Hello community,
here is the log from the commit of package pam for openSUSE:Factory
checked in at Mon Jul 11 08:52:41 CEST 2011.
--------
--- pam/pam.changes 2011-05-26 11:37:35.000000000 +0200
+++ /mounts/work_src_done/STABLE/pam/pam.changes 2011-06-27 15:45:47.000000000 +0200
@@ -1,0 +2,10 @@
+Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de
+
+- Update to version 1.1.4
+ * pam_securetty: Honour console= kernel option, add noconsole option
+ * pam_limits: Add %group syntax, drop change_uid option, add set_all option
+ * Lot of small bug fixes
+ * Add support for libtirpc
+- Build against libtirpc
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
Linux-PAM-1.1.3-docs.tar.bz2
Linux-PAM-1.1.3.tar.bz2
pam_listfile-quiet.patch
New:
----
Linux-PAM-1.1.4-docs.tar.bz2
Linux-PAM-1.1.4.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam.spec ++++++
--- /var/tmp/diff_new_pack.JhWJC0/_old 2011-07-11 08:52:16.000000000 +0200
+++ /var/tmp/diff_new_pack.JhWJC0/_new 2011-07-11 08:52:16.000000000 +0200
@@ -23,10 +23,11 @@
Url: http://www.kernel.org/pub/linux/libs/pam/
BuildRequires: bison cracklib-devel db-devel flex
BuildRequires: audit-devel
+BuildRequires: libtirpc-devel
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
-%define libpam_so_version 0.83.0
+%define libpam_so_version 0.83.1
%define libpam_misc_so_version 0.82.0
%define libpamc_so_version 0.82.1
License: GPL-2.0+ or BSD-3-Clause
@@ -37,8 +38,8 @@
Obsoletes: pam-64bit
%endif
#
-Version: 1.1.3
-Release: 7
+Version: 1.1.4
+Release: 1
Summary: A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2
Source1: Linux-PAM-%{version}-docs.tar.bz2
@@ -51,8 +52,6 @@
Source8: etc.environment
Source9: baselibs.conf
Patch0: pam_tally-deprecated.diff
-# fix for bnc#673826 (pam_listfile logging)
-Patch1: pam_listfile-quiet.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -102,7 +101,6 @@
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%patch0 -p0
-%patch1 -p1
%build
CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \
++++++ Linux-PAM-1.1.3-docs.tar.bz2 -> Linux-PAM-1.1.4-docs.tar.bz2 ++++++
Files old/Linux-PAM-1.1.3/doc/adg/Linux-PAM_ADG.pdf and new/Linux-PAM-1.1.4/doc/adg/Linux-PAM_ADG.pdf differ
Files old/Linux-PAM-1.1.3/doc/mwg/Linux-PAM_MWG.pdf and new/Linux-PAM-1.1.4/doc/mwg/Linux-PAM_MWG.pdf differ
Files old/Linux-PAM-1.1.3/doc/sag/Linux-PAM_SAG.pdf and new/Linux-PAM-1.1.4/doc/sag/Linux-PAM_SAG.pdf differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.3/doc/sag/Linux-PAM_SAG.txt new/Linux-PAM-1.1.4/doc/sag/Linux-PAM_SAG.txt
--- old/Linux-PAM-1.1.3/doc/sag/Linux-PAM_SAG.txt 2010-10-27 16:01:32.000000000 +0200
+++ new/Linux-PAM-1.1.4/doc/sag/Linux-PAM_SAG.txt 2011-06-21 13:09:33.000000000 +0200
@@ -2150,8 +2150,8 @@
6.15. pam_limits - limit resources
-pam_limits.so [ change_uid ] [ conf=/path/to/limits.conf ] [ debug ] [
-utmp_early ] [ noaudit ]
+pam_limits.so [ conf=/path/to/limits.conf ] [ debug ] [ set_all ] [ utmp_early
+] [ noaudit ]
6.15.1. DESCRIPTION
@@ -2188,7 +2188,23 @@
● the wildcard *, for default entry.
● the wildcard %, for maxlogins limit only, can also be used with %group
- syntax.
+ syntax. If the % wildcard is used alone it is identical to using * with
+ maxsyslogins limit. With a group specified after % it limits the total
+ number of logins of all users that are member of the group.
+
+ ● an uid range specified as :. If min_uid is omitted,
+ the match is exact for the max_uid. If max_uid is omitted, all uids
+ greater than or equal min_uid match.
+
+ ● a gid range specified as @:. If min_gid is omitted,
+ the match is exact for the max_gid. If max_gid is omitted, all gids
+ greater than or equal min_gid match. For the exact match all groups
+ including the user's supplementary groups are examined. For the range
+ matches only the user's primary group is examined.
+
+ ● a gid specified as %:<gid> applicable to maxlogins limit only. It
+ limits the total number of logins of all users that are member of the
+ group with the specified gid.
<type>
@@ -2261,7 +2277,7 @@
maxsyslogins
- maximum number of logins on system
+ maximum number of all logins on system
priority
@@ -2276,7 +2292,7 @@
maximum number of pending signals (Linux 2.6 and higher)
- msqqueue
+ msgqueue
maximum memory used by POSIX message queues (bytes) (Linux 2.6 and
higher)
@@ -2314,12 +2330,6 @@
6.15.3. OPTIONS
-change_uid
-
- Change real uid to the user for who the limits are set up. Use this option
- if you have problems like login not forking a shell for user who has no
- processes. Be warned that something else may break when you do this.
-
conf=/path/to/limits.conf
Indicate an alternative limits.conf style configuration file to override
@@ -2329,6 +2339,11 @@
Print debug information.
+set_all
+
+ Set the limits for which no value is specified in the configuration file to
+ the one from the process with the PID 1.
+
utmp_early
Some broken applications actually allocate a utmp entry for the user before
@@ -2387,12 +2402,15 @@
limits.conf.
* soft core 0
-* hard rss 10000
+* hard nofile 512
@student hard nproc 20
@faculty soft nproc 20
@faculty hard nproc 50
ftp hard nproc 0
@student - maxlogins 4
+:123 hard cpu 5000
+@500: soft cpu 10000
+600:700 hard locks 10
6.15.8. AUTHORS
@@ -2843,7 +2861,8 @@
pam_namespace.so [ debug ] [ unmnt_remnt ] [ unmnt_only ] [ require_selinux ] [
gen_hash ] [ ignore_config_error ] [ ignore_instance_parent_mode ] [
-no_unmount_on_close ] [ use_current_context ] [ use_default_context ]
+no_unmount_on_close ] [ use_current_context ] [ use_default_context ] [
+mount_private ]
6.22.1. DESCRIPTION
@@ -3011,6 +3030,15 @@
context with setexeccon call. The module will use the default SELinux
context of the user for the level and context polyinstantiation.
+mount_private
+
+ This option can be used on systems where the / mount point or its submounts
+ are made shared (for example with a mount --make-rshared / command). The
+ module will make the polyinstantiated directory mount points private.
+ Normally the pam_namespace will try to detect the shared / mount point and
+ make the polyinstantiated directories private automatically. This option
+ has to be used just when only a subtree is shared and / is not.
+
6.22.4. MODULE TYPES PROVIDED
Only the session module type is provided. The module must not be called from
@@ -3093,7 +3121,7 @@
6.23.1. DESCRIPTION
pam_nologin is a PAM module that prevents users from logging into the system
-when /var/run/nologin or /etc/nologinexists. The contents of the file are
+when /var/run/nologin or /etc/nologin exists. The contents of the file are
displayed to the user. The pam_nologin module has no effect on the root user's
ability to log in.
@@ -3220,7 +3248,8 @@
remember=N
The last N passwords for each user are saved in /etc/security/opasswd. The
- default is 10.
+ default is 10. Value of 0 makes the module to keep the existing contents of
+ the opasswd file unchanged.
retry=N
@@ -3407,7 +3436,9 @@
pam_securetty is a PAM module that allows root logins only if the user is
logging in on a "secure" tty, as defined by the listing in /etc/securetty.
pam_securetty also checks to make sure that /etc/securetty is a plain file and
-not world writable.
+not world writable. It will also allow root logins on the tty specified with
+console= switch on the kernel command line and on ttys from the /sys/class/tty/
+console/active.
This module has no effect on non-root users and requires that the application
fills in the PAM_TTY item correctly.
@@ -3421,6 +3452,12 @@
Print debug information.
+noconsole
+
+ Do not automatically allow root logins on the kernel console device, as
+ specified on the kernel command line or by the sys file, if it is not also
+ specified in the /etc/securetty file.
+
6.28.3. MODULE TYPES PROVIDED
Only the auth module type is provided.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_limits.html new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_limits.html
--- old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_limits.html 2010-10-27 16:01:50.000000000 +0200
+++ new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_limits.html 2011-06-21 13:10:00.000000000 +0200
@@ -1,10 +1,10 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>6.15. pam_limits - limit resources</title><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-module-reference.html" title="Chapter 6. A reference guide for available modules"><link rel="prev" href="sag-pam_lastlog.html" title="6.14. pam_lastlog - display date of last login"><link rel="next" href="sag-pam_listfile.html" title="6.16. pam_listfile - deny or allow services based on an arbitrary file"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.15. pam_limits - limit resources</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-pam_lastlog.html">Prev</a> </td><th width="60%" align="center">Chapter 6. A reference guide for available modules</th><td width="20%" align="right"> <a accesskey="n" href="sag-pam_listfile.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-pam_limits"></a>6.15. pam_limits - limit resources</h2></div></div></div><div class="cmdsynopsis"><p><code class="command">pam_limits.so</code> [
- change_uid
- ] [
conf=<em class="replaceable"><code>/path/to/limits.conf</code></em>
] [
debug
] [
+ set_all
+ ] [
utmp_early
] [
noaudit
@@ -44,7 +44,25 @@
the wildcard <span class="emphasis"><em>*</em></span>, for default entry.
</p></li><li><p>
the wildcard <span class="emphasis"><em>%</em></span>, for maxlogins limit only,
- can also be used with <span class="emphasis"><em>%group</em></span> syntax.
+ can also be used with <span class="emphasis"><em>%group</em></span> syntax. If the
+ <span class="emphasis"><em>%</em></span> wildcard is used alone it is identical
+ to using <span class="emphasis"><em>*</em></span> with maxsyslogins limit. With
+ a group specified after <span class="emphasis"><em>%</em></span> it limits the total
+ number of logins of all users that are member of the group.
+ </p></li><li><p>
+ an uid range specified as <em class="replaceable"><code><min_uid></code></em><span class="emphasis"><em>:</em></span><em class="replaceable"><code><max_uid></code></em>. If min_uid
+ is omitted, the match is exact for the max_uid. If max_uid is omitted, all
+ uids greater than or equal min_uid match.
+ </p></li><li><p>
+ a gid range specified as <span class="emphasis"><em>@</em></span><em class="replaceable"><code><min_gid></code></em><span class="emphasis"><em>:</em></span><em class="replaceable"><code><max_gid></code></em>. If min_gid
+ is omitted, the match is exact for the max_gid. If max_gid is omitted, all
+ gids greater than or equal min_gid match. For the exact match all groups including
+ the user's supplementary groups are examined. For the range matches only
+ the user's primary group is examined.
+ </p></li><li><p>
+ a gid specified as <span class="emphasis"><em>%:</em></span><em class="replaceable"><code><gid></code></em> applicable
+ to maxlogins limit only. It limits the total number of logins of all users
+ that are member of the group with the specified gid.
</p></li></ul></div></dd><dt><span class="term">
<code class="option"><type></code>
</span></dt><dd><div class="variablelist"><dl><dt><span class="term"><code class="option">hard</code></span></dt><dd><p>
@@ -67,8 +85,8 @@
</p></dd></dl></div></dd><dt><span class="term">
<code class="option"><item></code>
</span></dt><dd><div class="variablelist"><dl><dt><span class="term"><code class="option">core</code></span></dt><dd><p>limits the core file size (KB)</p></dd><dt><span class="term"><code class="option">data</code></span></dt><dd><p>maximum data size (KB)</p></dd><dt><span class="term"><code class="option">fsize</code></span></dt><dd><p>maximum filesize (KB)</p></dd><dt><span class="term"><code class="option">memlock</code></span></dt><dd><p>maximum locked-in-memory address space (KB)</p></dd><dt><span class="term"><code class="option">nofile</code></span></dt><dd><p>maximum number of open files</p></dd><dt><span class="term"><code class="option">rss</code></span></dt><dd><p>maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher)</p></dd><dt><span class="term"><code class="option">stack</code></span></dt><dd><p>maximum stack size (KB)</p></dd><dt><span class="term"><code class="option">cpu</code></span></dt><dd><p>maximum CPU time (minutes)</p></dd><dt><span class="term"><code class="option">nproc</code></span></dt><dd><p>maximum number of processes</p></dd><dt><span class="term"><code class="option">as</code></span></dt><dd><p>address space limit (KB)</p></dd><dt><span class="term"><code class="option">maxlogins</code></span></dt><dd><p>maximum number of logins for this user except
- for this with <span class="emphasis"><em>uid=0</em></span></p></dd><dt><span class="term"><code class="option">maxsyslogins</code></span></dt><dd><p>maximum number of logins on system</p></dd><dt><span class="term"><code class="option">priority</code></span></dt><dd><p>the priority to run user process with (negative
- values boost process priority)</p></dd><dt><span class="term"><code class="option">locks</code></span></dt><dd><p>maximum locked files (Linux 2.4 and higher)</p></dd><dt><span class="term"><code class="option">sigpending</code></span></dt><dd><p>maximum number of pending signals (Linux 2.6 and higher)</p></dd><dt><span class="term"><code class="option">msqqueue</code></span></dt><dd><p>maximum memory used by POSIX message queues (bytes)
+ for this with <span class="emphasis"><em>uid=0</em></span></p></dd><dt><span class="term"><code class="option">maxsyslogins</code></span></dt><dd><p>maximum number of all logins on system</p></dd><dt><span class="term"><code class="option">priority</code></span></dt><dd><p>the priority to run user process with (negative
+ values boost process priority)</p></dd><dt><span class="term"><code class="option">locks</code></span></dt><dd><p>maximum locked files (Linux 2.4 and higher)</p></dd><dt><span class="term"><code class="option">sigpending</code></span></dt><dd><p>maximum number of pending signals (Linux 2.6 and higher)</p></dd><dt><span class="term"><code class="option">msgqueue</code></span></dt><dd><p>maximum memory used by POSIX message queues (bytes)
(Linux 2.6 and higher)</p></dd><dt><span class="term"><code class="option">nice</code></span></dt><dd><p>maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19]</p></dd><dt><span class="term"><code class="option">rtprio</code></span></dt><dd><p>maximum realtime priority allowed for non-privileged processes
(Linux 2.6.12 and higher)</p></dd></dl></div></dd></dl></div><p>
All items support the values <span class="emphasis"><em>-1</em></span>,
@@ -97,13 +115,6 @@
The pam_limits module does report configuration problems
found in its configuration file and errors via <span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_limits-options"></a>6.15.3. OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
- <code class="option">change_uid</code>
- </span></dt><dd><p>
- Change real uid to the user for who the limits are set up. Use this
- option if you have problems like login not forking a shell for user
- who has no processes. Be warned that something else may break when
- you do this.
- </p></dd><dt><span class="term">
<code class="option">conf=<em class="replaceable"><code>/path/to/limits.conf</code></em></code>
</span></dt><dd><p>
Indicate an alternative limits.conf style configuration file to
@@ -113,6 +124,12 @@
</span></dt><dd><p>
Print debug information.
</p></dd><dt><span class="term">
+ <code class="option">set_all</code>
+ </span></dt><dd><p>
+ Set the limits for which no value is specified in the
+ configuration file to the one from the process with the
+ PID 1.
+ </p></dd><dt><span class="term">
<code class="option">utmp_early</code>
</span></dt><dd><p>
Some broken applications actually allocate a utmp entry for
@@ -146,12 +163,15 @@
<code class="filename">/etc/security/limits.conf</code>.
</p><pre class="programlisting">
* soft core 0
-* hard rss 10000
+* hard nofile 512
@student hard nproc 20
@faculty soft nproc 20
@faculty hard nproc 50
ftp hard nproc 0
@student - maxlogins 4
+:123 hard cpu 5000
+@500: soft cpu 10000
+600:700 hard locks 10
</pre></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_limits-authors"></a>6.15.8. AUTHORS</h3></div></div></div><p>
pam_limits was initially written by Cristian Gafton <gafton@redhat.com>
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-pam_lastlog.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sag-module-reference.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sag-pam_listfile.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">6.14. pam_lastlog - display date of last login </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top"> 6.16. pam_listfile - deny or allow services based on an arbitrary file</td></tr></table></div></body></html>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_namespace.html new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_namespace.html
--- old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_namespace.html 2010-10-27 16:01:51.000000000 +0200
+++ new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_namespace.html 2011-06-21 13:10:01.000000000 +0200
@@ -18,6 +18,8 @@
use_current_context
] [
use_default_context
+ ] [
+ mount_private
]</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_namespace-description"></a>6.22.1. DESCRIPTION</h3></div></div></div><p>
The pam_namespace PAM module sets up a private namespace for a session
with polyinstantiated directories. A polyinstantiated directory
@@ -207,6 +209,17 @@
the SELinux context with setexeccon call. The module will use
the default SELinux context of the user for the level and context
polyinstantiation.
+ </p></dd><dt><span class="term">
+ <code class="option">mount_private</code>
+ </span></dt><dd><p>
+ This option can be used on systems where the / mount point or
+ its submounts are made shared (for example with a
+ <span class="command"><strong>mount --make-rshared /</strong></span> command).
+ The module will make the polyinstantiated directory mount points
+ private. Normally the pam_namespace will try to detect the
+ shared / mount point and make the polyinstantiated directories
+ private automatically. This option has to be used just when
+ only a subtree is shared and / is not.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_namespace-types"></a>6.22.4. MODULE TYPES PROVIDED</h3></div></div></div><p>
Only the <code class="option">session</code> module type is provided.
The module must not be called from multithreaded processes.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_nologin.html new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_nologin.html
--- old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_nologin.html 2010-10-27 16:01:51.000000000 +0200
+++ new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_nologin.html 2011-06-21 13:10:02.000000000 +0200
@@ -5,7 +5,7 @@
]</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_nologin-description"></a>6.23.1. DESCRIPTION</h3></div></div></div><p>
pam_nologin is a PAM module that prevents users from logging into
the system when <code class="filename">/var/run/nologin</code> or
- <code class="filename">/etc/nologin</code>exists. The contents
+ <code class="filename">/etc/nologin</code> exists. The contents
of the file are displayed to the user. The pam_nologin module
has no effect on the root user's ability to log in.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_nologin-options"></a>6.23.2. OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_pwhistory.html new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_pwhistory.html
--- old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_pwhistory.html 2010-10-27 16:01:51.000000000 +0200
+++ new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_pwhistory.html 2011-06-21 13:10:02.000000000 +0200
@@ -41,7 +41,9 @@
</span></dt><dd><p>
The last <em class="replaceable"><code>N</code></em> passwords for each
user are saved in <code class="filename">/etc/security/opasswd</code>.
- The default is <span class="emphasis"><em>10</em></span>.
+ The default is <span class="emphasis"><em>10</em></span>. Value of
+ <span class="emphasis"><em>0</em></span> makes the module to keep the existing
+ contents of the <code class="filename">opasswd</code> file unchanged.
</p></dd><dt><span class="term">
<code class="option">retry=<em class="replaceable"><code>N</code></em></code>
</span></dt><dd><p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_securetty.html new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_securetty.html
--- old/Linux-PAM-1.1.3/doc/sag/html/sag-pam_securetty.html 2010-10-27 16:01:52.000000000 +0200
+++ new/Linux-PAM-1.1.4/doc/sag/html/sag-pam_securetty.html 2011-06-21 13:10:03.000000000 +0200
@@ -5,7 +5,10 @@
user is logging in on a "secure" tty, as defined by the listing
in <code class="filename">/etc/securetty</code>. pam_securetty also checks
to make sure that <code class="filename">/etc/securetty</code> is a plain
- file and not world writable.
+ file and not world writable. It will also allow root logins on
+ the tty specified with <code class="option">console=</code> switch on the
+ kernel command line and on ttys from the
+ <code class="filename">/sys/class/tty/console/active</code>.
</p><p>
This module has no effect on non-root users and requires that the
application fills in the <span class="emphasis"><em>PAM_TTY</em></span>
@@ -19,6 +22,13 @@
<code class="option">debug</code>
</span></dt><dd><p>
Print debug information.
+ </p></dd><dt><span class="term">
+ <code class="option">noconsole</code>
+ </span></dt><dd><p>
+ Do not automatically allow root logins on the kernel console
+ device, as specified on the kernel command line or by the sys file,
+ if it is not also specified in the
+ <code class="filename">/etc/securetty</code> file.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_securetty-types"></a>6.28.3. MODULE TYPES PROVIDED</h3></div></div></div><p>
Only the <code class="option">auth</code> module type is provided.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_securetty-return_values"></a>6.28.4. RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.3/doc/specs/draft-morgan-pam-current.txt new/Linux-PAM-1.1.4/doc/specs/draft-morgan-pam-current.txt
--- old/Linux-PAM-1.1.3/doc/specs/draft-morgan-pam-current.txt 2010-10-27 16:01:13.000000000 +0200
+++ new/Linux-PAM-1.1.4/doc/specs/draft-morgan-pam-current.txt 2011-06-21 13:09:03.000000000 +0200
@@ -761,4 +761,4 @@
Andrew G. Morgan
Email: morgan@kernel.org
- $Id: draft-morgan-pam.raw,v 1.2 2001/12/08 18:56:47 agmorgan Exp $
+ $Id$
++++++ Linux-PAM-1.1.3-docs.tar.bz2 -> Linux-PAM-1.1.4.tar.bz2 ++++++
++++ 261195 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org