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-security-issues.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-module-reference.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">5.1.�If something goes wrong�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�6.�A reference guide for available modules</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues-wrong.html new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues-wrong.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-security-issues-wrong.html 1970-01-01 01:00:00.000000000 +0100
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-security-issues-wrong.html 2009-06-16 10:47:20.000000000 +0200
@@ -0,0 +1,19 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>5.1.�If something goes wrong</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-security-issues.html" title="Chapter�5.�Security issues"><link rel="prev" href="sag-security-issues.html" title="Chapter�5.�Security issues"><link rel="next" href="sag-security-issues-other.html" title="5.2.�Avoid having a weak `other' configuration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">5.1.�If something goes wrong</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-security-issues.html">Prev</a>�</td><th width="60%" align="center">Chapter�5.�Security issues</th><td width="20%" align="right">�<a accesskey="n" href="sag-security-issues-other.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-security-issues-wrong"></a>5.1.�If something goes wrong</h2></div></div></div><p>
+ <span class="emphasis"><em>Linux-PAM</em></span> has the potential
+ to seriously change the security of your system. You can
+ choose to have no security or absolute security (no access
+ permitted). In general, <span class="emphasis"><em>Linux-PAM</em></span>
+ errs towards the latter. Any number of configuration errors
+ can disable access to your system partially, or completely.
+ </p><p>
+ The most dramatic problem that is likely to be encountered when
+ configuring <span class="emphasis"><em>Linux-PAM</em></span> is that of
+ <span class="emphasis"><em>deleting</em></span> the configuration file(s):
+ <code class="filename">/etc/pam.d/*</code> and/or
+ <code class="filename">/etc/pam.conf</code>. This will lock you out of
+ your own system!
+ </p><p>
+ To recover, your best bet is to restore the system from a
+ backup or boot the system into a rescue system and correct
+ things from there.
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-security-issues.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="sag-security-issues.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="sag-security-issues-other.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�5.�Security issues�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�5.2.�Avoid having a weak `other' configuration</td></tr></table></div></body></html>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/html/sag-text-conventions.html new/Linux-PAM-1.1.0/doc/sag/html/sag-text-conventions.html
--- old/Linux-PAM-1.0.92/doc/sag/html/sag-text-conventions.html 2009-05-05 16:04:22.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/html/sag-text-conventions.html 2009-06-16 10:47:20.000000000 +0200
@@ -1,11 +1,11 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�2.�Some comments on the text</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-introductoin.html" title="Chapter�1.�Introduction"><link rel="next" href="sag-overview.html" title="Chapter�3.�Overview"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�2.�Some comments on the text</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-introductoin.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-overview.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-text-conventions"></a>Chapter�2.�Some comments on the text</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�2.�Some comments on the text</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="prev" href="sag-introduction.html" title="Chapter�1.�Introduction"><link rel="next" href="sag-overview.html" title="Chapter�3.�Overview"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�2.�Some comments on the text</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-introduction.html">Prev</a>�</td><th width="60%" align="center">�</th><td width="20%" align="right">�<a accesskey="n" href="sag-overview.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="sag-text-conventions"></a>Chapter�2.�Some comments on the text</h2></div></div></div><p>
Before proceeding to read the rest of this document, it should be
noted that the text assumes that certain files are placed in certain
directories. Where they have been specified, the conventions we adopt
here for locating these files are those of the relevant RFC (RFC-86.0,
see <a class="link" href="sag-see-also.html" title="Chapter�7.�See also">bibliography"</a>). If you are
using a distribution of Linux (or some other operating system) that
- supports PAM but chooses to distribute these files in a diferent way
+ supports PAM but chooses to distribute these files in a different way
you should be careful when copying examples directly from the text.
</p><p>
As an example of the above, where it is explicit, the text assumes
@@ -19,4 +19,4 @@
these files can be found in <code class="filename">/usr/lib/security</code>.
Please be careful to perform the necessary transcription when using
the examples from the text.
- </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-introductoin.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-overview.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�1.�Introduction�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�3.�Overview</td></tr></table></div></body></html>
+ </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-introduction.html">Prev</a>�</td><td width="20%" align="center">�</td><td width="40%" align="right">�<a accesskey="n" href="sag-overview.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�1.�Introduction�</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�3.�Overview</td></tr></table></div></body></html>
Files old/Linux-PAM-1.0.92/doc/sag/Linux-PAM_SAG.pdf and new/Linux-PAM-1.1.0/doc/sag/Linux-PAM_SAG.pdf differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Linux-PAM-1.0.92/doc/sag/Linux-PAM_SAG.txt new/Linux-PAM-1.1.0/doc/sag/Linux-PAM_SAG.txt
--- old/Linux-PAM-1.0.92/doc/sag/Linux-PAM_SAG.txt 2009-05-05 16:04:05.000000000 +0200
+++ new/Linux-PAM-1.1.0/doc/sag/Linux-PAM_SAG.txt 2009-06-16 10:47:04.000000000 +0200
@@ -8,7 +8,7 @@
-Version 1.0, 3. April 2008
+Version 1.1, 16. June 2009
Abstract
@@ -124,7 +124,7 @@
they have been specified, the conventions we adopt here for locating these
files are those of the relevant RFC (RFC-86.0, see bibliography"). If you are
using a distribution of Linux (or some other operating system) that supports
-PAM but chooses to distribute these files in a diferent way you should be
+PAM but chooses to distribute these files in a different way you should be
careful when copying examples directly from the text.
As an example of the above, where it is explicit, the text assumes that PAM
@@ -215,9 +215,9 @@
If a program is going to use PAM, then it has to have PAM functions explicitly
coded into the program. If you have access to the source code you can add the
-appropriate PAM functions. If you do not have accessto the source code, and the
-binary does not have the PAM functions included, then it is not possible to use
-PAM.
+appropriate PAM functions. If you do not have access to the source code, and
+the binary does not have the PAM functions included, then it is not possible to
+use PAM.
Chapter 4. The Linux-PAM configuration file
@@ -552,7 +552,7 @@
Linux-PAM has the potential to seriously change the security of your system.
You can choose to have no security or absolute security (no access permitted).
In general, Linux-PAM errs towards the latter. Any number of configuration
-errors can dissable access to your system partially, or completely.
+errors can disable access to your system partially, or completely.
The most dramatic problem that is likely to be encountered when configuring
Linux-PAM is that of deleting the configuration file(s): /etc/pam.d/* and/or /
@@ -660,7 +660,7 @@
debug
- A lot of debug informations are printed with syslog(3).
+ A lot of debug information is printed with syslog(3).
noaudit
@@ -672,7 +672,7 @@
recognize when parsing the access configuration file. For example: fieldsep
=| will cause the default `:' character to be treated as part of a field
value and `|' becomes the field separator. Doing this may be useful in
- conjuction with a system that wants to use pam_access with X based
+ conjunction with a system that wants to use pam_access with X based
applications, since the PAM_TTY item is likely to be of the form
"hostname:0" which includes a `:' character in its value. But you should
not need this.
@@ -1003,7 +1003,7 @@
PAM_SERVICE_ERR
- A internal error occured.
+ A internal error occurred.
6.2.5. EXAMPLES
@@ -1253,7 +1253,7 @@
6.5.5. EXAMPLES
For an example of the use of this module, we show how it may be used to print
-informations about good passwords:
+information about good passwords:
password optional pam_echo.so file=/usr/share/doc/good-password.txt
password required pam_unix.so
@@ -1319,7 +1319,7 @@
debug
- A lot of debug informations are printed with syslog(3).
+ A lot of debug information is printed with syslog(3).
envfile=/path/to/environment
@@ -1335,7 +1335,7 @@
Indicate an alternative .pam_environment file to override the default. This
can be useful when different services need different environments. The
- filename is relativ to the user home directory.
+ filename is relative to the user home directory.
user_readenv=0|1
@@ -1465,7 +1465,7 @@
PAM_SUCCESS
- The external command runs successfull.
+ The external command was run successfully.
PAM_SERVICE_ERR
@@ -1473,7 +1473,7 @@
PAM_SYSTEM_ERR
- A system error occured or the command to execute failed.
+ A system error occurred or the command to execute failed.
PAM_IGNORE
@@ -1618,7 +1618,7 @@
PAM_SUCCESS
- The new filter was set successfull.
+ The new filter was set successfully.
PAM_ABORT
@@ -1677,7 +1677,7 @@
PAM_SUCCESS
- The authentication was successfull.
+ The authentication was successful.
PAM_USER_UNKNOWN
@@ -1726,9 +1726,9 @@
provide any level of security, all file-systems that the user has write access
to should be mounted nosuid.
-The pam_group module fuctions in parallel with the /etc/group file. If the user
-is granted any groups based on the behavior of this module, they are granted in
-addition to those entries /etc/group (or equivalent).
+The pam_group module functions in parallel with the /etc/group file. If the
+user is granted any groups based on the behavior of this module, they are
+granted in addition to those entries /etc/group (or equivalent).
6.11.2. DESCRIPTION
@@ -1922,11 +1922,11 @@
PAM_SERVICE_ERR
- A service module error occured.
+ A service module error occurred.
PAM_SUCCESS
- The new prompt was set successfull.
+ The new prompt was set successfully.
6.12.5. EXAMPLES
@@ -2064,7 +2064,7 @@
silent
- Don't inform the user about any previous login, just upate the /var/log/
+ Don't inform the user about any previous login, just update the /var/log/
lastlog file.
never
@@ -2106,7 +2106,7 @@
PAM_SUCCESS
- Everything was successfull.
+ Everything was successful.
PAM_SERVICE_ERR
@@ -2139,11 +2139,12 @@
obtained in a user-session. Users of uid=0 are affected by this limits, too.
By default limits are taken from the /etc/security/limits.conf config file.
-Then individual files from the /etc/security/limits.d/ directory are read. The
-files are parsed one after another in the order of "C" locale. The effect of
-the individual files is the same as if all the files were concatenated together
-in the order of parsing. If a config file is explicitely specified with a
-module option then the files in the above directory are not parsed.
+Then individual *.conf files from the /etc/security/limits.d/ directory are
+read. The files are parsed one after another in the order of "C" locale. The
+effect of the individual files is the same as if all the files were
+concatenated together in the order of parsing. If a config file is explicitly
+specified with a module option then the files in the above directory are not
+parsed.
The module must not be called by a multithreaded application.
@@ -2342,7 +2343,7 @@
Cannot read config file.
-PAM_SESSEION_ERR
+PAM_SESSION_ERR
Error recovering account name.
@@ -2427,7 +2428,7 @@
file=/path/filename
File containing one item per line. The file needs to be a plain file and
- not world writeable.
+ not world writable.
onerr=[succeed|fail]
@@ -2539,7 +2540,7 @@
PAM_SUCCESS
- The new localuser was set successfull.
+ The new localuser was set successfully.
PAM_SERVICE_ERR
@@ -2591,7 +2592,7 @@
PAM_SESSION_ERR
- An error occured during session management.
+ An error occurred during session management.
6.18.5. EXAMPLES
@@ -2713,7 +2714,7 @@
exist when the session begins. This allows users to be present in central
database (such as NIS, kerberos or LDAP) without using a distributed file
system or pre-creating a large number of directories. The skeleton directory
-(usually /etc/skel/) is used to copy default files and also set's a umask for
+(usually /etc/skel/) is used to copy default files and also sets a umask for
the creation.
The new users home directory will not be removed after logout of the user.
@@ -2788,8 +2789,8 @@
6.21.1. DESCRIPTION
pam_motd is a PAM module that can be used to display arbitrary motd (message of
-the day) files after a succesful login. By default the /etc/motd file is shown.
-The message size is limited to 64KB.
+the day) files after a successful login. By default the /etc/motd file is
+shown. The message size is limited to 64KB.
6.21.2. OPTIONS
@@ -2831,7 +2832,7 @@
instance of itself based on user name, or when using SELinux, user name,
security context or both. If an executable script /etc/security/namespace.init
exists, it is used to initialize the instance directory after it is set up and
-mounted on the polyinstantiated direcory. The script receives the
+mounted on the polyinstantiated directory. The script receives the
polyinstantiated directory path, the instance directory path, flag whether the
instance directory was newly created (0 for no, 1 for yes), and the user name
as its arguments.
@@ -2974,9 +2975,9 @@
no_unmount_on_close
For certain trusted programs such as newrole, open session is called from a
- child process while the parent perfoms close session and pam end functions.
- For these commands use this option to instruct pam_close_session to not
- unmount the bind mounted polyinstantiated directory in the parent.
+ child process while the parent performs close session and pam end
+ functions. For these commands use this option to instruct pam_close_session
+ to not unmount the bind mounted polyinstantiated directory in the parent.
use_current_context
@@ -3175,8 +3176,8 @@
change history and keep the user from alternating between the same password too
frequently.
-This module does not work togehter with kerberos. In general, it does not make
-much sense to use this module in conjuction with NIS or LDAP, since the old
+This module does not work together with kerberos. In general, it does not make
+much sense to use this module in conjunction with NIS or LDAP, since the old
passwords are stored on the local machine and are not available on another
machine for password history checking.
@@ -3507,7 +3508,7 @@
use_current_range
Use the sensitivity level of the current process for the user context
- instead of the default level. Also supresses asking of the sensitivity
+ instead of the default level. Also suppresses asking of the sensitivity
level from the user or obtaining it from PAM environment.
6.29.3. MODULE TYPES PROVIDED
@@ -3522,7 +3523,7 @@
PAM_SUCCESS
- The security context was set successfull.
+ The security context was set successfully.
PAM_USER_UNKNOWN
@@ -3703,7 +3704,7 @@
PAM_SERVICE_ERR
- A service error occured or the arguments can't be parsed correctly.
+ A service error occurred or the arguments can't be parsed correctly.
6.31.5. EXAMPLES
@@ -3760,7 +3761,7 @@
onerr=[fail|succeed]
If something weird happens (like unable to open the file), return with
- PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM
+ PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM
error code.
file=/path/to/counter
@@ -3804,7 +3805,7 @@
magic_root
If the module is invoked by a user with uid=0 the counter is not
- incremented. The sys-admin should use this for user launched services,
+ incremented. The sysadmin should use this for user launched services,
like su, otherwise this argument should be omitted.
no_lock_time
@@ -3831,14 +3832,14 @@
ACCOUNT OPTIONS
Account phase resets attempts counter if the user is not magic root. This
- phase can be used optionaly for services which don't call pam_setcred(3)
+ phase can be used optionally for services which don't call pam_setcred(3)
correctly or if the reset should be done regardless of the failure of the
account phase of other modules.
magic_root
If the module is invoked by a user with uid=0 the counter is not
- incremented. The sys-admin should use this for user launched services,
+ incremented. The sysadmin should use this for user launched services,
like su, otherwise this argument should be omitted.
no_reset
@@ -3853,12 +3854,12 @@
PAM_AUTH_ERR
- A invalid option was given, the module was not able to retrive the user
+ A invalid option was given, the module was not able to retrieve the user
name, no valid counter file was found, or too many failed logins.
PAM_SUCCESS
- Everything was successfull.
+ Everything was successful.
PAM_USER_UNKNOWN
@@ -3923,7 +3924,7 @@
onerr=[fail|succeed]
If something weird happens (like unable to open the file), return with
- PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM
+ PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM
error code.
file=/path/to/counter
@@ -3967,7 +3968,7 @@
magic_root
If the module is invoked by a user with uid=0 the counter is not
- incremented. The sys-admin should use this for user launched services,
+ incremented. The sysadmin should use this for user launched services,
like su, otherwise this argument should be omitted.
no_lock_time
@@ -3981,7 +3982,7 @@
root_unlock_time=n
This option implies even_deny_root option. Allow access after n seconds
- to root acccount after failed attempt. If this option is used the root
+ to root account after failed attempt. If this option is used the root
user will be locked out for the specified amount of time after he
exceeded his maximum allowed attempts.
@@ -3999,14 +4000,14 @@
ACCOUNT OPTIONS
Account phase resets attempts counter if the user is not magic root. This
- phase can be used optionaly for services which don't call pam_setcred(3)
+ phase can be used optionally for services which don't call pam_setcred(3)
correctly or if the reset should be done regardless of the failure of the
account phase of other modules.
magic_root
If the module is invoked by a user with uid=0 the counter is not
- changed. The sys-admin should use this for user launched services, like
+ changed. The sysadmin should use this for user launched services, like
su, otherwise this argument should be omitted.
6.33.3. MODULE TYPES PROVIDED
@@ -4017,12 +4018,12 @@
PAM_AUTH_ERR
- A invalid option was given, the module was not able to retrive the user
+ A invalid option was given, the module was not able to retrieve the user
name, no valid counter file was found, or too many failed logins.
PAM_SUCCESS
- Everything was successfull.
+ Everything was successful.
PAM_USER_UNKNOWN
@@ -4147,7 +4148,7 @@
debug
- Some debug informations are printed with syslog(3).
+ Some debug information is printed with syslog(3).
noaudit
@@ -4245,12 +4246,12 @@
PAM_AUTH_ERR
- The module was not able to retrive the user name or no valid timestamp file
- was found.
+ The module was not able to retrieve the user name or no valid timestamp
+ file was found.
PAM_SUCCESS
- Everything was successfull.
+ Everything was successful.
PAM_SESSION_ERR
@@ -4335,7 +4336,7 @@
PAM_SUCCESS
- The new umask was set successfull.
+ The new umask was set successfully.
PAM_SERVICE_ERR
@@ -4498,8 +4499,8 @@
broken_shadow
- Ignore errors reading shadow inforation for users in the account management
- module.
+ Ignore errors reading shadow information for users in the account
+ management module.
Invalid arguments are logged with syslog(3).
@@ -4794,14 +4795,14 @@
to as "cookies") between users.
Without pam_xauth, when xauth is enabled and a user uses the su(1) command to
-assume another user's priviledges, that user is no longer able to access the
+assume another user's privileges, that user is no longer able to access the
original user's X display because the new user does not have the key needed to
access the display. pam_xauth solves the problem by forwarding the key from the
user running su (the source user) to the user whose identity the source user is
assuming (the target user) when the session is created, and destroying the key
when the session is torn down.
-This means, for example, that when you run su(1) from an xterm sesssion, you
+This means, for example, that when you run su(1) from an xterm session, you
will be able to run X programs without explicitly dealing with the xauth(1)
xauth command or ~/.Xauthority files.
++++++ Linux-PAM-1.0.92-docs.tar.bz2 -> Linux-PAM-1.1.0.tar.bz2 ++++++
++++ 255944 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org