diff options
| author | Sam Hartman <hartmans@debian.org> | 2023-09-11 14:25:48 -0600 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2023-09-11 14:25:48 -0600 |
| commit | 7ae7ed41ad1d32a258fd8ab2c48a0c2920f06db7 (patch) | |
| tree | a147944bd7566bdd7231f249a777fcc1084b7d37 | |
| parent | 42408448b00a7a2150b5853dc4f63296b6827e0e (diff) | |
WIP initial set of 1.5.3 patches
Just an initial rebase of the patches against 1.5.3.
* I'm not sure I handled pam_wheel correctly
* I removed most of the generated nroff man page patches; my plan is to add a single patch at the end that includes the nroff manpage updates.
24 files changed, 2845 insertions, 1834 deletions
diff --git a/debian/patches/007_modules_pam_unix b/debian/patches/007_modules_pam_unix index 218379c0..0158a4db 100644 --- a/debian/patches/007_modules_pam_unix +++ b/debian/patches/007_modules_pam_unix @@ -1,224 +1,84 @@ -Index: pam/modules/pam_unix/pam_unix_passwd.c +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _modules_pam_unix + =================================================================== ---- pam.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam/modules/pam_unix/pam_unix_passwd.c -@@ -95,6 +95,9 @@ - # endif /* GNU libc 2.1 */ - #endif - -+extern const char *obscure_msg(const char *, const char *, const struct passwd *, -+ unsigned int); -+ - /* - How it works: - Gets in username (has to be done) from the calling program -@@ -593,6 +596,11 @@ - return retval; - } - } -+ if (!remark && pass_old != NULL) { /* only check if we don't already have a failure */ -+ struct passwd *pwd; -+ pwd = pam_modutil_getpwnam(pamh, user); -+ remark = (char *)obscure_msg(pass_old,pass_new,pwd,ctrl); /* do obscure checks */ -+ } - } - if (remark) { - _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); -@@ -608,7 +616,7 @@ - int retval; - int remember = -1; - int rounds = 0; -- int pass_min_len = 0; -+ int pass_min_len = 6; +--- + modules/pam_unix/Makefile.am | 2 +- + modules/pam_unix/README | 36 ++++++- + modules/pam_unix/obscure.c | 198 +++++++++++++++++++++++++++++++++++++ + modules/pam_unix/pam_unix.8 | 33 ++++++- + modules/pam_unix/pam_unix.8.xml | 77 ++++++++++++++- + modules/pam_unix/pam_unix_passwd.c | 10 +- + modules/pam_unix/support.h | 78 ++++++++------- + 7 files changed, 389 insertions(+), 45 deletions(-) + create mode 100644 modules/pam_unix/obscure.c + +diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am +index a1dfe44..ddba63c 100644 +--- a/modules/pam_unix/Makefile.am ++++ b/modules/pam_unix/Makefile.am +@@ -43,7 +43,7 @@ noinst_PROGRAMS = bigcrypt - /* <DO NOT free() THESE> */ - const char *user; -Index: pam/modules/pam_unix/support.h -=================================================================== ---- pam.orig/modules/pam_unix/support.h -+++ pam/modules/pam_unix/support.h -@@ -101,50 +101,52 @@ - #define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ - #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ - #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ -+#define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */ - /* -------------- */ --#define UNIX_CTRLS_ 34 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */ + pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ +- passverify.c md5_good.c md5_broken.c ++ passverify.c md5_good.c md5_broken.c obscure.c + if HAVE_NIS + pam_unix_la_SOURCES += yppasswd_xdr.c + endif +diff --git a/modules/pam_unix/README b/modules/pam_unix/README +index 67a2d21..be11095 100644 +--- a/modules/pam_unix/README ++++ b/modules/pam_unix/README +@@ -171,8 +171,40 @@ broken_shadow - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) + minlen=n - static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = - { --/* symbol token name ctrl mask ctrl * -- * --------------------------- -------------------- ------------------------- ---------------- */ -+/* symbol token name ctrl mask ctrl * -+ * --------------------------- -------------------- ------------------------- ------------ */ +- Set a minimum password length of n characters. The max. for DES crypt based +- passwords are 8 characters. ++ Set a minimum password length of n characters. The default value is 6. The ++ maximum for DES crypt-based passwords is 8 characters. ++ ++obscure ++ ++ Enable some extra checks on password strength. These checks are based on ++ the "obscure" checks in the original shadow package. The behavior is ++ similar to the pam_cracklib module, but for non-dictionary-based checks. ++ The following checks are implemented: ++ ++ Palindrome ++ ++ Verifies that the new password is not a palindrome of (i.e., the ++ reverse of) the previous one. ++ ++ Case Change Only ++ ++ Verifies that the new password isn't the same as the old one with a ++ change of case. ++ ++ Similar ++ ++ Verifies that the new password isn't too much like the previous one. ++ ++ Simple ++ ++ Is the new password too simple? This is based on the length of the ++ password and the number of different types of characters (alpha, ++ numeric, etc.) used. ++ ++ Rotated ++ ++ Is the new password a rotated version of the old password? (E.g., ++ "billy" and "illyb") --/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, --/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, --/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, --/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, --/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060ULL), 020, 0}, --/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060ULL), 040, 0}, --/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, --/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600ULL), 0200, 0}, --/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600ULL), 0400, 0}, --/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, --/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, --/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, --/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, --/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(015660420000ULL), 020000, 1}, --/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000ULL), 0, 0}, --/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, --/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, --/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, --/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(015660420000ULL), 0400000, 1}, --/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, --/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, --/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, --/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, --/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(015660420000ULL), 020000000, 1}, --/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(015660420000ULL), 040000000, 1}, --/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, --/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(015660420000ULL), 0200000000, 1}, --/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, --/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, --/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, --/* UNIX_DES */ {"des", _ALL_ON_^(015660420000ULL), 0, 1}, --/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1}, --/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1}, --/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 020000000000, 0}, -+/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, -+/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, -+/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, -+/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, -+/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30ULL), 0x10, 0}, -+/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30ULL), 0x20, 0}, -+/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0}, -+/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180ULL), 0x80, 0}, -+/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180ULL), 0x100, 0}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, -+/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, -+/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, -+/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, -+/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x6EC22000ULL), 0x2000, 1}, -+/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200ULL), 0, 0}, -+/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, -+/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, -+/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, -+/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x6EC22000ULL), 0x20000, 1}, -+/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, -+/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, -+/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, -+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, -+/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x6EC22000ULL), 0x400000, 1}, -+/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x6EC22000ULL), 0x800000, 1}, -+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, -+/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x6EC22000ULL), 0x2000000, 1}, -+/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, -+/* UNIX_QUIET */ {"quiet", _ALL_ON_, 0x8000000, 0}, -+/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0}, -+/* UNIX_DES */ {"des", _ALL_ON_^(0x6EC22000ULL), 0, 1}, -+/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x20000000, 1}, -+/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1}, -+/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0}, -+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0}, - }; + no_pass_expiry - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -Index: pam/modules/pam_unix/pam_unix.8.xml -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8.xml -+++ pam/modules/pam_unix/pam_unix.8.xml -@@ -400,8 +400,81 @@ - <listitem> - <para> - Set a minimum password length of <replaceable>n</replaceable> -- characters. The max. for DES crypt based passwords are 8 -- characters. -+ characters. The default value is 6. The maximum for DES -+ crypt-based passwords is 8 characters. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>obscure</option> -+ </term> -+ <listitem> -+ <para> -+ Enable some extra checks on password strength. These checks -+ are based on the "obscure" checks in the original shadow -+ package. The behavior is similar to the pam_cracklib -+ module, but for non-dictionary-based checks. The following -+ checks are implemented: -+ <variablelist> -+ <varlistentry> -+ <term> -+ <option>Palindrome</option> -+ </term> -+ <listitem> -+ <para> -+ Verifies that the new password is not a palindrome -+ of (i.e., the reverse of) the previous one. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>Case Change Only</option> -+ </term> -+ <listitem> -+ <para> -+ Verifies that the new password isn't the same as the -+ old one with a change of case. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>Similar</option> -+ </term> -+ <listitem> -+ <para> -+ Verifies that the new password isn't too much like -+ the previous one. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>Simple</option> -+ </term> -+ <listitem> -+ <para> -+ Is the new password too simple? This is based on -+ the length of the password and the number of -+ different types of characters (alpha, numeric, etc.) -+ used. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>Rotated</option> -+ </term> -+ <listitem> -+ <para> -+ Is the new password a rotated version of the old -+ password? (E.g., "billy" and "illyb") -+ </para> -+ </listitem> -+ </varlistentry> -+ </variablelist> - </para> - </listitem> - </varlistentry> -Index: pam/modules/pam_unix/obscure.c -=================================================================== +diff --git a/modules/pam_unix/obscure.c b/modules/pam_unix/obscure.c +new file mode 100644 +index 0000000..2ffac92 --- /dev/null -+++ pam/modules/pam_unix/obscure.c ++++ b/modules/pam_unix/obscure.c @@ -0,0 +1,198 @@ +/* + * Copyright 1989 - 1994, Julianne Frances Haugh @@ -418,24 +278,11 @@ Index: pam/modules/pam_unix/obscure.c + + return msg; +} -Index: pam/modules/pam_unix/Makefile.am -=================================================================== ---- pam.orig/modules/pam_unix/Makefile.am -+++ pam/modules/pam_unix/Makefile.am -@@ -39,7 +39,7 @@ - - pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ - pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ -- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c -+ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c - - bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c - bigcrypt_CFLAGS = $(AM_CFLAGS) -Index: pam/modules/pam_unix/pam_unix.8 -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8 -+++ pam/modules/pam_unix/pam_unix.8 -@@ -216,7 +216,38 @@ +diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8 +index 438717f..6f5f19b 100644 +--- a/modules/pam_unix/pam_unix.8 ++++ b/modules/pam_unix/pam_unix.8 +@@ -216,7 +216,38 @@ minlen=n .RS 4 Set a minimum password length of \fIn\fR @@ -474,51 +321,222 @@ Index: pam/modules/pam_unix/pam_unix.8 +.sp .RE .PP - \fBno_pass_expiry\fR -Index: pam/modules/pam_unix/README -=================================================================== ---- pam.orig/modules/pam_unix/README -+++ pam/modules/pam_unix/README -@@ -171,8 +171,40 @@ - - minlen=n + no_pass_expiry +diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml +index dfc0427..4e63a49 100644 +--- a/modules/pam_unix/pam_unix.8.xml ++++ b/modules/pam_unix/pam_unix.8.xml +@@ -397,8 +397,81 @@ + <listitem> + <para> + Set a minimum password length of <replaceable>n</replaceable> +- characters. The max. for DES crypt based passwords are 8 +- characters. ++ characters. The default value is 6. The maximum for DES ++ crypt-based passwords is 8 characters. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>obscure</option> ++ </term> ++ <listitem> ++ <para> ++ Enable some extra checks on password strength. These checks ++ are based on the "obscure" checks in the original shadow ++ package. The behavior is similar to the pam_cracklib ++ module, but for non-dictionary-based checks. The following ++ checks are implemented: ++ <variablelist> ++ <varlistentry> ++ <term> ++ <option>Palindrome</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password is not a palindrome ++ of (i.e., the reverse of) the previous one. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Case Change Only</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password isn't the same as the ++ old one with a change of case. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Similar</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password isn't too much like ++ the previous one. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Simple</option> ++ </term> ++ <listitem> ++ <para> ++ Is the new password too simple? This is based on ++ the length of the password and the number of ++ different types of characters (alpha, numeric, etc.) ++ used. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Rotated</option> ++ </term> ++ <listitem> ++ <para> ++ Is the new password a rotated version of the old ++ password? (E.g., "billy" and "illyb") ++ </para> ++ </listitem> ++ </varlistentry> ++ </variablelist> + </para> + </listitem> + </varlistentry> +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index c341741..652f3c5 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -86,6 +86,9 @@ extern int getrpcport(const char *host, unsigned long prognum, + # endif /* GNU libc 2.1 */ + #endif -- Set a minimum password length of n characters. The max. for DES crypt based -- passwords are 8 characters. -+ Set a minimum password length of n characters. The default value is 6. The -+ maximum for DES crypt-based passwords is 8 characters. -+ -+obscure -+ -+ Enable some extra checks on password strength. These checks are based on -+ the "obscure" checks in the original shadow package. The behavior is -+ similar to the pam_cracklib module, but for non-dictionary-based checks. -+ The following checks are implemented: -+ -+ Palindrome -+ -+ Verifies that the new password is not a palindrome of (i.e., the -+ reverse of) the previous one. -+ -+ Case Change Only -+ -+ Verifies that the new password isn't the same as the old one with a -+ change of case. -+ -+ Similar -+ -+ Verifies that the new password isn't too much like the previous one. -+ -+ Simple -+ -+ Is the new password too simple? This is based on the length of the -+ password and the number of different types of characters (alpha, -+ numeric, etc.) used. -+ -+ Rotated ++extern const char *obscure_msg(const char *, const char *, const struct passwd *, ++ unsigned int); + -+ Is the new password a rotated version of the old password? (E.g., -+ "billy" and "illyb") + /* + How it works: + Gets in username (has to be done) from the calling program +@@ -584,6 +587,11 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh + return retval; + } + } ++ if (!remark && pass_old != NULL) { /* only check if we don't already have a failure */ ++ struct passwd *pwd; ++ pwd = pam_modutil_getpwnam(pamh, user); ++ remark = (char *)obscure_msg(pass_old,pass_new,pwd,ctrl); /* do obscure checks */ ++ } + } + if (remark) { + _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); +@@ -599,7 +607,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + int retval; + int remember = -1; + int rounds = 0; +- int pass_min_len = 0; ++ int pass_min_len = 6; - no_pass_expiry + /* <DO NOT free() THESE> */ + const char *user; +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index 8105400..91e7478 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -101,50 +101,52 @@ typedef struct { + #define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ + #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ + #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ ++#define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */ + /* -------------- */ +-#define UNIX_CTRLS_ 34 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */ + + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) + + static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = + { +-/* symbol token name ctrl mask ctrl * +- * --------------------------- -------------------- ------------------------- ---------------- */ +- +-/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, +-/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, +-/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, +-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, +-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060ULL), 020, 0}, +-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060ULL), 040, 0}, +-/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, +-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600ULL), 0200, 0}, +-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600ULL), 0400, 0}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, +-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, +-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, +-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, +-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(015660420000ULL), 020000, 1}, +-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000ULL), 0, 0}, +-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, +-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, +-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, +-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(015660420000ULL), 0400000, 1}, +-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, +-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, +-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, +-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, +-/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(015660420000ULL), 020000000, 1}, +-/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(015660420000ULL), 040000000, 1}, +-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, +-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(015660420000ULL), 0200000000, 1}, +-/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, +-/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, +-/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, +-/* UNIX_DES */ {"des", _ALL_ON_^(015660420000ULL), 0, 1}, +-/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1}, +-/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1}, +-/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 020000000000, 0}, ++/* symbol token name ctrl mask ctrl * ++ * --------------------------- -------------------- ------------------------- ------------ */ ++ ++/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, ++/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, ++/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, ++/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, ++/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30ULL), 0x10, 0}, ++/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30ULL), 0x20, 0}, ++/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0}, ++/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180ULL), 0x80, 0}, ++/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180ULL), 0x100, 0}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, ++/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, ++/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, ++/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, ++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x6EC22000ULL), 0x2000, 1}, ++/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200ULL), 0, 0}, ++/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, ++/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, ++/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, ++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x6EC22000ULL), 0x20000, 1}, ++/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, ++/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, ++/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, ++/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, ++/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x6EC22000ULL), 0x400000, 1}, ++/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x6EC22000ULL), 0x800000, 1}, ++/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, ++/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x6EC22000ULL), 0x2000000, 1}, ++/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, ++/* UNIX_QUIET */ {"quiet", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(0x6EC22000ULL), 0, 1}, ++/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x20000000, 1}, ++/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1}, ++/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0}, ++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0}, + }; + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) diff --git a/debian/patches/008_modules_pam_limits_chroot b/debian/patches/008_modules_pam_limits_chroot index 7a86fdd5..2b414302 100644 --- a/debian/patches/008_modules_pam_limits_chroot +++ b/debian/patches/008_modules_pam_limits_chroot @@ -1,8 +1,73 @@ -Index: pam/modules/pam_limits/pam_limits.c +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _modules_pam_limits_chroot + =================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -90,6 +90,7 @@ +--- + modules/pam_limits/limits.conf | 2 ++ + modules/pam_limits/limits.conf.5 | 5 +++++ + modules/pam_limits/limits.conf.5.xml | 6 ++++++ + modules/pam_limits/pam_limits.c | 25 ++++++++++++++++++++++--- + 4 files changed, 35 insertions(+), 3 deletions(-) + +diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf +index e8a746c..9b1d624 100644 +--- a/modules/pam_limits/limits.conf ++++ b/modules/pam_limits/limits.conf +@@ -46,6 +46,7 @@ + # - msgqueue - max memory used by POSIX message queues (bytes) + # - nice - max nice priority allowed to raise to values: [-20, 19] + # - rtprio - max realtime priority ++# - chroot - change root to directory (Debian-specific) + # + #<domain> <type> <item> <value> + # +@@ -56,6 +57,7 @@ + #@faculty soft nproc 20 + #@faculty hard nproc 50 + #ftp hard nproc 0 ++#ftp - chroot /ftp + #@student - maxlogins 4 + + # End of file +diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5 +index 25f4459..f197ccd 100644 +--- a/modules/pam_limits/limits.conf.5 ++++ b/modules/pam_limits/limits.conf.5 +@@ -279,6 +279,11 @@ rtprio + .RS 4 + maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) + .RE ++.PP ++\fBchroot\fR ++.RS 4 ++the directory to chroot the user to ++.RE + .RE + .PP + All items support the values +diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml +index 2177da1..506afda 100644 +--- a/modules/pam_limits/limits.conf.5.xml ++++ b/modules/pam_limits/limits.conf.5.xml +@@ -266,6 +266,12 @@ + (Linux 2.6.12 and higher)</para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term><option>chroot</option></term> ++ <listitem> ++ <para>the directory to chroot the user to</para> ++ </listitem> ++ </varlistentry> + </variablelist> + </listitem> + </varlistentry> +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 87bb4b7..39d99f4 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -94,6 +94,7 @@ struct pam_limit_s { specific user or to count all logins */ int priority; /* the priority to run user process with */ int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */ @@ -10,7 +75,7 @@ Index: pam/modules/pam_limits/pam_limits.c struct user_limits_struct limits[RLIM_NLIMITS]; const char *conf_file; int utmp_after_pam_call; -@@ -101,6 +102,7 @@ +@@ -105,6 +106,7 @@ struct pam_limit_s { #define LIMIT_PRI RLIM_NLIMITS+3 #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4 @@ -18,7 +83,7 @@ Index: pam/modules/pam_limits/pam_limits.c #define LIMIT_SOFT 1 #define LIMIT_HARD 2 -@@ -484,6 +486,8 @@ +@@ -493,6 +495,8 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) pl->login_limit = -2; pl->login_limit_def = LIMITS_DEF_NONE; @@ -27,7 +92,7 @@ Index: pam/modules/pam_limits/pam_limits.c return retval; } -@@ -591,6 +595,8 @@ +@@ -600,6 +604,8 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, limit_item = LIMIT_PRI; } else if (strcmp(lim_item, "nonewprivs") == 0) { limit_item = LIMIT_NONEWPRIVS; @@ -36,7 +101,7 @@ Index: pam/modules/pam_limits/pam_limits.c } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; -@@ -640,9 +646,9 @@ +@@ -649,9 +655,9 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); @@ -48,7 +113,7 @@ Index: pam/modules/pam_limits/pam_limits.c #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else -@@ -717,7 +723,11 @@ +@@ -726,7 +732,11 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, break; } @@ -61,7 +126,7 @@ Index: pam/modules/pam_limits/pam_limits.c && (limit_item != LIMIT_NUMSYSLOGINS) && (limit_item != LIMIT_PRI) && (limit_item != LIMIT_NONEWPRIVS) ) { -@@ -1071,6 +1081,15 @@ +@@ -1084,6 +1094,15 @@ static int setup_limits(pam_handle_t *pamh, } } @@ -77,56 +142,3 @@ Index: pam/modules/pam_limits/pam_limits.c return retval; } -Index: pam/modules/pam_limits/limits.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5.xml -+++ pam/modules/pam_limits/limits.conf.5.xml -@@ -273,6 +273,12 @@ - (Linux 2.6.12 and higher)</para> - </listitem> - </varlistentry> -+ <varlistentry> -+ <term><option>chroot</option></term> -+ <listitem> -+ <para>the directory to chroot the user to</para> -+ </listitem> -+ </varlistentry> - </variablelist> - </listitem> - </varlistentry> -Index: pam/modules/pam_limits/limits.conf.5 -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5 -+++ pam/modules/pam_limits/limits.conf.5 -@@ -279,6 +279,11 @@ - .RS 4 - maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) - .RE -+.PP -+\fBchroot\fR -+.RS 4 -+the directory to chroot the user to -+.RE - .RE - .PP - All items support the values -Index: pam/modules/pam_limits/limits.conf -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf -+++ pam/modules/pam_limits/limits.conf -@@ -46,6 +46,7 @@ - # - msgqueue - max memory used by POSIX message queues (bytes) - # - nice - max nice priority allowed to raise to values: [-20, 19] - # - rtprio - max realtime priority -+# - chroot - change root to directory (Debian-specific) - # - #<domain> <type> <item> <value> - # -@@ -56,6 +57,7 @@ - #@faculty soft nproc 20 - #@faculty hard nproc 50 - #ftp hard nproc 0 -+#ftp - chroot /ftp - #@student - maxlogins 4 - - # End of file diff --git a/debian/patches/021_nis_cleanup b/debian/patches/021_nis_cleanup index f05c7103..5b0590af 100644 --- a/debian/patches/021_nis_cleanup +++ b/debian/patches/021_nis_cleanup @@ -1,13 +1,20 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _nis_cleanup + Patch from Philippe Troin <phil@fifi.org> Originally this included a bunch of changes to locking, but the more recent code pulled from Linux_pam CVS seems to fix that issue. +--- + modules/pam_unix/pam_unix_passwd.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) -Index: pam/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam/modules/pam_unix/pam_unix_passwd.c -@@ -708,9 +708,12 @@ +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 652f3c5..5b81343 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -699,9 +699,12 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) "password - (old) token not obtained"); return retval; } diff --git a/debian/patches/022_pam_unix_group_time_miscfixes b/debian/patches/022_pam_unix_group_time_miscfixes index 8239fd98..1c8c3b67 100644 --- a/debian/patches/022_pam_unix_group_time_miscfixes +++ b/debian/patches/022_pam_unix_group_time_miscfixes @@ -1,12 +1,18 @@ -Description: handle the case of flags being empty or only PAM_SILENT, which is - documented in other PAM implementations as meaning PAM_ESTABLISH_CRED: - http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: handle the case of flags being empty or only PAM_SILENT, which is -Index: pam/modules/pam_group/pam_group.c -=================================================================== ---- pam.orig/modules/pam_group/pam_group.c -+++ pam/modules/pam_group/pam_group.c -@@ -754,9 +754,12 @@ +documented in other PAM implementations as meaning PAM_ESTABLISH_CRED: +http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm +--- + modules/pam_group/pam_group.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c +index 6877849..7d11f59 100644 +--- a/modules/pam_group/pam_group.c ++++ b/modules/pam_group/pam_group.c +@@ -773,9 +773,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, unsigned setting; /* only interested in establishing credentials */ diff --git a/debian/patches/026_pam_unix_passwd_unknown_user b/debian/patches/026_pam_unix_passwd_unknown_user index d277fee9..45967e1d 100644 --- a/debian/patches/026_pam_unix_passwd_unknown_user +++ b/debian/patches/026_pam_unix_passwd_unknown_user @@ -1,11 +1,16 @@ -Description: distinguish between password manipulation failure and missing user. -Author: Martin Schwenke <martin@meltin.net> +From: Martin Schwenke <martin@meltin.net> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: distinguish between password manipulation failure and missing user. -Index: pam/modules/pam_unix/passverify.c -=================================================================== ---- pam.orig/modules/pam_unix/passverify.c -+++ pam/modules/pam_unix/passverify.c -@@ -801,7 +801,7 @@ +--- + modules/pam_unix/passverify.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 81b10d8..7ff8bf0 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -804,7 +804,7 @@ PAMH_ARG_DECL(int unix_update_passwd, struct passwd *tmpent = NULL; struct stat st; FILE *pwfile, *opwfile; @@ -14,7 +19,7 @@ Index: pam/modules/pam_unix/passverify.c int oldmask; #ifdef WITH_SELINUX char *prev_context_raw = NULL; -@@ -872,6 +872,7 @@ +@@ -875,6 +875,7 @@ PAMH_ARG_DECL(int unix_update_passwd, tmpent->pw_passwd = assigned_passwd.charp; err = 0; @@ -22,7 +27,7 @@ Index: pam/modules/pam_unix/passverify.c } if (putpwent(tmpent, pwfile)) { D(("error writing entry to password file: %m")); -@@ -914,7 +915,7 @@ +@@ -917,7 +918,7 @@ done: return PAM_SUCCESS; } else { unlink(PW_TMPFILE); diff --git a/debian/patches/027_pam_limits_better_init_allow_explicit_root b/debian/patches/027_pam_limits_better_init_allow_explicit_root index c4603f5a..a8592256 100644 --- a/debian/patches/027_pam_limits_better_init_allow_explicit_root +++ b/debian/patches/027_pam_limits_better_init_allow_explicit_root @@ -1,38 +1,133 @@ -Description: Allow explicit limits for root and reset limits on each session - When crossing session boundaries (such as when su'ing from one user to - another), if the target account has no limit specified in limits.conf we - want to use the default, not the current value configured for the - source account. - . - If /proc/1/limits is unavailable, fall back to a set of hard-coded values - that shadow the currently known defaults on Linux. - . - Also, don't apply wildcard limits to the root account; only apply limits to - root that reference root by name. -Author: Peter Paluch <peterp@frcatel.fri.utc.sk>, - Ben Collins <bcollins@debian.org>, - Steve Langasek <vorlon@debian.org>, +From: Peter Paluch <peterp@frcatel.fri.utc.sk> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: Allow explicit limits for root and reset limits on each session + Bug-Debian: http://bugs.debian.org/63230 -Index: pam/modules/pam_limits/pam_limits.c + +When crossing session boundaries (such as when su'ing from one user to +another), if the target account has no limit specified in limits.conf we +want to use the default, not the current value configured for the +source account. + +If /proc/1/limits is unavailable, fall back to a set of hard-coded values +that shadow the currently known defaults on Linux. + +Also, don't apply wildcard limits to the root account; only apply limits to +root that reference root by name. =================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -47,6 +47,14 @@ +--- + modules/pam_limits/README | 1 + + modules/pam_limits/limits.conf | 4 ++ + modules/pam_limits/limits.conf.5 | 5 ++ + modules/pam_limits/limits.conf.5.xml | 6 +++ + modules/pam_limits/pam_limits.c | 88 ++++++++++++++++++++++++++++++++---- + 5 files changed, 95 insertions(+), 9 deletions(-) + +diff --git a/modules/pam_limits/README b/modules/pam_limits/README +index 98264b9..dc560ef 100644 +--- a/modules/pam_limits/README ++++ b/modules/pam_limits/README +@@ -68,6 +68,7 @@ These are some example lines which might be specified in /etc/security/ + limits.conf. + + * soft core 0 ++root hard core 100000 + * hard nofile 512 + @student hard nproc 20 + @faculty soft nproc 20 +diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf +index 9b1d624..6b3865c 100644 +--- a/modules/pam_limits/limits.conf ++++ b/modules/pam_limits/limits.conf +@@ -22,6 +22,9 @@ + # - the wildcard *, for default entry + # - the wildcard %, can be also used with %group syntax, + # for maxlogin limit ++# - NOTE: group and wildcard limits are not applied to root. ++# To apply a limit to the root user, <domain> must be ++# the literal username root. + # + #<type> can have the two values: + # - "soft" for enforcing the soft limits +@@ -52,6 +55,7 @@ + # + + #* soft core 0 ++#root hard core 100000 + #* hard rss 10000 + #@student hard nproc 20 + #@faculty soft nproc 20 +diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5 +index f197ccd..ce0ca35 100644 +--- a/modules/pam_limits/limits.conf.5 ++++ b/modules/pam_limits/limits.conf.5 +@@ -145,6 +145,10 @@ a gid specified as + \fB%:\fR\fI<gid>\fR + applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. + .RE ++.sp ++\fBNOTE:\fR ++group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username ++\fBroot\fR\&. + .RE + .PP + <type> +@@ -327,6 +331,7 @@ These are some example lines which might be specified in + .\} + .nf + * soft core 0 ++root hard core 100000 + * hard nofile 512 + @student hard nproc 20 + @faculty soft nproc 20 +diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml +index 506afda..f6f7d87 100644 +--- a/modules/pam_limits/limits.conf.5.xml ++++ b/modules/pam_limits/limits.conf.5.xml +@@ -89,6 +89,11 @@ + </para> + </listitem> + </itemizedlist> ++ <para> ++ <emphasis remap='B'>NOTE:</emphasis> group and wildcard limits are not ++ applied to the root user. To set a limit for the root user, this field ++ must contain the literal username <emphasis remap='B'>root</emphasis>. ++ </para> + </listitem> + </varlistentry> + +@@ -326,6 +331,7 @@ + </para> + <programlisting> + * soft core 0 ++root hard core 100000 + * hard nofile 512 + @student hard nproc 20 + @faculty soft nproc 20 +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 39d99f4..601d926 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -47,10 +47,18 @@ #include <libaudit.h> #endif ++ + #ifndef PR_SET_NO_NEW_PRIVS + # define PR_SET_NO_NEW_PRIVS 38 /* from <linux/prctl.h> */ + #endif + +#ifndef MLOCK_LIMIT +#ifdef __FreeBSD_kernel__ +#define MLOCK_LIMIT RLIM_INFINITY +#else +#define MLOCK_LIMIT (64*1024) +#endif -+#endif + /* Module defines */ #define LINE_LENGTH 1024 -@@ -84,6 +92,7 @@ +@@ -88,6 +96,7 @@ struct user_limits_struct { /* internal data */ struct pam_limit_s { @@ -40,7 +135,7 @@ Index: pam/modules/pam_limits/pam_limits.c int login_limit; /* the max logins limit */ int login_limit_def; /* which entry set the login limit */ int flag_numsyslogins; /* whether to limit logins only for a -@@ -447,9 +456,18 @@ +@@ -457,9 +466,18 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) { int i; int retval = PAM_SUCCESS; @@ -59,7 +154,7 @@ Index: pam/modules/pam_limits/pam_limits.c for(i = 0; i < RLIM_NLIMITS; i++) { int r = getrlimit(i, &pl->limits[i].limit); if (r == -1) { -@@ -465,18 +483,68 @@ +@@ -475,18 +493,68 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) } #ifdef __linux__ @@ -134,7 +229,7 @@ Index: pam/modules/pam_limits/pam_limits.c errno = 0; pl->priority = getpriority (PRIO_PROCESS, 0); -@@ -881,7 +949,7 @@ +@@ -895,7 +963,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, if (strcmp(uname, domain) == 0) /* this user have a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); @@ -143,7 +238,7 @@ Index: pam/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -907,7 +975,7 @@ +@@ -921,7 +989,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } @@ -152,7 +247,7 @@ Index: pam/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -941,7 +1009,7 @@ +@@ -955,7 +1023,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, } else { switch(rngtype) { case LIMIT_RANGE_NONE: @@ -161,93 +256,12 @@ Index: pam/modules/pam_limits/pam_limits.c process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); break; -@@ -1134,6 +1202,8 @@ +@@ -1247,6 +1315,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, return PAM_ABORT; } + if (pwd->pw_uid == 0) + pl->root = 1; - retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); + retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, + ctrl, pl, conf_file_set_by_user); if (retval == PAM_IGNORE) { - D(("the configuration file ('%s') has an applicable '<domain> -' entry", CONF_FILE)); -Index: pam/modules/pam_limits/limits.conf -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf -+++ pam/modules/pam_limits/limits.conf -@@ -22,6 +22,9 @@ - # - the wildcard *, for default entry - # - the wildcard %, can be also used with %group syntax, - # for maxlogin limit -+# - NOTE: group and wildcard limits are not applied to root. -+# To apply a limit to the root user, <domain> must be -+# the literal username root. - # - #<type> can have the two values: - # - "soft" for enforcing the soft limits -@@ -52,6 +55,7 @@ - # - - #* soft core 0 -+#root hard core 100000 - #* hard rss 10000 - #@student hard nproc 20 - #@faculty soft nproc 20 -Index: pam/modules/pam_limits/limits.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5.xml -+++ pam/modules/pam_limits/limits.conf.5.xml -@@ -96,6 +96,11 @@ - </para> - </listitem> - </itemizedlist> -+ <para> -+ <emphasis remap='B'>NOTE:</emphasis> group and wildcard limits are not -+ applied to the root user. To set a limit for the root user, this field -+ must contain the literal username <emphasis remap='B'>root</emphasis>. -+ </para> - </listitem> - </varlistentry> - -@@ -333,6 +338,7 @@ - </para> - <programlisting> - * soft core 0 -+root hard core 100000 - * hard nofile 512 - @student hard nproc 20 - @faculty soft nproc 20 -Index: pam/modules/pam_limits/limits.conf.5 -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5 -+++ pam/modules/pam_limits/limits.conf.5 -@@ -145,6 +145,10 @@ - \fB%:\fR\fI<gid>\fR - applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. - .RE -+.sp -+\fBNOTE:\fR -+group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username -+\fBroot\fR\&. - .RE - .PP - \fB<type>\fR -@@ -327,6 +331,7 @@ - .\} - .nf - * soft core 0 -+root hard core 100000 - * hard nofile 512 - @student hard nproc 20 - @faculty soft nproc 20 -Index: pam/modules/pam_limits/README -=================================================================== ---- pam.orig/modules/pam_limits/README -+++ pam/modules/pam_limits/README -@@ -56,6 +56,7 @@ - limits.conf. - - * soft core 0 -+root hard core 100000 - * hard nofile 512 - @student hard nproc 20 - @faculty soft nproc 20 diff --git a/debian/patches/031_pam_include b/debian/patches/031_pam_include index 16cf6d31..5b632e2a 100644 --- a/debian/patches/031_pam_include +++ b/debian/patches/031_pam_include @@ -1,14 +1,21 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _pam_include + Patch to implement an @include directive for use in pam.d config files. Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> Upstream status: not yet submitted +--- + libpam/pam_handlers.c | 36 ++++++++++++++++++++++++++++++++---- + 1 file changed, 32 insertions(+), 4 deletions(-) -Index: pam/libpam/pam_handlers.c -=================================================================== ---- pam.orig/libpam/pam_handlers.c -+++ pam/libpam/pam_handlers.c -@@ -123,6 +123,10 @@ +diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c +index 1f1917b..c7045d2 100644 +--- a/libpam/pam_handlers.c ++++ b/libpam/pam_handlers.c +@@ -123,6 +123,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f module_type = PAM_T_ACCT; } else if (!strcasecmp("password", tok)) { module_type = PAM_T_PASS; @@ -19,7 +26,7 @@ Index: pam/libpam/pam_handlers.c } else { /* Illegal module type */ D(("_pam_init_handlers: bad module type: %s", tok)); -@@ -193,8 +197,10 @@ +@@ -193,8 +197,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f _pam_set_default_control(actions, _PAM_ACTION_BAD); } @@ -30,7 +37,7 @@ Index: pam/libpam/pam_handlers.c if (substack) { res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, stack_level, module_type, actions, tok, -@@ -205,13 +211,35 @@ +@@ -205,13 +211,35 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f return PAM_ABORT; } } diff --git a/debian/patches/032_pam_limits_EPERM_NOT_FATAL b/debian/patches/032_pam_limits_EPERM_NOT_FATAL index ec97b441..0eea42ef 100644 --- a/debian/patches/032_pam_limits_EPERM_NOT_FATAL +++ b/debian/patches/032_pam_limits_EPERM_NOT_FATAL @@ -1,3 +1,7 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _pam_limits_EPERM_NOT_FATAL + setrlimit will sometimes return EPERM for example if you try to increase the number of open files too much. This is not something we want to consider fatal. This also happens if you use non-root and try to decrease a limit. @@ -6,12 +10,15 @@ Running PAM as non-root is not so great. Authors: ? Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> +--- + modules/pam_limits/pam_limits.c | 2 ++ + 1 file changed, 2 insertions(+) -Index: pam/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -1111,6 +1111,8 @@ +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 601d926..acf4ec4 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -1125,6 +1125,8 @@ static int setup_limits(pam_handle_t *pamh, if (res != 0) pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", rlimit2str(i)); diff --git a/debian/patches/036_pam_wheel_getlogin_considered_harmful b/debian/patches/036_pam_wheel_getlogin_considered_harmful index 805c62f4..781839dd 100644 --- a/debian/patches/036_pam_wheel_getlogin_considered_harmful +++ b/debian/patches/036_pam_wheel_getlogin_considered_harmful @@ -1,3 +1,7 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _pam_wheel_getlogin_considered_harmful + Patch for Debian bug #163787 et al Always use the process uid, not getlogin(), to identify an applicant in @@ -7,11 +11,199 @@ an xterm Authors: Ben Collins <bcollins@debian.org> Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net> +--- + modules/pam_wheel/README | 6 -- + modules/pam_wheel/pam_wheel.8 | 147 -------------------------------------- + modules/pam_wheel/pam_wheel.8.xml | 2 +- + modules/pam_wheel/pam_wheel.c | 45 +++--------- + 4 files changed, 10 insertions(+), 190 deletions(-) + delete mode 100644 modules/pam_wheel/pam_wheel.8 -Index: pam/modules/pam_wheel/pam_wheel.c -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.c -+++ pam/modules/pam_wheel/pam_wheel.c +diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README +index 5dae4b6..ec9e7d7 100644 +--- a/modules/pam_wheel/README ++++ b/modules/pam_wheel/README +@@ -39,12 +39,6 @@ trust + modules the wheel members may be able to su to root without being prompted + for a passwd). + +-use_uid +- +- The check will be done against the real uid of the calling process, instead +- of trying to obtain the user from the login session associated with the +- terminal in use. +- + EXAMPLES + + The root account gains access by default (rootok), only wheel members can +diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8 +deleted file mode 100644 +index 8077e81..0000000 +--- a/modules/pam_wheel/pam_wheel.8 ++++ /dev/null +@@ -1,147 +0,0 @@ +-'\" t +-.\" Title: pam_wheel +-.\" Author: [see the "AUTHOR" section] +-.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 +-.\" Manual: Linux-PAM Manual +-.\" Source: Linux-PAM +-.\" Language: English +-.\" +-.TH "PAM_WHEEL" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" +-.\" ----------------------------------------------------------------- +-.\" * Define some portability stuff +-.\" ----------------------------------------------------------------- +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" http://bugs.debian.org/507673 +-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.ie \n(.g .ds Aq \(aq +-.el .ds Aq ' +-.\" ----------------------------------------------------------------- +-.\" * set default formatting +-.\" ----------------------------------------------------------------- +-.\" disable hyphenation +-.nh +-.\" disable justification (adjust text to left margin only) +-.ad l +-.\" ----------------------------------------------------------------- +-.\" * MAIN CONTENT STARTS HERE * +-.\" ----------------------------------------------------------------- +-.SH "NAME" +-pam_wheel \- Only permit root access to members of group wheel +-.SH "SYNOPSIS" +-.HP \w'\fBpam_wheel\&.so\fR\ 'u +-\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] +-.SH "DESCRIPTION" +-.PP +-The pam_wheel PAM module is used to enforce the so\-called +-\fIwheel\fR +-group\&. By default it permits access to the target user if the applicant user is a member of the +-\fIwheel\fR +-group\&. If no group with this name exist, the module is using the group with the group\-ID +-\fB0\fR\&. +-.SH "OPTIONS" +-.PP +-debug +-.RS 4 +-Print debug information\&. +-.RE +-.PP +-deny +-.RS 4 +-Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the +-\fBgroup\fR +-option), deny access\&. Conversely, if the user is not in the group, return PAM_IGNORE (unless +-\fBtrust\fR +-was also specified, in which case we return PAM_SUCCESS)\&. +-.RE +-.PP +-group=name +-.RS 4 +-Instead of checking the wheel or GID 0 groups, use the +-\fB\fIname\fR\fR +-group to perform the authentication\&. +-.RE +-.PP +-root_only +-.RS 4 +-The check for wheel membership is done only when the target user UID is 0\&. +-.RE +-.PP +-trust +-.RS 4 +-The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. +-.RE +-.PP +-use_uid +-.RS 4 +-The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&. +-.RE +-.SH "MODULE TYPES PROVIDED" +-.PP +-The +-\fBauth\fR +-and +-\fBaccount\fR +-module types are provided\&. +-.SH "RETURN VALUES" +-.PP +-PAM_AUTH_ERR +-.RS 4 +-Authentication failure\&. +-.RE +-.PP +-PAM_BUF_ERR +-.RS 4 +-Memory buffer error\&. +-.RE +-.PP +-PAM_IGNORE +-.RS 4 +-The return value should be ignored by PAM dispatch\&. +-.RE +-.PP +-PAM_PERM_DENY +-.RS 4 +-Permission denied\&. +-.RE +-.PP +-PAM_SERVICE_ERR +-.RS 4 +-Cannot determine the user name\&. +-.RE +-.PP +-PAM_SUCCESS +-.RS 4 +-Success\&. +-.RE +-.PP +-PAM_USER_UNKNOWN +-.RS 4 +-User not known\&. +-.RE +-.SH "EXAMPLES" +-.PP +-The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\&. +-.sp +-.if n \{\ +-.RS 4 +-.\} +-.nf +-su auth sufficient pam_rootok\&.so +-su auth required pam_wheel\&.so +-su auth required pam_unix\&.so +- +-.fi +-.if n \{\ +-.RE +-.\} +-.sp +-.SH "SEE ALSO" +-.PP +-\fBpam.conf\fR(5), +-\fBpam.d\fR(5), +-\fBpam\fR(8) +-.SH "AUTHOR" +-.PP +-pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&. +diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml +index af0fd61..0e89002 100644 +--- a/modules/pam_wheel/pam_wheel.8.xml ++++ b/modules/pam_wheel/pam_wheel.8.xml +@@ -237,4 +237,4 @@ su auth required pam_unix.so + </para> + </refsect1> + +-</refentry> +\ No newline at end of file ++</refentry> +diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c +index 179f56b..5eb7b82 100644 +--- a/modules/pam_wheel/pam_wheel.c ++++ b/modules/pam_wheel/pam_wheel.c @@ -47,9 +47,8 @@ /* argument parsing */ @@ -24,7 +216,7 @@ Index: pam/modules/pam_wheel/pam_wheel.c #define PAM_ROOT_ONLY_ARG 0x0020 static int -@@ -68,8 +67,7 @@ +@@ -68,8 +67,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; @@ -34,7 +226,7 @@ Index: pam/modules/pam_wheel/pam_wheel.c else if (!strcmp(*argv,"trust")) ctrl |= PAM_TRUST_ARG; else if (!strcmp(*argv,"deny")) -@@ -118,39 +116,14 @@ +@@ -118,39 +116,14 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) } } @@ -80,78 +272,3 @@ Index: pam/modules/pam_wheel/pam_wheel.c /* * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu -Index: pam/modules/pam_wheel/pam_wheel.8.xml -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.8.xml -+++ pam/modules/pam_wheel/pam_wheel.8.xml -@@ -33,9 +33,6 @@ - <arg choice="opt"> - trust - </arg> -- <arg choice="opt"> -- use_uid -- </arg> - </cmdsynopsis> - </refsynopsisdiv> - -@@ -116,18 +113,6 @@ - </para> - </listitem> - </varlistentry> -- <varlistentry> -- <term> -- <option>use_uid</option> -- </term> -- <listitem> -- <para> -- The check will be done against the real uid of the calling process, -- instead of trying to obtain the user from the login session -- associated with the terminal in use. -- </para> -- </listitem> -- </varlistentry> - </variablelist> - </refsect1> - -Index: pam/modules/pam_wheel/pam_wheel.8 -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.8 -+++ pam/modules/pam_wheel/pam_wheel.8 -@@ -31,7 +31,7 @@ - pam_wheel \- Only permit root access to members of group wheel - .SH "SYNOPSIS" - .HP \w'\fBpam_wheel\&.so\fR\ 'u --\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] -+\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] - .SH "DESCRIPTION" - .PP - The pam_wheel PAM module is used to enforce the so\-called -@@ -72,11 +72,6 @@ - .RS 4 - The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. - .RE --.PP --\fBuse_uid\fR --.RS 4 --The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&. --.RE - .SH "MODULE TYPES PROVIDED" - .PP - The -Index: pam/modules/pam_wheel/README -=================================================================== ---- pam.orig/modules/pam_wheel/README -+++ pam/modules/pam_wheel/README -@@ -39,12 +39,6 @@ - modules the wheel members may be able to su to root without being prompted - for a passwd). - --use_uid -- -- The check will be done against the real uid of the calling process, instead -- of trying to obtain the user from the login session associated with the -- terminal in use. -- - EXAMPLES - - The root account gains access by default (rootok), only wheel members can diff --git a/debian/patches/040_pam_limits_log_failure b/debian/patches/040_pam_limits_log_failure index 0ef703bf..855b8edb 100644 --- a/debian/patches/040_pam_limits_log_failure +++ b/debian/patches/040_pam_limits_log_failure @@ -1,3 +1,7 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _pam_limits_log_failure + Patch for Debian bug #180310 Generate some (low-severity) log information whenever setrlimit() fails, @@ -6,12 +10,15 @@ for debugging purposes. Authors: Sam Hartman <hartmans@debian.org> Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> +--- + modules/pam_limits/pam_limits.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) -Index: pam/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -1108,9 +1108,19 @@ +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index acf4ec4..bb81559 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -1122,9 +1122,19 @@ static int setup_limits(pam_handle_t *pamh, if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; res = setrlimit(i, &pl->limits[i].limit); diff --git a/debian/patches/045_pam_dispatch_jump_is_ignore b/debian/patches/045_pam_dispatch_jump_is_ignore index e19a5456..af08a9e4 100644 --- a/debian/patches/045_pam_dispatch_jump_is_ignore +++ b/debian/patches/045_pam_dispatch_jump_is_ignore @@ -1,14 +1,20 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _pam_dispatch_jump_is_ignore Previously jumps were treated as PAM_IGNORE in the freezing part of the chain and PAM_OK (aka required) in the frozen part of the chain. No one on pam-list was able to explain this behavior, so I changed it to be consistent. +--- + libpam/pam_dispatch.c | 17 +---------------- + 1 file changed, 1 insertion(+), 16 deletions(-) -Index: pam/libpam/pam_dispatch.c -=================================================================== ---- pam.orig/libpam/pam_dispatch.c -+++ pam/libpam/pam_dispatch.c -@@ -260,22 +260,7 @@ +diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c +index 974104a..15cad01 100644 +--- a/libpam/pam_dispatch.c ++++ b/libpam/pam_dispatch.c +@@ -260,22 +260,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if ( _PAM_ACTION_IS_JUMP(action) ) { /* If we are evaluating a cached chain, we treat this diff --git a/debian/patches/PAM-manpage-section b/debian/patches/PAM-manpage-section index 7cdadad3..d1c83470 100644 --- a/debian/patches/PAM-manpage-section +++ b/debian/patches/PAM-manpage-section @@ -1,212 +1,975 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: PAM-manpage-section + Patch to put the PAM manpage in section 7 (general topics) instead of 8 (system administration commands) Authors: Steve Langasek <vorlon@debian.org> Upstream status: maybe provide a backwards-compatibility link first? +--- + doc/man/PAM.8 | 138 --------------- + doc/man/misc_conv.3 | 2 +- + doc/man/misc_conv.3.xml | 2 +- + doc/man/pam.8.xml | 212 ------------------------ + doc/man/pam_acct_mgmt.3 | 2 +- + doc/man/pam_acct_mgmt.3.xml | 2 +- + doc/man/pam_authenticate.3 | 2 +- + doc/man/pam_authenticate.3.xml | 2 +- + doc/man/pam_chauthtok.3 | 2 +- + doc/man/pam_chauthtok.3.xml | 2 +- + doc/man/pam_conv.3 | 2 +- + doc/man/pam_conv.3.xml | 2 +- + doc/man/pam_error.3 | 2 +- + doc/man/pam_error.3.xml | 2 +- + doc/man/pam_get_authtok.3 | 2 +- + doc/man/pam_get_authtok.3.xml | 2 +- + doc/man/pam_getenv.3 | 2 +- + doc/man/pam_getenv.3.xml | 2 +- + doc/man/pam_getenvlist.3 | 2 +- + doc/man/pam_getenvlist.3.xml | 2 +- + doc/man/pam_info.3 | 2 +- + doc/man/pam_info.3.xml | 2 +- + doc/man/pam_misc_drop_env.3 | 2 +- + doc/man/pam_misc_drop_env.3.xml | 2 +- + doc/man/pam_misc_paste_env.3 | 2 +- + doc/man/pam_misc_paste_env.3.xml | 2 +- + doc/man/pam_misc_setenv.3 | 2 +- + doc/man/pam_misc_setenv.3.xml | 2 +- + doc/man/pam_prompt.3 | 2 +- + doc/man/pam_prompt.3.xml | 2 +- + doc/man/pam_putenv.3 | 2 +- + doc/man/pam_putenv.3.xml | 2 +- + doc/man/pam_strerror.3 | 2 +- + doc/man/pam_strerror.3.xml | 2 +- + doc/man/pam_syslog.3 | 2 +- + doc/man/pam_syslog.3.xml | 2 +- + modules/pam_access/access.conf.5 | 2 +- + modules/pam_access/access.conf.5.xml | 2 +- + modules/pam_access/pam_access.8 | 2 +- + modules/pam_access/pam_access.8.xml | 2 +- + modules/pam_debug/pam_debug.8 | 2 +- + modules/pam_debug/pam_debug.8.xml | 2 +- + modules/pam_deny/pam_deny.8 | 2 +- + modules/pam_deny/pam_deny.8.xml | 2 +- + modules/pam_echo/pam_echo.8 | 2 +- + modules/pam_echo/pam_echo.8.xml | 2 +- + modules/pam_env/pam_env.8 | 160 ------------------ + modules/pam_env/pam_env.8.xml | 2 +- + modules/pam_env/pam_env.conf.5 | 2 +- + modules/pam_env/pam_env.conf.5.xml | 2 +- + modules/pam_exec/pam_exec.8 | 2 +- + modules/pam_exec/pam_exec.8.xml | 2 +- + modules/pam_faildelay/pam_faildelay.8 | 2 +- + modules/pam_faildelay/pam_faildelay.8.xml | 2 +- + modules/pam_filter/pam_filter.8 | 2 +- + modules/pam_filter/pam_filter.8.xml | 2 +- + modules/pam_ftp/pam_ftp.8 | 2 +- + modules/pam_ftp/pam_ftp.8.xml | 2 +- + modules/pam_group/group.conf.5 | 2 +- + modules/pam_group/group.conf.5.xml | 2 +- + modules/pam_group/pam_group.8 | 2 +- + modules/pam_group/pam_group.8.xml | 2 +- + modules/pam_issue/pam_issue.8 | 2 +- + modules/pam_issue/pam_issue.8.xml | 2 +- + modules/pam_keyinit/pam_keyinit.8 | 2 +- + modules/pam_keyinit/pam_keyinit.8.xml | 2 +- + modules/pam_lastlog/pam_lastlog.8 | 2 +- + modules/pam_lastlog/pam_lastlog.8.xml | 2 +- + modules/pam_limits/limits.conf.5 | 2 +- + modules/pam_limits/limits.conf.5.xml | 2 +- + modules/pam_limits/pam_limits.8 | 2 +- + modules/pam_limits/pam_limits.8.xml | 2 +- + modules/pam_listfile/pam_listfile.8 | 2 +- + modules/pam_listfile/pam_listfile.8.xml | 2 +- + modules/pam_localuser/pam_localuser.8 | 2 +- + modules/pam_localuser/pam_localuser.8.xml | 2 +- + modules/pam_loginuid/pam_loginuid.8 | 2 +- + modules/pam_loginuid/pam_loginuid.8.xml | 2 +- + modules/pam_mail/pam_mail.8 | 2 +- + modules/pam_mail/pam_mail.8.xml | 2 +- + modules/pam_mkhomedir/pam_mkhomedir.8 | 2 +- + modules/pam_mkhomedir/pam_mkhomedir.8.xml | 2 +- + modules/pam_motd/pam_motd.8 | 2 +- + modules/pam_motd/pam_motd.8.xml | 2 +- + modules/pam_namespace/namespace.conf.5 | 2 +- + modules/pam_namespace/namespace.conf.5.xml | 2 +- + modules/pam_namespace/pam_namespace.8 | 2 +- + modules/pam_namespace/pam_namespace.8.xml | 2 +- + modules/pam_nologin/pam_nologin.8 | 2 +- + modules/pam_nologin/pam_nologin.8.xml | 2 +- + modules/pam_permit/pam_permit.8 | 2 +- + modules/pam_permit/pam_permit.8.xml | 2 +- + modules/pam_pwhistory/pam_pwhistory.8 | 2 +- + modules/pam_pwhistory/pam_pwhistory.8.xml | 2 +- + modules/pam_rhosts/pam_rhosts.8 | 2 +- + modules/pam_rhosts/pam_rhosts.8.xml | 2 +- + modules/pam_rootok/pam_rootok.8 | 2 +- + modules/pam_rootok/pam_rootok.8.xml | 2 +- + modules/pam_securetty/pam_securetty.8 | 2 +- + modules/pam_securetty/pam_securetty.8.xml | 2 +- + modules/pam_selinux/pam_selinux.8 | 151 ----------------- + modules/pam_selinux/pam_selinux.8.xml | 2 +- + modules/pam_sepermit/pam_sepermit.8 | 2 +- + modules/pam_sepermit/pam_sepermit.8.xml | 2 +- + modules/pam_sepermit/sepermit.conf.5 | 2 +- + modules/pam_sepermit/sepermit.conf.5.xml | 2 +- + modules/pam_shells/pam_shells.8 | 2 +- + modules/pam_shells/pam_shells.8.xml | 2 +- + modules/pam_succeed_if/pam_succeed_if.8 | 2 +- + modules/pam_succeed_if/pam_succeed_if.8.xml | 2 +- + modules/pam_time/pam_time.8 | 2 +- + modules/pam_time/pam_time.8.xml | 2 +- + modules/pam_time/time.conf.5 | 2 +- + modules/pam_time/time.conf.5.xml | 2 +- + modules/pam_timestamp/pam_timestamp.8 | 2 +- + modules/pam_timestamp/pam_timestamp.8.xml | 2 +- + modules/pam_timestamp/pam_timestamp_check.8 | 2 +- + modules/pam_timestamp/pam_timestamp_check.8.xml | 2 +- + modules/pam_tty_audit/pam_tty_audit.8 | 2 +- + modules/pam_tty_audit/pam_tty_audit.8.xml | 2 +- + modules/pam_umask/pam_umask.8 | 2 +- + modules/pam_umask/pam_umask.8.xml | 2 +- + modules/pam_unix/pam_unix.8 | 2 +- + modules/pam_unix/pam_unix.8.xml | 2 +- + modules/pam_userdb/pam_userdb.8 | 2 +- + modules/pam_userdb/pam_userdb.8.xml | 2 +- + modules/pam_warn/pam_warn.8 | 2 +- + modules/pam_warn/pam_warn.8.xml | 2 +- + modules/pam_wheel/pam_wheel.8.xml | 2 +- + modules/pam_xauth/pam_xauth.8 | 2 +- + modules/pam_xauth/pam_xauth.8.xml | 2 +- + 131 files changed, 127 insertions(+), 788 deletions(-) + delete mode 100644 doc/man/PAM.8 + delete mode 100644 doc/man/pam.8.xml + delete mode 100644 modules/pam_env/pam_env.8 + delete mode 100644 modules/pam_selinux/pam_selinux.8 -Index: pam/doc/man/pam.8.xml -=================================================================== ---- pam.orig/doc/man/pam.8.xml -+++ pam/doc/man/pam.8.xml -@@ -6,7 +6,7 @@ - - <refmeta> - <refentrytitle>pam</refentrytitle> +diff --git a/doc/man/PAM.8 b/doc/man/PAM.8 +deleted file mode 100644 +index 57fefc5..0000000 +--- a/doc/man/PAM.8 ++++ /dev/null +@@ -1,138 +0,0 @@ +-'\" t +-.\" Title: pam +-.\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] +-.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 +-.\" Manual: Linux-PAM Manual +-.\" Source: Linux-PAM +-.\" Language: English +-.\" +-.TH "PAM" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" +-.\" ----------------------------------------------------------------- +-.\" * Define some portability stuff +-.\" ----------------------------------------------------------------- +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" http://bugs.debian.org/507673 +-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.ie \n(.g .ds Aq \(aq +-.el .ds Aq ' +-.\" ----------------------------------------------------------------- +-.\" * set default formatting +-.\" ----------------------------------------------------------------- +-.\" disable hyphenation +-.nh +-.\" disable justification (adjust text to left margin only) +-.ad l +-.\" ----------------------------------------------------------------- +-.\" * MAIN CONTENT STARTS HERE * +-.\" ----------------------------------------------------------------- +-.SH "NAME" +-PAM, pam \- Pluggable Authentication Modules for Linux +-.SH "DESCRIPTION" +-.PP +-This manual is intended to offer a quick introduction to +-\fBLinux\-PAM\fR\&. For more information the reader is directed to the +-\fBLinux\-PAM system administrators\*(Aq guide\fR\&. +-.PP +-\fBLinux\-PAM\fR +-is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as +-\fBlogin\fR(1) +-and +-\fBsu\fR(1)) defer to to perform standard authentication tasks\&. +-.PP +-The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single +-\fBLinux\-PAM\fR +-configuration file +-/etc/pam\&.conf\&. Alternatively and preferably, the configuration can be set by individual configuration files located in a +-pam\&.d +-directory\&. The presence of this directory will cause +-\fBLinux\-PAM\fR +-to +-\fIignore\fR +-/etc/pam\&.conf\&. +-.PP +-Vendor\-supplied PAM configuration files might be installed in the system directory +-/usr/lib/pam\&.d/ +-or a configurable vendor specific directory instead of the machine configuration directory +-/etc/pam\&.d/\&. If no machine configuration file is found, the vendor\-supplied file is used\&. All files in +-/etc/pam\&.d/ +-override files with the same name in other directories\&. +-.PP +-From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the +-\fBLinux\-PAM\fR +-library\&. The important point to recognize is that the configuration file(s) +-\fIdefine\fR +-the connection between applications +-(\fBservices\fR) and the pluggable authentication modules +-(\fBPAM\fRs) that perform the actual authentication tasks\&. +-.PP +-\fBLinux\-PAM\fR +-separates the tasks of +-\fIauthentication\fR +-into four independent management groups: +-\fBaccount\fR +-management; +-\fBauth\fRentication management; +-\fBpassword\fR +-management; and +-\fBsession\fR +-management\&. (We highlight the abbreviations used for these groups in the configuration file\&.) +-.PP +-Simply put, these groups take care of different aspects of a typical user\*(Aqs request for a restricted service: +-.PP +-\fBaccount\fR +-\- provide account verification types of service: has the user\*(Aqs password expired?; is this user permitted access to the requested service? +-.PP +-\fBauth\fRentication \- authenticate a user and set up user credentials\&. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\&. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of +-\fBLinux\-PAM\fR\&. +-.PP +-\fBpassword\fR +-\- this group\*(Aqs responsibility is the task of updating authentication mechanisms\&. Typically, such services are strongly coupled to those of the +-\fBauth\fR +-group\&. Some authentication mechanisms lend themselves well to being updated with such a function\&. Standard UN*X password\-based access is the obvious example: please enter a replacement password\&. +-.PP +-\fBsession\fR +-\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\&. Such tasks include the maintenance of audit trails and the mounting of the user\*(Aqs home directory\&. The +-\fBsession\fR +-management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&. +-.SH "FILES" +-.PP +-/etc/pam\&.conf +-.RS 4 +-the configuration file +-.RE +-.PP +-/etc/pam\&.d +-.RS 4 +-the +-\fBLinux\-PAM\fR +-configuration directory\&. Generally, if this directory is present, the +-/etc/pam\&.conf +-file is ignored\&. +-.RE +-.PP +-/usr/lib/pam\&.d +-.RS 4 +-the +-\fBLinux\-PAM\fR +-vendor configuration directory\&. Files in +-/etc/pam\&.d +-override files with the same name in this directory\&. +-.RE +-.SH "ERRORS" +-.PP +-Typically errors generated by the +-\fBLinux\-PAM\fR +-system of libraries, will be written to +-\fBsyslog\fR(3)\&. +-.SH "CONFORMING TO" +-.PP +-DCE\-RFC 86\&.0, October 1995\&. Contains additional features, but remains backwardly compatible with this RFC\&. +-.SH "SEE ALSO" +-.PP +-\fBpam\fR(3), +-\fBpam_authenticate\fR(3), +-\fBpam_sm_setcred\fR(3), +-\fBpam_strerror\fR(3), +-\fBPAM\fR(8) +diff --git a/doc/man/misc_conv.3 b/doc/man/misc_conv.3 +index 6265664..85d32db 100644 +--- a/doc/man/misc_conv.3 ++++ b/doc/man/misc_conv.3 +@@ -117,7 +117,7 @@ This function pointer is initialized to + .SH "SEE ALSO" + .PP + \fBpam_conv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +diff --git a/doc/man/misc_conv.3.xml b/doc/man/misc_conv.3.xml +index 92d4acd..2971b3a 100644 +--- a/doc/man/misc_conv.3.xml ++++ b/doc/man/misc_conv.3.xml +@@ -168,7 +168,7 @@ + <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml +deleted file mode 100644 +index 7f3b051..0000000 +--- a/doc/man/pam.8.xml ++++ /dev/null +@@ -1,212 +0,0 @@ +-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam8"> +- +- <refmeta> +- <refentrytitle>pam</refentrytitle> - <manvolnum>8</manvolnum> -+ <manvolnum>7</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - -@@ -209,7 +209,7 @@ +- <refmiscinfo class="source">Linux-PAM</refmiscinfo> +- <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> +- </refmeta> +- +- <refnamediv xml:id="pam8-name"> +- <refname>PAM</refname> +- <refname>pam</refname> +- <refpurpose>Pluggable Authentication Modules for Linux</refpurpose> +- </refnamediv> +- +- <refsect1 xml:id="pam8-description"> +- <title>DESCRIPTION</title> +- <para> +- This manual is intended to offer a quick introduction to +- <emphasis remap="B">Linux-PAM</emphasis>. For more information +- the reader is directed to the +- <emphasis remap="B">Linux-PAM system administrators' guide</emphasis>. +- </para> +- +- <para> +- <emphasis remap="B">Linux-PAM</emphasis> is a system of libraries +- that handle the authentication tasks of applications (services) on +- the system. The library provides a stable general interface +- (Application Programming Interface - API) that privilege granting +- programs (such as <citerefentry> +- <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> +- </citerefentry> and <citerefentry> +- <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> +- </citerefentry>) defer to to perform standard authentication tasks. +- </para> +- +- <para> +- The principal feature of the PAM approach is that the nature of the +- authentication is dynamically configurable. In other words, the +- system administrator is free to choose how individual +- service-providing applications will authenticate users. This dynamic +- configuration is set by the contents of the single +- <emphasis remap="B">Linux-PAM</emphasis> configuration file +- <filename>/etc/pam.conf</filename>. Alternatively and preferably, +- the configuration can be set by individual configuration files +- located in a <filename>pam.d</filename> directory. The presence of this +- directory will cause <emphasis remap="B">Linux-PAM</emphasis> to +- <emphasis remap="I">ignore</emphasis> <filename>/etc/pam.conf</filename>. +- </para> +- +- <para> +- Vendor-supplied PAM configuration files might be installed in +- the system directory <filename>/usr/lib/pam.d/</filename> or +- a configurable vendor specific directory instead +- of the machine configuration directory <filename>/etc/pam.d/</filename>. +- If no machine configuration file is found, the vendor-supplied file +- is used. All files in <filename>/etc/pam.d/</filename> override +- files with the same name in other directories. +- </para> +- +-<para>From the point of view of the system administrator, for whom this +-manual is provided, it is not of primary importance to understand the +-internal behavior of the +-<emphasis remap="B">Linux-PAM</emphasis> +-library. The important point to recognize is that the configuration +-file(s) +-<emphasis remap="I">define</emphasis> +-the connection between applications +-<emphasis remap="B"/>(<emphasis remap="B">services</emphasis>) +-and the pluggable authentication modules +-<emphasis remap="B"/>(<emphasis remap="B">PAM</emphasis>s) +-that perform the actual authentication tasks.</para> +- +- +-<para><emphasis remap="B">Linux-PAM</emphasis> +-separates the tasks of +-<emphasis remap="I">authentication</emphasis> +-into four independent management groups: +-<emphasis remap="B">account</emphasis> management; +-<emphasis remap="B">auth</emphasis>entication management; +-<emphasis remap="B">password</emphasis> management; +-and +-<emphasis remap="B">session</emphasis> management. +-(We highlight the abbreviations used for these groups in the +-configuration file.)</para> +- +- +-<para>Simply put, these groups take care of different aspects of a typical +-user's request for a restricted service:</para> +- +- +-<para><emphasis remap="B">account</emphasis> - +-provide account verification types of service: has the user's password +-expired?; is this user permitted access to the requested service?</para> +- +-<!-- .br --> +-<para><emphasis remap="B">auth</emphasis>entication - +-authenticate a user and set up user credentials. Typically this is via +-some challenge-response request that the user must satisfy: if you are +-who you claim to be please enter your password. Not all authentications +-are of this type, there exist hardware based authentication schemes +-(such as the use of smart-cards and biometric devices), with suitable +-modules, these may be substituted seamlessly for more standard +-approaches to authentication - such is the flexibility of +-<emphasis remap="B">Linux-PAM</emphasis>.</para> +- +-<!-- .br --> +-<para><emphasis remap="B">password</emphasis> - +-this group's responsibility is the task of updating authentication +-mechanisms. Typically, such services are strongly coupled to those of +-the +-<emphasis remap="B">auth</emphasis> +-group. Some authentication mechanisms lend themselves well to being +-updated with such a function. Standard UN*X password-based access is +-the obvious example: please enter a replacement password.</para> +- +-<!-- .br --> +-<para><emphasis remap="B">session</emphasis> - +-this group of tasks cover things that should be done prior to a +-service being given and after it is withdrawn. Such tasks include the +-maintenance of audit trails and the mounting of the user's home +-directory. The +-<emphasis remap="B">session</emphasis> +-management group is important as it provides both an opening and +-closing hook for modules to affect the services available to a user.</para> +- +-</refsect1> +- +- <refsect1 xml:id="pam8-files"> +- <title>FILES</title> +- <variablelist> +- <varlistentry> +- <term>/etc/pam.conf</term> +- <listitem> +- <para>the configuration file</para> +- </listitem> +- </varlistentry> +- <varlistentry> +- <term>/etc/pam.d</term> +- <listitem> +- <para> +- the <emphasis remap="B">Linux-PAM</emphasis> configuration +- directory. Generally, if this directory is present, the +- <filename>/etc/pam.conf</filename> file is ignored. +- </para> +- </listitem> +- </varlistentry> +- <varlistentry> +- <term>/usr/lib/pam.d</term> +- <listitem> +- <para> +- the <emphasis remap="B">Linux-PAM</emphasis> vendor configuration +- directory. Files in <filename>/etc/pam.d</filename> override +- files with the same name in this directory. +- </para> +- </listitem> +- </varlistentry> +- <varlistentry condition="with_vendordir"> +- <term>%vendordir%/pam.d</term> +- <listitem> +- <para> +- additional <emphasis remap="B">Linux-PAM</emphasis> vendor +- configuration directory. Files in <filename>/etc/pam.d</filename> +- and <filename>/usr/lib/pam.d</filename> override files with the +- same name in this directory. +- </para> +- </listitem> +- </varlistentry> +- </variablelist> +- </refsect1> +- +- <refsect1 xml:id="pam8-errors"> +- <title>ERRORS</title> +- <para> +- Typically errors generated by the +- <emphasis remap="B">Linux-PAM</emphasis> system of libraries, will +- be written to <citerefentry> +- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>. +- </para> +- </refsect1> +- +- <refsect1 xml:id="pam8-conforming_to"> +- <title>CONFORMING TO</title> +- <para> +- DCE-RFC 86.0, October 1995. +- Contains additional features, but remains backwardly compatible +- with this RFC. +- </para> +- </refsect1> +- +- <refsect1 xml:id="pam8-see_also"> +- <title>SEE ALSO</title> +- <para> +- <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>, +- <citerefentry> +- <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>, +- <citerefentry> +- <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>, +- <citerefentry> +- <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>, +- <citerefentry> +- <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> +- </citerefentry> +- </para> +- </refsect1> +-</refentry> +diff --git a/doc/man/pam_acct_mgmt.3 b/doc/man/pam_acct_mgmt.3 +index 18e91d5..1cfb501 100644 +--- a/doc/man/pam_acct_mgmt.3 ++++ b/doc/man/pam_acct_mgmt.3 +@@ -97,4 +97,4 @@ User unknown to password service\&. + \fBpam_authenticate\fR(3), + \fBpam_chauthtok\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +diff --git a/doc/man/pam_acct_mgmt.3.xml b/doc/man/pam_acct_mgmt.3.xml +index de6a94a..6ff3ccb 100644 +--- a/doc/man/pam_acct_mgmt.3.xml ++++ b/doc/man/pam_acct_mgmt.3.xml +@@ -136,7 +136,7 @@ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>PAM</refentrytitle><manvolnum>7</manvolnum> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> </citerefentry> </para> </refsect1> -Index: pam/doc/man/PAM.8 -=================================================================== ---- pam.orig/doc/man/PAM.8 -+++ pam/doc/man/PAM.8 -@@ -7,7 +7,7 @@ - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM" "7" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -146,4 +146,4 @@ - \fBpam_authenticate\fR(3), - \fBpam_sm_setcred\fR(3), +diff --git a/doc/man/pam_authenticate.3 b/doc/man/pam_authenticate.3 +index 1760e2a..463a518 100644 +--- a/doc/man/pam_authenticate.3 ++++ b/doc/man/pam_authenticate.3 +@@ -107,4 +107,4 @@ User unknown to authentication service\&. + \fBpam_setcred\fR(3), + \fBpam_chauthtok\fR(3), \fBpam_strerror\fR(3), --\fBPAM\fR(8) -+\fBPAM\fR(7) -Index: pam/modules/pam_access/access.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_access/access.conf.5.xml -+++ pam/modules/pam_access/access.conf.5.xml -@@ -233,7 +233,7 @@ +-\fBpam\fR(8) ++\fBpam\fR(7) +diff --git a/doc/man/pam_authenticate.3.xml b/doc/man/pam_authenticate.3.xml +index 794a5c7..948b950 100644 +--- a/doc/man/pam_authenticate.3.xml ++++ b/doc/man/pam_authenticate.3.xml +@@ -160,7 +160,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_chauthtok.3 b/doc/man/pam_chauthtok.3 +index 60d267f..d7a1c1b 100644 +--- a/doc/man/pam_chauthtok.3 ++++ b/doc/man/pam_chauthtok.3 +@@ -106,4 +106,4 @@ User unknown to password service\&. + \fBpam_setcred\fR(3), + \fBpam_get_item\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +diff --git a/doc/man/pam_chauthtok.3.xml b/doc/man/pam_chauthtok.3.xml +index e184f45..95af359 100644 +--- a/doc/man/pam_chauthtok.3.xml ++++ b/doc/man/pam_chauthtok.3.xml +@@ -155,7 +155,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_conv.3 b/doc/man/pam_conv.3 +index 5ada083..35c35d0 100644 +--- a/doc/man/pam_conv.3 ++++ b/doc/man/pam_conv.3 +@@ -174,4 +174,4 @@ Success\&. + \fBpam_set_item\fR(3), + \fBpam_get_item\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +diff --git a/doc/man/pam_conv.3.xml b/doc/man/pam_conv.3.xml +index 31834f3..96bfd23 100644 +--- a/doc/man/pam_conv.3.xml ++++ b/doc/man/pam_conv.3.xml +@@ -219,7 +219,7 @@ struct pam_conv { + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_error.3 b/doc/man/pam_error.3 +index 9a6c3f8..6f04998 100644 +--- a/doc/man/pam_error.3 ++++ b/doc/man/pam_error.3 +@@ -80,7 +80,7 @@ System error\&. + \fBpam_vinfo\fR(3), + \fBpam_prompt\fR(3), + \fBpam_vprompt\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +diff --git a/doc/man/pam_error.3.xml b/doc/man/pam_error.3.xml +index 0f294c2..82ea709 100644 +--- a/doc/man/pam_error.3.xml ++++ b/doc/man/pam_error.3.xml +@@ -102,7 +102,7 @@ + <refentrytitle>pam_vprompt</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_get_authtok.3 b/doc/man/pam_get_authtok.3 +index 105a217..3e6ddda 100644 +--- a/doc/man/pam_get_authtok.3 ++++ b/doc/man/pam_get_authtok.3 +@@ -162,7 +162,7 @@ New authentication tokens mismatch\&. + .RE + .SH "SEE ALSO" + .PP +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +diff --git a/doc/man/pam_get_authtok.3.xml b/doc/man/pam_get_authtok.3.xml +index ba6d955..1cb7566 100644 +--- a/doc/man/pam_get_authtok.3.xml ++++ b/doc/man/pam_get_authtok.3.xml +@@ -229,7 +229,7 @@ + <title>SEE ALSO</title> <para> - <citerefentry><refentrytitle>pam_access</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> </refsect1> - -Index: pam/modules/pam_access/access.conf.5 -=================================================================== ---- pam.orig/modules/pam_access/access.conf.5 -+++ pam/modules/pam_access/access.conf.5 -@@ -210,7 +210,7 @@ +diff --git a/doc/man/pam_getenv.3 b/doc/man/pam_getenv.3 +index d0d3999..f639ef9 100644 +--- a/doc/man/pam_getenv.3 ++++ b/doc/man/pam_getenv.3 +@@ -57,4 +57,4 @@ function returns NULL on failure\&. + \fBpam_start\fR(3), + \fBpam_getenvlist\fR(3), + \fBpam_putenv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +diff --git a/doc/man/pam_getenv.3.xml b/doc/man/pam_getenv.3.xml +index df25863..b5dbc12 100644 +--- a/doc/man/pam_getenv.3.xml ++++ b/doc/man/pam_getenv.3.xml +@@ -58,7 +58,7 @@ + <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_getenvlist.3 b/doc/man/pam_getenvlist.3 +index 8369764..e2ae949 100644 +--- a/doc/man/pam_getenvlist.3 ++++ b/doc/man/pam_getenvlist.3 +@@ -63,4 +63,4 @@ function returns NULL on failure\&. + \fBpam_start\fR(3), + \fBpam_getenv\fR(3), + \fBpam_putenv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +diff --git a/doc/man/pam_getenvlist.3.xml b/doc/man/pam_getenvlist.3.xml +index 54b1f41..7f755e5 100644 +--- a/doc/man/pam_getenvlist.3.xml ++++ b/doc/man/pam_getenvlist.3.xml +@@ -76,7 +76,7 @@ + <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_info.3 b/doc/man/pam_info.3 +index d66dee4..a76e039 100644 +--- a/doc/man/pam_info.3 ++++ b/doc/man/pam_info.3 +@@ -76,7 +76,7 @@ System error\&. + .RE + .SH "SEE ALSO" .PP - \fBpam_access\fR(8), - \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) - .SH "AUTHORS" + .SH "STANDARDS" .PP - Original -Index: pam/modules/pam_env/pam_env.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_env/pam_env.conf.5.xml -+++ pam/modules/pam_env/pam_env.conf.5.xml -@@ -122,7 +122,7 @@ + The +diff --git a/doc/man/pam_info.3.xml b/doc/man/pam_info.3.xml +index 5155d41..9b4a3f0 100644 +--- a/doc/man/pam_info.3.xml ++++ b/doc/man/pam_info.3.xml +@@ -90,7 +90,7 @@ + <title>SEE ALSO</title> <para> - <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, - <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> </refsect1> -Index: pam/modules/pam_env/pam_env.conf.5 -=================================================================== ---- pam.orig/modules/pam_env/pam_env.conf.5 -+++ pam/modules/pam_env/pam_env.conf.5 -@@ -125,7 +125,7 @@ +diff --git a/doc/man/pam_misc_drop_env.3 b/doc/man/pam_misc_drop_env.3 +index b3d162c..ca84c1c 100644 +--- a/doc/man/pam_misc_drop_env.3 ++++ b/doc/man/pam_misc_drop_env.3 +@@ -52,7 +52,7 @@ all memory before + .SH "SEE ALSO" + .PP + \fBpam_getenvlist\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +diff --git a/doc/man/pam_misc_drop_env.3.xml b/doc/man/pam_misc_drop_env.3.xml +index a7f6cc8..c7a2576 100644 +--- a/doc/man/pam_misc_drop_env.3.xml ++++ b/doc/man/pam_misc_drop_env.3.xml +@@ -43,7 +43,7 @@ + <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_misc_paste_env.3 b/doc/man/pam_misc_paste_env.3 +index d707daa..6ca8c50 100644 +--- a/doc/man/pam_misc_paste_env.3 ++++ b/doc/man/pam_misc_paste_env.3 +@@ -47,7 +47,7 @@ PAM_SUCCESS\&. + .SH "SEE ALSO" + .PP + \fBpam_putenv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +diff --git a/doc/man/pam_misc_paste_env.3.xml b/doc/man/pam_misc_paste_env.3.xml +index 06194a9..2d99a1f 100644 +--- a/doc/man/pam_misc_paste_env.3.xml ++++ b/doc/man/pam_misc_paste_env.3.xml +@@ -41,7 +41,7 @@ + <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_misc_setenv.3 b/doc/man/pam_misc_setenv.3 +index 70030b7..0b1380a 100644 +--- a/doc/man/pam_misc_setenv.3 ++++ b/doc/man/pam_misc_setenv.3 +@@ -52,7 +52,7 @@ are concatenated with an \*(Aq=\*(Aq to form a name=value and passed to + .SH "SEE ALSO" + .PP + \fBpam_putenv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +diff --git a/doc/man/pam_misc_setenv.3.xml b/doc/man/pam_misc_setenv.3.xml +index 4414d54..c9403c5 100644 +--- a/doc/man/pam_misc_setenv.3.xml ++++ b/doc/man/pam_misc_setenv.3.xml +@@ -48,7 +48,7 @@ + <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +diff --git a/doc/man/pam_prompt.3 b/doc/man/pam_prompt.3 +index 3070747..80e4898 100644 +--- a/doc/man/pam_prompt.3 ++++ b/doc/man/pam_prompt.3 +@@ -70,7 +70,7 @@ System error\&. + .RE + .SH "SEE ALSO" .PP - \fBpam_env\fR(8), - \fBpam.d\fR(5), -\fBpam\fR(8), +\fBpam\fR(7), - \fBenviron\fR(7) - .SH "AUTHOR" + \fBpam_conv\fR(3) + .SH "STANDARDS" .PP -Index: pam/modules/pam_group/group.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_group/group.conf.5.xml -+++ pam/modules/pam_group/group.conf.5.xml -@@ -134,7 +134,7 @@ +diff --git a/doc/man/pam_prompt.3.xml b/doc/man/pam_prompt.3.xml +index c65a0c9..b53f502 100644 +--- a/doc/man/pam_prompt.3.xml ++++ b/doc/man/pam_prompt.3.xml +@@ -92,7 +92,7 @@ + <title>SEE ALSO</title> <para> - <citerefentry><refentrytitle>pam_group</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> +diff --git a/doc/man/pam_putenv.3 b/doc/man/pam_putenv.3 +index 3b826b1..0e1002b 100644 +--- a/doc/man/pam_putenv.3 ++++ b/doc/man/pam_putenv.3 +@@ -108,4 +108,4 @@ The environment variable was successfully updated\&. + \fBpam_getenv\fR(3), + \fBpam_getenvlist\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +diff --git a/doc/man/pam_putenv.3.xml b/doc/man/pam_putenv.3.xml +index 7267046..8daca00 100644 +--- a/doc/man/pam_putenv.3.xml ++++ b/doc/man/pam_putenv.3.xml +@@ -143,7 +143,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> </refsect1> - -Index: pam/modules/pam_group/group.conf.5 -=================================================================== ---- pam.orig/modules/pam_group/group.conf.5 -+++ pam/modules/pam_group/group.conf.5 -@@ -115,7 +115,7 @@ +diff --git a/doc/man/pam_strerror.3 b/doc/man/pam_strerror.3 +index 408eb3a..d6c5d51 100644 +--- a/doc/man/pam_strerror.3 ++++ b/doc/man/pam_strerror.3 +@@ -49,4 +49,4 @@ function returns a pointer to a string describing the error code passed in the a + This function returns always a pointer to a string\&. + .SH "SEE ALSO" .PP - \fBpam_group\fR(8), - \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_limits/limits.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5.xml -+++ pam/modules/pam_limits/limits.conf.5.xml -@@ -357,7 +357,7 @@ +diff --git a/doc/man/pam_strerror.3.xml b/doc/man/pam_strerror.3.xml +index b76cbc4..2c7a8a9 100644 +--- a/doc/man/pam_strerror.3.xml ++++ b/doc/man/pam_strerror.3.xml +@@ -48,7 +48,7 @@ + <title>SEE ALSO</title> <para> - <citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, - <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>, - <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>3p</manvolnum></citerefentry> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> -Index: pam/modules/pam_limits/limits.conf.5 -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5 -+++ pam/modules/pam_limits/limits.conf.5 -@@ -351,7 +351,7 @@ + </refsect1> +diff --git a/doc/man/pam_syslog.3 b/doc/man/pam_syslog.3 +index 8223131..d1f2589 100644 +--- a/doc/man/pam_syslog.3 ++++ b/doc/man/pam_syslog.3 +@@ -67,7 +67,7 @@ with the difference that it takes a set of arguments which have been obtained us + variable argument list macros\&. + .SH "SEE ALSO" .PP - \fBpam_limits\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBgetrlimit\fR(2), - \fBgetrlimit\fR(3p) - .SH "AUTHOR" -Index: pam/modules/pam_namespace/namespace.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_namespace/namespace.conf.5.xml -+++ pam/modules/pam_namespace/namespace.conf.5.xml -@@ -209,7 +209,7 @@ +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +diff --git a/doc/man/pam_syslog.3.xml b/doc/man/pam_syslog.3.xml +index f5be287..5005476 100644 +--- a/doc/man/pam_syslog.3.xml ++++ b/doc/man/pam_syslog.3.xml +@@ -63,7 +63,7 @@ + <title>SEE ALSO</title> <para> - <citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> </refsect1> - -Index: pam/modules/pam_namespace/namespace.conf.5 -=================================================================== ---- pam.orig/modules/pam_namespace/namespace.conf.5 -+++ pam/modules/pam_namespace/namespace.conf.5 -@@ -162,7 +162,7 @@ +diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5 +index b45e914..774e5cd 100644 +--- a/modules/pam_access/access.conf.5 ++++ b/modules/pam_access/access.conf.5 +@@ -210,7 +210,7 @@ option, the spaces will become part of the actual item and the line will be most .PP - \fBpam_namespace\fR(8), + \fBpam_access\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHORS" .PP - The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&. More features added by Tomas Mraz <tmraz@redhat\&.com>\&. -Index: pam/modules/pam_time/time.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_time/time.conf.5.xml -+++ pam/modules/pam_time/time.conf.5.xml -@@ -136,7 +136,7 @@ + Original +diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml +index ff1cb22..e1e5531 100644 +--- a/modules/pam_access/access.conf.5.xml ++++ b/modules/pam_access/access.conf.5.xml +@@ -229,7 +229,7 @@ <para> - <citerefentry><refentrytitle>pam_time</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam_access</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> + <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> </para> </refsect1> -Index: pam/modules/pam_time/time.conf.5 -=================================================================== ---- pam.orig/modules/pam_time/time.conf.5 -+++ pam/modules/pam_time/time.conf.5 -@@ -109,7 +109,7 @@ +diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8 +index c9f9d40..5b0e1a3 100644 +--- a/modules/pam_access/pam_access.8 ++++ b/modules/pam_access/pam_access.8 +@@ -133,7 +133,7 @@ Default configuration file .PP - \fBpam_time\fR(8), + \fBaccess.conf\fR(5), \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHORS" .PP - pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_access/pam_access.8.xml -=================================================================== ---- pam.orig/modules/pam_access/pam_access.8.xml -+++ pam/modules/pam_access/pam_access.8.xml -@@ -246,7 +246,7 @@ + The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&. +diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml +index 010e749..cc01d5c 100644 +--- a/modules/pam_access/pam_access.8.xml ++++ b/modules/pam_access/pam_access.8.xml +@@ -270,7 +270,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -215,24 +978,24 @@ Index: pam/modules/pam_access/pam_access.8.xml </citerefentry>. </para> </refsect1> -Index: pam/modules/pam_access/pam_access.8 -=================================================================== ---- pam.orig/modules/pam_access/pam_access.8 -+++ pam/modules/pam_access/pam_access.8 -@@ -133,7 +133,7 @@ +diff --git a/modules/pam_debug/pam_debug.8 b/modules/pam_debug/pam_debug.8 +index b1a6de7..2b2dee3 100644 +--- a/modules/pam_debug/pam_debug.8 ++++ b/modules/pam_debug/pam_debug.8 +@@ -138,7 +138,7 @@ auth sufficient pam_debug\&.so auth=success cred=success .PP - \fBaccess.conf\fR(5), + \fBpam.conf\fR(5), \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" .PP - The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&. -Index: pam/modules/pam_debug/pam_debug.8.xml -=================================================================== ---- pam.orig/modules/pam_debug/pam_debug.8.xml -+++ pam/modules/pam_debug/pam_debug.8.xml -@@ -216,7 +216,7 @@ + pam_debug was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml +index 1c98f17..939c19b 100644 +--- a/modules/pam_debug/pam_debug.8.xml ++++ b/modules/pam_debug/pam_debug.8.xml +@@ -213,7 +213,7 @@ auth sufficient pam_debug.so auth=success cred=success <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -241,11 +1004,11 @@ Index: pam/modules/pam_debug/pam_debug.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_debug/pam_debug.8 -=================================================================== ---- pam.orig/modules/pam_debug/pam_debug.8 -+++ pam/modules/pam_debug/pam_debug.8 -@@ -138,7 +138,7 @@ +diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8 +index 85146f1..81d5343 100644 +--- a/modules/pam_deny/pam_deny.8 ++++ b/modules/pam_deny/pam_deny.8 +@@ -96,7 +96,7 @@ other session required pam_deny\&.so .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -253,12 +1016,12 @@ Index: pam/modules/pam_debug/pam_debug.8 +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_debug was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_deny/pam_deny.8.xml -=================================================================== ---- pam.orig/modules/pam_deny/pam_deny.8.xml -+++ pam/modules/pam_deny/pam_deny.8.xml -@@ -120,7 +120,7 @@ + pam_deny was written by Andrew G\&. Morgan <morgan@kernel\&.org> +diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml +index db8fcb6..de41a59 100644 +--- a/modules/pam_deny/pam_deny.8.xml ++++ b/modules/pam_deny/pam_deny.8.xml +@@ -117,7 +117,7 @@ other session required pam_deny.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -267,24 +1030,24 @@ Index: pam/modules/pam_deny/pam_deny.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_deny/pam_deny.8 -=================================================================== ---- pam.orig/modules/pam_deny/pam_deny.8 -+++ pam/modules/pam_deny/pam_deny.8 -@@ -96,7 +96,7 @@ +diff --git a/modules/pam_echo/pam_echo.8 b/modules/pam_echo/pam_echo.8 +index c927488..5f0712b 100644 +--- a/modules/pam_echo/pam_echo.8 ++++ b/modules/pam_echo/pam_echo.8 +@@ -126,7 +126,7 @@ password required pam_unix\&.so .PP - \fBpam.conf\fR(5), + \fBpam.conf\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_deny was written by Andrew G\&. Morgan <morgan@kernel\&.org> -Index: pam/modules/pam_echo/pam_echo.8.xml -=================================================================== ---- pam.orig/modules/pam_echo/pam_echo.8.xml -+++ pam/modules/pam_echo/pam_echo.8.xml -@@ -159,7 +159,7 @@ + Thorsten Kukuk <kukuk@thkukuk\&.de> +diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml +index 07b793d..cf2d006 100644 +--- a/modules/pam_echo/pam_echo.8.xml ++++ b/modules/pam_echo/pam_echo.8.xml +@@ -156,7 +156,7 @@ password required pam_unix.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -293,24 +1056,177 @@ Index: pam/modules/pam_echo/pam_echo.8.xml </citerefentry></para> </refsect1> -Index: pam/modules/pam_echo/pam_echo.8 -=================================================================== ---- pam.orig/modules/pam_echo/pam_echo.8 -+++ pam/modules/pam_echo/pam_echo.8 -@@ -126,7 +126,7 @@ - .PP - \fBpam.conf\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - Thorsten Kukuk <kukuk@thkukuk\&.de> -Index: pam/modules/pam_env/pam_env.8.xml -=================================================================== ---- pam.orig/modules/pam_env/pam_env.8.xml -+++ pam/modules/pam_env/pam_env.8.xml -@@ -254,7 +254,7 @@ +diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8 +deleted file mode 100644 +index f4e15f3..0000000 +--- a/modules/pam_env/pam_env.8 ++++ /dev/null +@@ -1,160 +0,0 @@ +-'\" t +-.\" Title: pam_env +-.\" Author: [see the "AUTHOR" section] +-.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 +-.\" Manual: Linux-PAM Manual +-.\" Source: Linux-PAM +-.\" Language: English +-.\" +-.TH "PAM_ENV" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" +-.\" ----------------------------------------------------------------- +-.\" * Define some portability stuff +-.\" ----------------------------------------------------------------- +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" http://bugs.debian.org/507673 +-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.ie \n(.g .ds Aq \(aq +-.el .ds Aq ' +-.\" ----------------------------------------------------------------- +-.\" * set default formatting +-.\" ----------------------------------------------------------------- +-.\" disable hyphenation +-.nh +-.\" disable justification (adjust text to left margin only) +-.ad l +-.\" ----------------------------------------------------------------- +-.\" * MAIN CONTENT STARTS HERE * +-.\" ----------------------------------------------------------------- +-.SH "NAME" +-pam_env \- PAM module to set/unset environment variables +-.SH "SYNOPSIS" +-.HP \w'\fBpam_env\&.so\fR\ 'u +-\fBpam_env\&.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR] [user_envfile=\fIenv\-file\fR] [user_readenv=\fI0|1\fR] +-.SH "DESCRIPTION" +-.PP +-The pam_env PAM module allows the (un)setting of environment variables\&. Supported is the use of previously set environment variables as well as +-\fIPAM_ITEM\fRs such as +-\fIPAM_RHOST\fR\&. +-.PP +-By default rules for (un)setting of variables are taken from the config file +-/etc/security/pam_env\&.conf\&. An alternate file can be specified with the +-\fIconffile\fR +-option\&. +-.PP +-Second a file (/etc/environment +-by default) with simple +-\fIKEY=VAL\fR +-pairs on separate lines will be read\&. With the +-\fIenvfile\fR +-option an alternate file can be specified\&. And with the +-\fIreadenv\fR +-option this can be completely disabled\&. +-.PP +-Third it will read a user configuration file ($HOME/\&.pam_environment +-by default)\&. The default file can be changed with the +-\fIuser_envfile\fR +-option and it can be turned on and off with the +-\fIuser_readenv\fR +-option\&. +-.PP +-Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack\&. +-.SH "OPTIONS" +-.PP +-conffile=/path/to/pam_env\&.conf +-.RS 4 +-Indicate an alternative +-pam_env\&.conf +-style configuration file to override the default\&. This can be useful when different services need different environments\&. +-.RE +-.PP +-debug +-.RS 4 +-A lot of debug information is printed with +-\fBsyslog\fR(3)\&. +-.RE +-.PP +-envfile=/path/to/environment +-.RS 4 +-Indicate an alternative +-environment +-file to override the default\&. The syntax are simple +-\fIKEY=VAL\fR +-pairs on separate lines\&. The +-\fIexport\fR +-instruction can be specified for bash compatibility, but will be ignored\&. This can be useful when different services need different environments\&. +-.RE +-.PP +-readenv=0|1 +-.RS 4 +-Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\&. By default this option is on\&. +-.RE +-.PP +-user_envfile=filename +-.RS 4 +-Indicate an alternative +-\&.pam_environment +-file to override the default\&.The syntax is the same as for +-\fI/etc/security/pam_env\&.conf\fR\&. The filename is relative to the user home directory\&. This can be useful when different services need different environments\&. +-.RE +-.PP +-user_readenv=0|1 +-.RS 4 +-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off as user supplied environment variables in the PAM environment could affect behavior of subsequent modules in the stack without the consent of the system administrator\&. +-.sp +-Due to problematic security this functionality is deprecated since the 1\&.5\&.0 version and will be removed completely at some point in the future\&. +-.RE +-.SH "MODULE TYPES PROVIDED" +-.PP +-The +-\fBauth\fR +-and +-\fBsession\fR +-module types are provided\&. +-.SH "RETURN VALUES" +-.PP +-PAM_ABORT +-.RS 4 +-Not all relevant data or options could be gotten\&. +-.RE +-.PP +-PAM_BUF_ERR +-.RS 4 +-Memory buffer error\&. +-.RE +-.PP +-PAM_IGNORE +-.RS 4 +-No pam_env\&.conf and environment file was found\&. +-.RE +-.PP +-PAM_SUCCESS +-.RS 4 +-Environment variables were set\&. +-.RE +-.SH "FILES" +-.PP +-/etc/security/pam_env\&.conf +-.RS 4 +-Default configuration file +-.RE +-.PP +-/etc/environment +-.RS 4 +-Default environment file +-.RE +-.PP +-$HOME/\&.pam_environment +-.RS 4 +-User specific environment file +-.RE +-.SH "SEE ALSO" +-.PP +-\fBpam_env.conf\fR(5), +-\fBpam.d\fR(5), +-\fBpam\fR(8), +-\fBenviron\fR(7)\&. +-.SH "AUTHOR" +-.PP +-pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&. +diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml +index fb172e1..a720d37 100644 +--- a/modules/pam_env/pam_env.8.xml ++++ b/modules/pam_env/pam_env.8.xml +@@ -295,7 +295,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -319,24 +1235,37 @@ Index: pam/modules/pam_env/pam_env.8.xml </citerefentry>, <citerefentry> <refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum> -Index: pam/modules/pam_exec/pam_exec.8.xml -=================================================================== ---- pam.orig/modules/pam_exec/pam_exec.8.xml -+++ pam/modules/pam_exec/pam_exec.8.xml -@@ -303,7 +303,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> +diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5 +index 90de5ea..9d9af67 100644 +--- a/modules/pam_env/pam_env.conf.5 ++++ b/modules/pam_env/pam_env.conf.5 +@@ -125,7 +125,7 @@ Silly examples of escaped variables, just to show how they work\&. + .PP + \fBpam_env\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBenviron\fR(7) + .SH "AUTHOR" + .PP +diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml +index 81fc961..38bc5fd 100644 +--- a/modules/pam_env/pam_env.conf.5.xml ++++ b/modules/pam_env/pam_env.conf.5.xml +@@ -135,7 +135,7 @@ + <para> + <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> </para> </refsect1> -Index: pam/modules/pam_exec/pam_exec.8 -=================================================================== ---- pam.orig/modules/pam_exec/pam_exec.8 -+++ pam/modules/pam_exec/pam_exec.8 -@@ -182,7 +182,7 @@ +diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8 +index 4c7023d..bfa49f8 100644 +--- a/modules/pam_exec/pam_exec.8 ++++ b/modules/pam_exec/pam_exec.8 +@@ -182,7 +182,7 @@ with effective user ID\&. .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -345,11 +1274,11 @@ Index: pam/modules/pam_exec/pam_exec.8 .SH "AUTHOR" .PP pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de> and Josh Triplett <josh@joshtriplett\&.org>\&. -Index: pam/modules/pam_faildelay/pam_faildelay.8.xml -=================================================================== ---- pam.orig/modules/pam_faildelay/pam_faildelay.8.xml -+++ pam/modules/pam_faildelay/pam_faildelay.8.xml -@@ -121,7 +121,7 @@ +diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml +index 13abe6e..2eedb28 100644 +--- a/modules/pam_exec/pam_exec.8.xml ++++ b/modules/pam_exec/pam_exec.8.xml +@@ -300,7 +300,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -358,11 +1287,11 @@ Index: pam/modules/pam_faildelay/pam_faildelay.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_faildelay/pam_faildelay.8 -=================================================================== ---- pam.orig/modules/pam_faildelay/pam_faildelay.8 -+++ pam/modules/pam_faildelay/pam_faildelay.8 -@@ -87,7 +87,7 @@ +diff --git a/modules/pam_faildelay/pam_faildelay.8 b/modules/pam_faildelay/pam_faildelay.8 +index 9d1d475..0e798cd 100644 +--- a/modules/pam_faildelay/pam_faildelay.8 ++++ b/modules/pam_faildelay/pam_faildelay.8 +@@ -87,7 +87,7 @@ auth optional pam_faildelay\&.so delay=10000000 \fBpam_fail_delay\fR(3), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -371,11 +1300,11 @@ Index: pam/modules/pam_faildelay/pam_faildelay.8 .SH "AUTHOR" .PP pam_faildelay was written by Darren Tucker <dtucker@zip\&.com\&.au>\&. -Index: pam/modules/pam_filter/pam_filter.8.xml -=================================================================== ---- pam.orig/modules/pam_filter/pam_filter.8.xml -+++ pam/modules/pam_filter/pam_filter.8.xml -@@ -246,7 +246,7 @@ +diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml +index c31b507..49ec46f 100644 +--- a/modules/pam_faildelay/pam_faildelay.8.xml ++++ b/modules/pam_faildelay/pam_faildelay.8.xml +@@ -118,7 +118,7 @@ auth optional pam_faildelay.so delay=10000000 <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -384,11 +1313,11 @@ Index: pam/modules/pam_filter/pam_filter.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_filter/pam_filter.8 -=================================================================== ---- pam.orig/modules/pam_filter/pam_filter.8 -+++ pam/modules/pam_filter/pam_filter.8 -@@ -166,7 +166,7 @@ +diff --git a/modules/pam_filter/pam_filter.8 b/modules/pam_filter/pam_filter.8 +index 7a0735b..c9b2ee7 100644 +--- a/modules/pam_filter/pam_filter.8 ++++ b/modules/pam_filter/pam_filter.8 +@@ -166,7 +166,7 @@ to see how to configure login to transpose upper and lower case letters once the .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -397,11 +1326,11 @@ Index: pam/modules/pam_filter/pam_filter.8 .SH "AUTHOR" .PP pam_filter was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_ftp/pam_ftp.8.xml -=================================================================== ---- pam.orig/modules/pam_ftp/pam_ftp.8.xml -+++ pam/modules/pam_ftp/pam_ftp.8.xml -@@ -168,7 +168,7 @@ +diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml +index 8015f41..0b85e82 100644 +--- a/modules/pam_filter/pam_filter.8.xml ++++ b/modules/pam_filter/pam_filter.8.xml +@@ -243,7 +243,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -410,11 +1339,11 @@ Index: pam/modules/pam_ftp/pam_ftp.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_ftp/pam_ftp.8 -=================================================================== ---- pam.orig/modules/pam_ftp/pam_ftp.8 -+++ pam/modules/pam_ftp/pam_ftp.8 -@@ -119,7 +119,7 @@ +diff --git a/modules/pam_ftp/pam_ftp.8 b/modules/pam_ftp/pam_ftp.8 +index e15dda7..c705ea1 100644 +--- a/modules/pam_ftp/pam_ftp.8 ++++ b/modules/pam_ftp/pam_ftp.8 +@@ -119,7 +119,7 @@ auth required pam_listfile\&.so \e .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -423,24 +1352,50 @@ Index: pam/modules/pam_ftp/pam_ftp.8 .SH "AUTHOR" .PP pam_ftp was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_group/pam_group.8.xml -=================================================================== ---- pam.orig/modules/pam_group/pam_group.8.xml -+++ pam/modules/pam_group/pam_group.8.xml -@@ -148,7 +148,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml +index 03f3678..90079d3 100644 +--- a/modules/pam_ftp/pam_ftp.8.xml ++++ b/modules/pam_ftp/pam_ftp.8.xml +@@ -165,7 +165,7 @@ auth required pam_listfile.so \ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> </refsect1> -Index: pam/modules/pam_group/pam_group.8 -=================================================================== ---- pam.orig/modules/pam_group/pam_group.8 -+++ pam/modules/pam_group/pam_group.8 -@@ -103,7 +103,7 @@ +diff --git a/modules/pam_group/group.conf.5 b/modules/pam_group/group.conf.5 +index 96009fe..96bb061 100644 +--- a/modules/pam_group/group.conf.5 ++++ b/modules/pam_group/group.conf.5 +@@ -115,7 +115,7 @@ xsh; tty* ;%admin;Al0000\-2400;plugdev + .PP + \fBpam_group\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml +index a8875b3..8d5b2d4 100644 +--- a/modules/pam_group/group.conf.5.xml ++++ b/modules/pam_group/group.conf.5.xml +@@ -131,7 +131,7 @@ xsh; tty* ;%admin;Al0000-2400;plugdev + <para> + <citerefentry><refentrytitle>pam_group</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + </para> + </refsect1> + +diff --git a/modules/pam_group/pam_group.8 b/modules/pam_group/pam_group.8 +index 959c749..1553f20 100644 +--- a/modules/pam_group/pam_group.8 ++++ b/modules/pam_group/pam_group.8 +@@ -103,7 +103,7 @@ Default configuration file .PP \fBgroup.conf\fR(5), \fBpam.d\fR(5), @@ -449,24 +1404,24 @@ Index: pam/modules/pam_group/pam_group.8 .SH "AUTHORS" .PP pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_issue/pam_issue.8.xml -=================================================================== ---- pam.orig/modules/pam_issue/pam_issue.8.xml -+++ pam/modules/pam_issue/pam_issue.8.xml -@@ -219,7 +219,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml +index 695a7ba..292ee1c 100644 +--- a/modules/pam_group/pam_group.8.xml ++++ b/modules/pam_group/pam_group.8.xml +@@ -149,7 +149,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. </para> </refsect1> -Index: pam/modules/pam_issue/pam_issue.8 -=================================================================== ---- pam.orig/modules/pam_issue/pam_issue.8 -+++ pam/modules/pam_issue/pam_issue.8 -@@ -152,7 +152,7 @@ +diff --git a/modules/pam_issue/pam_issue.8 b/modules/pam_issue/pam_issue.8 +index fdeed52..745cc42 100644 +--- a/modules/pam_issue/pam_issue.8 ++++ b/modules/pam_issue/pam_issue.8 +@@ -152,7 +152,7 @@ to set the user specific issue at login: .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -475,24 +1430,24 @@ Index: pam/modules/pam_issue/pam_issue.8 .SH "AUTHOR" .PP pam_issue was written by Ben Collins <bcollins@debian\&.org>\&. -Index: pam/modules/pam_keyinit/pam_keyinit.8.xml -=================================================================== ---- pam.orig/modules/pam_keyinit/pam_keyinit.8.xml -+++ pam/modules/pam_keyinit/pam_keyinit.8.xml -@@ -232,7 +232,7 @@ +diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml +index 20d3245..02b31f6 100644 +--- a/modules/pam_issue/pam_issue.8.xml ++++ b/modules/pam_issue/pam_issue.8.xml +@@ -216,7 +216,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum> -Index: pam/modules/pam_keyinit/pam_keyinit.8 -=================================================================== ---- pam.orig/modules/pam_keyinit/pam_keyinit.8 -+++ pam/modules/pam_keyinit/pam_keyinit.8 -@@ -137,7 +137,7 @@ + </citerefentry> + </para> + </refsect1> +diff --git a/modules/pam_keyinit/pam_keyinit.8 b/modules/pam_keyinit/pam_keyinit.8 +index 5d7b3e4..50e4fe6 100644 +--- a/modules/pam_keyinit/pam_keyinit.8 ++++ b/modules/pam_keyinit/pam_keyinit.8 +@@ -137,7 +137,7 @@ This will prevent keys from one session leaking into another session for the sam .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -501,24 +1456,24 @@ Index: pam/modules/pam_keyinit/pam_keyinit.8 \fBkeyctl\fR(1) .SH "AUTHOR" .PP -Index: pam/modules/pam_lastlog/pam_lastlog.8.xml -=================================================================== ---- pam.orig/modules/pam_lastlog/pam_lastlog.8.xml -+++ pam/modules/pam_lastlog/pam_lastlog.8.xml -@@ -325,7 +325,7 @@ +diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml +index 7b0a73b..0bab086 100644 +--- a/modules/pam_keyinit/pam_keyinit.8.xml ++++ b/modules/pam_keyinit/pam_keyinit.8.xml +@@ -229,7 +229,7 @@ session required pam_keyinit.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_lastlog/pam_lastlog.8 -=================================================================== ---- pam.orig/modules/pam_lastlog/pam_lastlog.8 -+++ pam/modules/pam_lastlog/pam_lastlog.8 -@@ -189,7 +189,7 @@ + </citerefentry>, + <citerefentry> + <refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum> +diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8 +index 3a85ede..3c161ff 100644 +--- a/modules/pam_lastlog/pam_lastlog.8 ++++ b/modules/pam_lastlog/pam_lastlog.8 +@@ -189,7 +189,7 @@ Lastlog logging file \fBlimits.conf\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -527,24 +1482,50 @@ Index: pam/modules/pam_lastlog/pam_lastlog.8 .SH "AUTHOR" .PP pam_lastlog was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_limits/pam_limits.8.xml -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.8.xml -+++ pam/modules/pam_limits/pam_limits.8.xml -@@ -243,7 +243,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml +index 1fd9d9d..7c15b93 100644 +--- a/modules/pam_lastlog/pam_lastlog.8.xml ++++ b/modules/pam_lastlog/pam_lastlog.8.xml +@@ -322,7 +322,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> </refsect1> -Index: pam/modules/pam_limits/pam_limits.8 -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.8 -+++ pam/modules/pam_limits/pam_limits.8 -@@ -146,7 +146,7 @@ +diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5 +index ce0ca35..c9c4187 100644 +--- a/modules/pam_limits/limits.conf.5 ++++ b/modules/pam_limits/limits.conf.5 +@@ -351,7 +351,7 @@ ftp hard nproc 0 + .PP + \fBpam_limits\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBgetrlimit\fR(2), + \fBgetrlimit\fR(3p) + .SH "AUTHOR" +diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml +index f6f7d87..d389335 100644 +--- a/modules/pam_limits/limits.conf.5.xml ++++ b/modules/pam_limits/limits.conf.5.xml +@@ -350,7 +350,7 @@ ftp hard nproc 0 + <para> + <citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>, + <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>3p</manvolnum></citerefentry> + </para> +diff --git a/modules/pam_limits/pam_limits.8 b/modules/pam_limits/pam_limits.8 +index a3d15f2..f971b64 100644 +--- a/modules/pam_limits/pam_limits.8 ++++ b/modules/pam_limits/pam_limits.8 +@@ -146,7 +146,7 @@ Replace "login" for each service you are using this module\&. .PP \fBlimits.conf\fR(5), \fBpam.d\fR(5), @@ -553,24 +1534,24 @@ Index: pam/modules/pam_limits/pam_limits.8 .SH "AUTHORS" .PP pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com> -Index: pam/modules/pam_listfile/pam_listfile.8.xml -=================================================================== ---- pam.orig/modules/pam_listfile/pam_listfile.8.xml -+++ pam/modules/pam_listfile/pam_listfile.8.xml -@@ -281,7 +281,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml +index cca046c..8f026f0 100644 +--- a/modules/pam_limits/pam_limits.8.xml ++++ b/modules/pam_limits/pam_limits.8.xml +@@ -264,7 +264,7 @@ session required pam_limits.so + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. </para> </refsect1> -Index: pam/modules/pam_listfile/pam_listfile.8 -=================================================================== ---- pam.orig/modules/pam_listfile/pam_listfile.8 -+++ pam/modules/pam_listfile/pam_listfile.8 -@@ -205,7 +205,7 @@ +diff --git a/modules/pam_listfile/pam_listfile.8 b/modules/pam_listfile/pam_listfile.8 +index 5052664..a23e6e5 100644 +--- a/modules/pam_listfile/pam_listfile.8 ++++ b/modules/pam_listfile/pam_listfile.8 +@@ -205,7 +205,7 @@ to the root account\&. .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -579,11 +1560,11 @@ Index: pam/modules/pam_listfile/pam_listfile.8 .SH "AUTHOR" .PP pam_listfile was written by Michael K\&. Johnson <johnsonm@redhat\&.com> and Elliot Lee <sopwith@cuc\&.edu>\&. -Index: pam/modules/pam_localuser/pam_localuser.8.xml -=================================================================== ---- pam.orig/modules/pam_localuser/pam_localuser.8.xml -+++ pam/modules/pam_localuser/pam_localuser.8.xml -@@ -187,7 +187,7 @@ +diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml +index 8847415..af747c1 100644 +--- a/modules/pam_listfile/pam_listfile.8.xml ++++ b/modules/pam_listfile/pam_listfile.8.xml +@@ -278,7 +278,7 @@ auth required pam_listfile.so \ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -592,11 +1573,11 @@ Index: pam/modules/pam_localuser/pam_localuser.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_localuser/pam_localuser.8 -=================================================================== ---- pam.orig/modules/pam_localuser/pam_localuser.8 -+++ pam/modules/pam_localuser/pam_localuser.8 -@@ -117,7 +117,7 @@ +diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8 +index 455fdb2..f4f2b29 100644 +--- a/modules/pam_localuser/pam_localuser.8 ++++ b/modules/pam_localuser/pam_localuser.8 +@@ -117,7 +117,7 @@ Local user account information\&. .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -605,24 +1586,24 @@ Index: pam/modules/pam_localuser/pam_localuser.8 .SH "AUTHOR" .PP pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&. -Index: pam/modules/pam_loginuid/pam_loginuid.8.xml -=================================================================== ---- pam.orig/modules/pam_loginuid/pam_loginuid.8.xml -+++ pam/modules/pam_loginuid/pam_loginuid.8.xml -@@ -121,7 +121,7 @@ +diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml +index 2002d1d..e4b9e07 100644 +--- a/modules/pam_localuser/pam_localuser.8.xml ++++ b/modules/pam_localuser/pam_localuser.8.xml +@@ -184,7 +184,7 @@ account required pam_wheel.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum> -Index: pam/modules/pam_loginuid/pam_loginuid.8 -=================================================================== ---- pam.orig/modules/pam_loginuid/pam_loginuid.8 -+++ pam/modules/pam_loginuid/pam_loginuid.8 -@@ -85,7 +85,7 @@ + </citerefentry> + </para> + </refsect1> +diff --git a/modules/pam_loginuid/pam_loginuid.8 b/modules/pam_loginuid/pam_loginuid.8 +index 32f1b54..70669a2 100644 +--- a/modules/pam_loginuid/pam_loginuid.8 ++++ b/modules/pam_loginuid/pam_loginuid.8 +@@ -85,7 +85,7 @@ session required pam_loginuid\&.so .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -631,24 +1612,24 @@ Index: pam/modules/pam_loginuid/pam_loginuid.8 \fBauditctl\fR(8), \fBauditd\fR(8) .SH "AUTHOR" -Index: pam/modules/pam_mail/pam_mail.8.xml -=================================================================== ---- pam.orig/modules/pam_mail/pam_mail.8.xml -+++ pam/modules/pam_mail/pam_mail.8.xml -@@ -265,7 +265,7 @@ +diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml +index d5285f0..1beba98 100644 +--- a/modules/pam_loginuid/pam_loginuid.8.xml ++++ b/modules/pam_loginuid/pam_loginuid.8.xml +@@ -118,7 +118,7 @@ session required pam_loginuid.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_mail/pam_mail.8 -=================================================================== ---- pam.orig/modules/pam_mail/pam_mail.8 -+++ pam/modules/pam_mail/pam_mail.8 -@@ -153,7 +153,7 @@ + </citerefentry>, + <citerefentry> + <refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum> +diff --git a/modules/pam_mail/pam_mail.8 b/modules/pam_mail/pam_mail.8 +index 36b95ba..ae4b890 100644 +--- a/modules/pam_mail/pam_mail.8 ++++ b/modules/pam_mail/pam_mail.8 +@@ -153,7 +153,7 @@ session optional pam_mail\&.so standard .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -657,24 +1638,24 @@ Index: pam/modules/pam_mail/pam_mail.8 .SH "AUTHOR" .PP pam_mail was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml -=================================================================== ---- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml -+++ pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml -@@ -205,7 +205,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_mail/pam_mail.8.xml b/modules/pam_mail/pam_mail.8.xml +index 2c0c054..9b4ce36 100644 +--- a/modules/pam_mail/pam_mail.8.xml ++++ b/modules/pam_mail/pam_mail.8.xml +@@ -262,7 +262,7 @@ session optional pam_mail.so standard + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> </refsect1> -Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8 -=================================================================== ---- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8 -+++ pam/modules/pam_mkhomedir/pam_mkhomedir.8 -@@ -129,7 +129,7 @@ +diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8 b/modules/pam_mkhomedir/pam_mkhomedir.8 +index 112b39b..6962971 100644 +--- a/modules/pam_mkhomedir/pam_mkhomedir.8 ++++ b/modules/pam_mkhomedir/pam_mkhomedir.8 +@@ -129,7 +129,7 @@ A sample /etc/pam\&.d/login file: .SH "SEE ALSO" .PP \fBpam.d\fR(5), @@ -683,24 +1664,24 @@ Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8 .SH "AUTHOR" .PP pam_mkhomedir was written by Jason Gunthorpe <jgg@debian\&.org>\&. -Index: pam/modules/pam_motd/pam_motd.8.xml -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.8.xml -+++ pam/modules/pam_motd/pam_motd.8.xml -@@ -196,7 +196,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml +index ad95724..25f5497 100644 +--- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml ++++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml +@@ -202,7 +202,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. </para> </refsect1> -Index: pam/modules/pam_motd/pam_motd.8 -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.8 -+++ pam/modules/pam_motd/pam_motd.8 -@@ -185,7 +185,7 @@ +diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8 +index b1a70c0..3f65bb5 100644 +--- a/modules/pam_motd/pam_motd.8 ++++ b/modules/pam_motd/pam_motd.8 +@@ -185,7 +185,7 @@ session optional pam_motd\&.so motd=/elsewhere/motd motd_dir=/elsewhere/motd\& \fBmotd\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -709,24 +1690,50 @@ Index: pam/modules/pam_motd/pam_motd.8 .SH "AUTHOR" .PP pam_motd was written by Ben Collins <bcollins@debian\&.org>\&. -Index: pam/modules/pam_namespace/pam_namespace.8.xml -=================================================================== ---- pam.orig/modules/pam_namespace/pam_namespace.8.xml -+++ pam/modules/pam_namespace/pam_namespace.8.xml -@@ -362,7 +362,7 @@ - <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum> +diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml +index 7442037..2fc5310 100644 +--- a/modules/pam_motd/pam_motd.8.xml ++++ b/modules/pam_motd/pam_motd.8.xml +@@ -193,7 +193,7 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> </para> </refsect1> -Index: pam/modules/pam_namespace/pam_namespace.8 -=================================================================== ---- pam.orig/modules/pam_namespace/pam_namespace.8 -+++ pam/modules/pam_namespace/pam_namespace.8 -@@ -148,7 +148,7 @@ +diff --git a/modules/pam_namespace/namespace.conf.5 b/modules/pam_namespace/namespace.conf.5 +index cf2509c..e4e8cfd 100644 +--- a/modules/pam_namespace/namespace.conf.5 ++++ b/modules/pam_namespace/namespace.conf.5 +@@ -162,7 +162,7 @@ This module also depends on pam_selinux\&.so setting the context\&. + .PP + \fBpam_namespace\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHORS" + .PP + The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&. More features added by Tomas Mraz <tmraz@redhat\&.com>\&. +diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml +index d398639..dcf6973 100644 +--- a/modules/pam_namespace/namespace.conf.5.xml ++++ b/modules/pam_namespace/namespace.conf.5.xml +@@ -222,7 +222,7 @@ + <para> + <citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + </para> + </refsect1> + +diff --git a/modules/pam_namespace/pam_namespace.8 b/modules/pam_namespace/pam_namespace.8 +index 3c9e9b3..d69f9fd 100644 +--- a/modules/pam_namespace/pam_namespace.8 ++++ b/modules/pam_namespace/pam_namespace.8 +@@ -148,7 +148,7 @@ To use polyinstantiation with graphical display manager gdm, please refer to gdm \fBnamespace.conf\fR(5), \fBpam.d\fR(5), \fBmount\fR(8), @@ -735,24 +1742,24 @@ Index: pam/modules/pam_namespace/pam_namespace.8 .SH "AUTHORS" .PP The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai <janak@us\&.ibm\&.com>, Chad Sellers <csellers@tresys\&.com> and Steve Grubb <sgrubb@redhat\&.com>\&. Additional improvements by Xavier Toth <txtoth@gmail\&.com> and Tomas Mraz <tmraz@redhat\&.com>\&. -Index: pam/modules/pam_nologin/pam_nologin.8.xml -=================================================================== ---- pam.orig/modules/pam_nologin/pam_nologin.8.xml -+++ pam/modules/pam_nologin/pam_nologin.8.xml -@@ -160,7 +160,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml +index 598037a..954093d 100644 +--- a/modules/pam_namespace/pam_namespace.8.xml ++++ b/modules/pam_namespace/pam_namespace.8.xml +@@ -389,7 +389,7 @@ + <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. </para> </refsect1> -Index: pam/modules/pam_nologin/pam_nologin.8 -=================================================================== ---- pam.orig/modules/pam_nologin/pam_nologin.8 -+++ pam/modules/pam_nologin/pam_nologin.8 -@@ -124,7 +124,7 @@ +diff --git a/modules/pam_nologin/pam_nologin.8 b/modules/pam_nologin/pam_nologin.8 +index ceb0237..c5df1b7 100644 +--- a/modules/pam_nologin/pam_nologin.8 ++++ b/modules/pam_nologin/pam_nologin.8 +@@ -124,7 +124,7 @@ modules would lead to a successful login because the nologin module \fBnologin\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -761,11 +1768,11 @@ Index: pam/modules/pam_nologin/pam_nologin.8 .SH "AUTHOR" .PP pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. -Index: pam/modules/pam_permit/pam_permit.8.xml -=================================================================== ---- pam.orig/modules/pam_permit/pam_permit.8.xml -+++ pam/modules/pam_permit/pam_permit.8.xml -@@ -91,7 +91,7 @@ +diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml +index 1ea725c..1cc721a 100644 +--- a/modules/pam_nologin/pam_nologin.8.xml ++++ b/modules/pam_nologin/pam_nologin.8.xml +@@ -157,7 +157,7 @@ auth required pam_nologin.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -774,11 +1781,11 @@ Index: pam/modules/pam_permit/pam_permit.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_permit/pam_permit.8 -=================================================================== ---- pam.orig/modules/pam_permit/pam_permit.8 -+++ pam/modules/pam_permit/pam_permit.8 -@@ -78,7 +78,7 @@ +diff --git a/modules/pam_permit/pam_permit.8 b/modules/pam_permit/pam_permit.8 +index 5b1881f..5432b75 100644 +--- a/modules/pam_permit/pam_permit.8 ++++ b/modules/pam_permit/pam_permit.8 +@@ -78,7 +78,7 @@ account required pam_permit\&.so .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -787,11 +1794,11 @@ Index: pam/modules/pam_permit/pam_permit.8 .SH "AUTHOR" .PP pam_permit was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. -Index: pam/modules/pam_rhosts/pam_rhosts.8.xml -=================================================================== ---- pam.orig/modules/pam_rhosts/pam_rhosts.8.xml -+++ pam/modules/pam_rhosts/pam_rhosts.8.xml -@@ -156,7 +156,7 @@ +diff --git a/modules/pam_permit/pam_permit.8.xml b/modules/pam_permit/pam_permit.8.xml +index 0634e5e..9e6c7d0 100644 +--- a/modules/pam_permit/pam_permit.8.xml ++++ b/modules/pam_permit/pam_permit.8.xml +@@ -88,7 +88,7 @@ account required pam_permit.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -800,11 +1807,37 @@ Index: pam/modules/pam_rhosts/pam_rhosts.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_rhosts/pam_rhosts.8 -=================================================================== ---- pam.orig/modules/pam_rhosts/pam_rhosts.8 -+++ pam/modules/pam_rhosts/pam_rhosts.8 -@@ -122,7 +122,7 @@ +diff --git a/modules/pam_pwhistory/pam_pwhistory.8 b/modules/pam_pwhistory/pam_pwhistory.8 +index df95ee3..e430bcd 100644 +--- a/modules/pam_pwhistory/pam_pwhistory.8 ++++ b/modules/pam_pwhistory/pam_pwhistory.8 +@@ -179,7 +179,7 @@ Config file for pam_pwhistory options + \fBpwhistory.conf\fR(5), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + \fBpam_get_authtok\fR(3) + .SH "AUTHOR" + .PP +diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml +index d83d8d9..a5185fc 100644 +--- a/modules/pam_pwhistory/pam_pwhistory.8.xml ++++ b/modules/pam_pwhistory/pam_pwhistory.8.xml +@@ -282,7 +282,7 @@ password required pam_unix.so use_authtok + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + <citerefentry> + <refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum> +diff --git a/modules/pam_rhosts/pam_rhosts.8 b/modules/pam_rhosts/pam_rhosts.8 +index 36077de..327ad22 100644 +--- a/modules/pam_rhosts/pam_rhosts.8 ++++ b/modules/pam_rhosts/pam_rhosts.8 +@@ -122,7 +122,7 @@ auth required pam_unix\&.so \fBrhosts\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -813,11 +1846,11 @@ Index: pam/modules/pam_rhosts/pam_rhosts.8 .SH "AUTHOR" .PP pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\&.de> -Index: pam/modules/pam_rootok/pam_rootok.8.xml -=================================================================== ---- pam.orig/modules/pam_rootok/pam_rootok.8.xml -+++ pam/modules/pam_rootok/pam_rootok.8.xml -@@ -116,7 +116,7 @@ +diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml +index b8a5c1c..41d541c 100644 +--- a/modules/pam_rhosts/pam_rhosts.8.xml ++++ b/modules/pam_rhosts/pam_rhosts.8.xml +@@ -153,7 +153,7 @@ auth required pam_unix.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -826,11 +1859,11 @@ Index: pam/modules/pam_rootok/pam_rootok.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_rootok/pam_rootok.8 -=================================================================== ---- pam.orig/modules/pam_rootok/pam_rootok.8 -+++ pam/modules/pam_rootok/pam_rootok.8 -@@ -100,7 +100,7 @@ +diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8 +index 5fc021f..984cadd 100644 +--- a/modules/pam_rootok/pam_rootok.8 ++++ b/modules/pam_rootok/pam_rootok.8 +@@ -100,7 +100,7 @@ auth required pam_unix\&.so \fBsu\fR(1), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -839,11 +1872,11 @@ Index: pam/modules/pam_rootok/pam_rootok.8 .SH "AUTHOR" .PP pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. -Index: pam/modules/pam_securetty/pam_securetty.8.xml -=================================================================== ---- pam.orig/modules/pam_securetty/pam_securetty.8.xml -+++ pam/modules/pam_securetty/pam_securetty.8.xml -@@ -187,7 +187,7 @@ +diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml +index a79c073..f30ad37 100644 +--- a/modules/pam_rootok/pam_rootok.8.xml ++++ b/modules/pam_rootok/pam_rootok.8.xml +@@ -113,7 +113,7 @@ auth required pam_unix.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -852,11 +1885,11 @@ Index: pam/modules/pam_securetty/pam_securetty.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_securetty/pam_securetty.8 -=================================================================== ---- pam.orig/modules/pam_securetty/pam_securetty.8 -+++ pam/modules/pam_securetty/pam_securetty.8 -@@ -134,7 +134,7 @@ +diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8 +index ca90438..95804fb 100644 +--- a/modules/pam_securetty/pam_securetty.8 ++++ b/modules/pam_securetty/pam_securetty.8 +@@ -134,7 +134,7 @@ auth required pam_unix\&.so \fBsecuretty\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -865,59 +1898,194 @@ Index: pam/modules/pam_securetty/pam_securetty.8 .SH "AUTHOR" .PP pam_securetty was written by Elliot Lee <sopwith@cuc\&.edu>\&. -Index: pam/modules/pam_selinux/pam_selinux.8.xml -=================================================================== ---- pam.orig/modules/pam_selinux/pam_selinux.8.xml -+++ pam/modules/pam_selinux/pam_selinux.8.xml -@@ -258,7 +258,7 @@ +diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml +index 9038f5b..fcf0e88 100644 +--- a/modules/pam_securetty/pam_securetty.8.xml ++++ b/modules/pam_securetty/pam_securetty.8.xml +@@ -184,7 +184,7 @@ auth required pam_unix.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> -Index: pam/modules/pam_selinux/pam_selinux.8 -=================================================================== ---- pam.orig/modules/pam_selinux/pam_selinux.8 -+++ pam/modules/pam_selinux/pam_selinux.8 -@@ -7,7 +7,7 @@ - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SELINUX" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "7" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -144,7 +144,7 @@ - \fBexecve\fR(2), - \fBtty\fR(4), - \fBpam.d\fR(5), + </citerefentry> + </para> + </refsect1> +diff --git a/modules/pam_selinux/pam_selinux.8 b/modules/pam_selinux/pam_selinux.8 +deleted file mode 100644 +index 260bc47..0000000 +--- a/modules/pam_selinux/pam_selinux.8 ++++ /dev/null +@@ -1,151 +0,0 @@ +-'\" t +-.\" Title: pam_selinux +-.\" Author: [see the "AUTHOR" section] +-.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +-.\" Date: 05/07/2023 +-.\" Manual: Linux-PAM Manual +-.\" Source: Linux-PAM +-.\" Language: English +-.\" +-.TH "PAM_SELINUX" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" +-.\" ----------------------------------------------------------------- +-.\" * Define some portability stuff +-.\" ----------------------------------------------------------------- +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" http://bugs.debian.org/507673 +-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.ie \n(.g .ds Aq \(aq +-.el .ds Aq ' +-.\" ----------------------------------------------------------------- +-.\" * set default formatting +-.\" ----------------------------------------------------------------- +-.\" disable hyphenation +-.nh +-.\" disable justification (adjust text to left margin only) +-.ad l +-.\" ----------------------------------------------------------------- +-.\" * MAIN CONTENT STARTS HERE * +-.\" ----------------------------------------------------------------- +-.SH "NAME" +-pam_selinux \- PAM module to set the default security context +-.SH "SYNOPSIS" +-.HP \w'\fBpam_selinux\&.so\fR\ 'u +-\fBpam_selinux\&.so\fR [open] [close] [restore] [nottys] [debug] [verbose] [select_context] [env_params] [use_current_range] +-.SH "DESCRIPTION" +-.PP +-pam_selinux is a PAM module that sets up the default SELinux security context for the next executed process\&. +-.PP +-When a new session is started, the open_session part of the module computes and sets up the execution security context used for the next +-\fBexecve\fR(2) +-call, the file security context for the controlling terminal, and the security context used for creating a new kernel keyring\&. +-.PP +-When the session is ended, the close_session part of the module restores old security contexts that were in effect before the change made by the open_session part of the module\&. +-.PP +-Adding pam_selinux into the PAM stack might disrupt behavior of other PAM modules which execute applications\&. To avoid that, +-\fIpam_selinux\&.so open\fR +-should be placed after such modules in the PAM stack, and +-\fIpam_selinux\&.so close\fR +-should be placed before them\&. When such a placement is not feasible, +-\fIpam_selinux\&.so restore\fR +-could be used to temporary restore original security contexts\&. +-.SH "OPTIONS" +-.PP +-open +-.RS 4 +-Only execute the open_session part of the module\&. +-.RE +-.PP +-close +-.RS 4 +-Only execute the close_session part of the module\&. +-.RE +-.PP +-restore +-.RS 4 +-In open_session part of the module, temporarily restore the security contexts as they were before the previous call of the module\&. Another call of this module without the restore option will set up the new security contexts again\&. +-.RE +-.PP +-nottys +-.RS 4 +-Do not setup security context of the controlling terminal\&. +-.RE +-.PP +-debug +-.RS 4 +-Turn on debug messages via +-\fBsyslog\fR(3)\&. +-.RE +-.PP +-verbose +-.RS 4 +-Attempt to inform the user when security context is set\&. +-.RE +-.PP +-select_context +-.RS 4 +-Attempt to ask the user for a custom security context role\&. If MLS is on, ask also for sensitivity level\&. +-.RE +-.PP +-env_params +-.RS 4 +-Attempt to obtain a custom security context role from PAM environment\&. If MLS is on, obtain also sensitivity level\&. This option and the select_context option are mutually exclusive\&. The respective PAM environment variables are +-\fISELINUX_ROLE_REQUESTED\fR, +-\fISELINUX_LEVEL_REQUESTED\fR, and +-\fISELINUX_USE_CURRENT_RANGE\fR\&. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module\&. +-.RE +-.PP +-use_current_range +-.RS 4 +-Use the sensitivity level of the current process for the user context instead of the default level\&. Also suppresses asking of the sensitivity level from the user or obtaining it from PAM environment\&. +-.RE +-.SH "MODULE TYPES PROVIDED" +-.PP +-Only the +-\fBsession\fR +-module type is provided\&. +-.SH "RETURN VALUES" +-.PP +-PAM_SUCCESS +-.RS 4 +-The security context was set successfully\&. +-.RE +-.PP +-PAM_SESSION_ERR +-.RS 4 +-Unable to get or set a valid context\&. +-.RE +-.PP +-PAM_USER_UNKNOWN +-.RS 4 +-The user is not known to the system\&. +-.RE +-.PP +-PAM_BUF_ERR +-.RS 4 +-Memory allocation error\&. +-.RE +-.SH "EXAMPLES" +-.sp +-.if n \{\ +-.RS 4 +-.\} +-.nf +-auth required pam_unix\&.so +-session required pam_permit\&.so +-session optional pam_selinux\&.so +- +-.fi +-.if n \{\ +-.RE +-.\} +-.SH "SEE ALSO" +-.PP +-\fBexecve\fR(2), +-\fBtty\fR(4), +-\fBpam.d\fR(5), -\fBpam\fR(8), -+\fBpam\fR(7), - \fBselinux\fR(8) - .SH "AUTHOR" - .PP -Index: pam/modules/pam_sepermit/pam_sepermit.8.xml -=================================================================== ---- pam.orig/modules/pam_sepermit/pam_sepermit.8.xml -+++ pam/modules/pam_sepermit/pam_sepermit.8.xml -@@ -176,7 +176,7 @@ +-\fBselinux\fR(8) +-.SH "AUTHOR" +-.PP +-pam_selinux was written by Dan Walsh <dwalsh@redhat\&.com>\&. +diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml +index 3aa632c..7ec5daf 100644 +--- a/modules/pam_selinux/pam_selinux.8.xml ++++ b/modules/pam_selinux/pam_selinux.8.xml +@@ -255,7 +255,7 @@ session optional pam_selinux.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> + </citerefentry>, <citerefentry> <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> -Index: pam/modules/pam_sepermit/pam_sepermit.8 -=================================================================== ---- pam.orig/modules/pam_sepermit/pam_sepermit.8 -+++ pam/modules/pam_sepermit/pam_sepermit.8 -@@ -124,7 +124,7 @@ +diff --git a/modules/pam_sepermit/pam_sepermit.8 b/modules/pam_sepermit/pam_sepermit.8 +index f47f4a8..3270746 100644 +--- a/modules/pam_sepermit/pam_sepermit.8 ++++ b/modules/pam_sepermit/pam_sepermit.8 +@@ -124,7 +124,7 @@ session required pam_permit\&.so \fBsepermit.conf\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -926,24 +2094,50 @@ Index: pam/modules/pam_sepermit/pam_sepermit.8 \fBselinux\fR(8) .SH "AUTHOR" .PP -Index: pam/modules/pam_shells/pam_shells.8.xml -=================================================================== ---- pam.orig/modules/pam_shells/pam_shells.8.xml -+++ pam/modules/pam_shells/pam_shells.8.xml -@@ -102,7 +102,7 @@ +diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml +index 791d2bb..1ead429 100644 +--- a/modules/pam_sepermit/pam_sepermit.8.xml ++++ b/modules/pam_sepermit/pam_sepermit.8.xml +@@ -177,7 +177,7 @@ session required pam_permit.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> </citerefentry> + <citerefentry> + <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> +diff --git a/modules/pam_sepermit/sepermit.conf.5 b/modules/pam_sepermit/sepermit.conf.5 +index e2b1736..d2cd381 100644 +--- a/modules/pam_sepermit/sepermit.conf.5 ++++ b/modules/pam_sepermit/sepermit.conf.5 +@@ -110,7 +110,7 @@ These are some example lines which might be specified in + .PP + \fBpam_sepermit\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBselinux\fR(8), + .SH "AUTHOR" + .PP +diff --git a/modules/pam_sepermit/sepermit.conf.5.xml b/modules/pam_sepermit/sepermit.conf.5.xml +index ff924ce..1f1dcae 100644 +--- a/modules/pam_sepermit/sepermit.conf.5.xml ++++ b/modules/pam_sepermit/sepermit.conf.5.xml +@@ -93,7 +93,7 @@ + <para> + <citerefentry><refentrytitle>pam_sepermit</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <citerefentry><refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>, </para> </refsect1> -Index: pam/modules/pam_shells/pam_shells.8 -=================================================================== ---- pam.orig/modules/pam_shells/pam_shells.8 -+++ pam/modules/pam_shells/pam_shells.8 -@@ -85,7 +85,7 @@ +diff --git a/modules/pam_shells/pam_shells.8 b/modules/pam_shells/pam_shells.8 +index af3dc66..7962bad 100644 +--- a/modules/pam_shells/pam_shells.8 ++++ b/modules/pam_shells/pam_shells.8 +@@ -84,7 +84,7 @@ auth required pam_shells\&.so \fBshells\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -952,24 +2146,24 @@ Index: pam/modules/pam_shells/pam_shells.8 .SH "AUTHOR" .PP pam_shells was written by Erik Troan <ewt@redhat\&.com>\&. -Index: pam/modules/pam_succeed_if/pam_succeed_if.8.xml -=================================================================== ---- pam.orig/modules/pam_succeed_if/pam_succeed_if.8.xml -+++ pam/modules/pam_succeed_if/pam_succeed_if.8.xml -@@ -295,7 +295,7 @@ - <refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum> +diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml +index b9f90e9..bff889f 100644 +--- a/modules/pam_shells/pam_shells.8.xml ++++ b/modules/pam_shells/pam_shells.8.xml +@@ -107,7 +107,7 @@ auth required pam_shells.so + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> </citerefentry> </para> </refsect1> -Index: pam/modules/pam_succeed_if/pam_succeed_if.8 -=================================================================== ---- pam.orig/modules/pam_succeed_if/pam_succeed_if.8 -+++ pam/modules/pam_succeed_if/pam_succeed_if.8 -@@ -220,7 +220,7 @@ +diff --git a/modules/pam_succeed_if/pam_succeed_if.8 b/modules/pam_succeed_if/pam_succeed_if.8 +index e61af0c..98a9d85 100644 +--- a/modules/pam_succeed_if/pam_succeed_if.8 ++++ b/modules/pam_succeed_if/pam_succeed_if.8 +@@ -220,7 +220,7 @@ type required othermodule\&.so arguments\&.\&.\&. .SH "SEE ALSO" .PP \fBglob\fR(7), @@ -978,24 +2172,24 @@ Index: pam/modules/pam_succeed_if/pam_succeed_if.8 .SH "AUTHOR" .PP Nalin Dahyabhai <nalin@redhat\&.com> -Index: pam/modules/pam_time/pam_time.8.xml -=================================================================== ---- pam.orig/modules/pam_time/pam_time.8.xml -+++ pam/modules/pam_time/pam_time.8.xml -@@ -184,7 +184,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml +index 90fd114..b8f65e7 100644 +--- a/modules/pam_succeed_if/pam_succeed_if.8.xml ++++ b/modules/pam_succeed_if/pam_succeed_if.8.xml +@@ -291,7 +291,7 @@ type required othermodule.so arguments... + <refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. + </citerefentry> </para> </refsect1> -Index: pam/modules/pam_time/pam_time.8 -=================================================================== ---- pam.orig/modules/pam_time/pam_time.8 -+++ pam/modules/pam_time/pam_time.8 -@@ -116,7 +116,7 @@ +diff --git a/modules/pam_time/pam_time.8 b/modules/pam_time/pam_time.8 +index 48c7ffc..13a53ef 100644 +--- a/modules/pam_time/pam_time.8 ++++ b/modules/pam_time/pam_time.8 +@@ -116,7 +116,7 @@ login account required pam_time\&.so .PP \fBtime.conf\fR(5), \fBpam.d\fR(5), @@ -1004,455 +2198,63 @@ Index: pam/modules/pam_time/pam_time.8 .SH "AUTHOR" .PP pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_umask/pam_umask.8.xml -=================================================================== ---- pam.orig/modules/pam_umask/pam_umask.8.xml -+++ pam/modules/pam_umask/pam_umask.8.xml -@@ -246,7 +246,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> +diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml +index 1fa60a1..748bcd1 100644 +--- a/modules/pam_time/pam_time.8.xml ++++ b/modules/pam_time/pam_time.8.xml +@@ -186,7 +186,7 @@ login account required pam_time.so + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. </para> </refsect1> -Index: pam/modules/pam_umask/pam_umask.8 -=================================================================== ---- pam.orig/modules/pam_umask/pam_umask.8 -+++ pam/modules/pam_umask/pam_umask.8 -@@ -170,7 +170,7 @@ +diff --git a/modules/pam_time/time.conf.5 b/modules/pam_time/time.conf.5 +index c68dfa7..9064977 100644 +--- a/modules/pam_time/time.conf.5 ++++ b/modules/pam_time/time.conf.5 +@@ -109,7 +109,7 @@ games ; * ; !waster ; Wd0000\-2400 | Wk1800\-0800 .PP - \fBpam.conf\fR(5), + \fBpam_time\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&. -Index: pam/modules/pam_unix/pam_unix.8.xml -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8.xml -+++ pam/modules/pam_unix/pam_unix.8.xml -@@ -559,7 +559,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> + pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml +index 3fe263d..30c9a92 100644 +--- a/modules/pam_time/time.conf.5.xml ++++ b/modules/pam_time/time.conf.5.xml +@@ -133,7 +133,7 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 + <para> + <citerefentry><refentrytitle>pam_time</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> </para> </refsect1> -Index: pam/modules/pam_unix/pam_unix.8 -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8 -+++ pam/modules/pam_unix/pam_unix.8 -@@ -310,7 +310,7 @@ - \fBlogin.defs\fR(5), + +diff --git a/modules/pam_timestamp/pam_timestamp.8 b/modules/pam_timestamp/pam_timestamp.8 +index a7b7e1c..347724b 100644 +--- a/modules/pam_timestamp/pam_timestamp.8 ++++ b/modules/pam_timestamp/pam_timestamp.8 +@@ -124,7 +124,7 @@ timestamp files and directories + \fBpam_timestamp_check\fR(8), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_unix was written by various people\&. -Index: pam/doc/man/misc_conv.3.xml -=================================================================== ---- pam.orig/doc/man/misc_conv.3.xml -+++ pam/doc/man/misc_conv.3.xml -@@ -171,7 +171,7 @@ - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/misc_conv.3 -=================================================================== ---- pam.orig/doc/man/misc_conv.3 -+++ pam/doc/man/misc_conv.3 -@@ -117,7 +117,7 @@ - .SH "SEE ALSO" - .PP - \fBpam_conv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_acct_mgmt.3.xml -=================================================================== ---- pam.orig/doc/man/pam_acct_mgmt.3.xml -+++ pam/doc/man/pam_acct_mgmt.3.xml -@@ -138,7 +138,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_acct_mgmt.3 -=================================================================== ---- pam.orig/doc/man/pam_acct_mgmt.3 -+++ pam/doc/man/pam_acct_mgmt.3 -@@ -97,4 +97,4 @@ - \fBpam_authenticate\fR(3), - \fBpam_chauthtok\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_authenticate.3.xml -=================================================================== ---- pam.orig/doc/man/pam_authenticate.3.xml -+++ pam/doc/man/pam_authenticate.3.xml -@@ -162,7 +162,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_authenticate.3 -=================================================================== ---- pam.orig/doc/man/pam_authenticate.3 -+++ pam/doc/man/pam_authenticate.3 -@@ -107,4 +107,4 @@ - \fBpam_setcred\fR(3), - \fBpam_chauthtok\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_chauthtok.3.xml -=================================================================== ---- pam.orig/doc/man/pam_chauthtok.3.xml -+++ pam/doc/man/pam_chauthtok.3.xml -@@ -157,7 +157,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_chauthtok.3 -=================================================================== ---- pam.orig/doc/man/pam_chauthtok.3 -+++ pam/doc/man/pam_chauthtok.3 -@@ -106,4 +106,4 @@ - \fBpam_setcred\fR(3), - \fBpam_get_item\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_conv.3.xml -=================================================================== ---- pam.orig/doc/man/pam_conv.3.xml -+++ pam/doc/man/pam_conv.3.xml -@@ -221,7 +221,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_conv.3 -=================================================================== ---- pam.orig/doc/man/pam_conv.3 -+++ pam/doc/man/pam_conv.3 -@@ -174,4 +174,4 @@ - \fBpam_set_item\fR(3), - \fBpam_get_item\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_error.3.xml -=================================================================== ---- pam.orig/doc/man/pam_error.3.xml -+++ pam/doc/man/pam_error.3.xml -@@ -105,7 +105,7 @@ - <refentrytitle>pam_vprompt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_error.3 -=================================================================== ---- pam.orig/doc/man/pam_error.3 -+++ pam/doc/man/pam_error.3 -@@ -80,7 +80,7 @@ - \fBpam_vinfo\fR(3), - \fBpam_prompt\fR(3), - \fBpam_vprompt\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_getenv.3.xml -=================================================================== ---- pam.orig/doc/man/pam_getenv.3.xml -+++ pam/doc/man/pam_getenv.3.xml -@@ -60,7 +60,7 @@ - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_getenv.3 -=================================================================== ---- pam.orig/doc/man/pam_getenv.3 -+++ pam/doc/man/pam_getenv.3 -@@ -57,4 +57,4 @@ - \fBpam_start\fR(3), - \fBpam_getenvlist\fR(3), - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_getenvlist.3.xml -=================================================================== ---- pam.orig/doc/man/pam_getenvlist.3.xml -+++ pam/doc/man/pam_getenvlist.3.xml -@@ -78,7 +78,7 @@ - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_getenvlist.3 -=================================================================== ---- pam.orig/doc/man/pam_getenvlist.3 -+++ pam/doc/man/pam_getenvlist.3 -@@ -63,4 +63,4 @@ - \fBpam_start\fR(3), - \fBpam_getenv\fR(3), - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_info.3.xml -=================================================================== ---- pam.orig/doc/man/pam_info.3.xml -+++ pam/doc/man/pam_info.3.xml -@@ -93,7 +93,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_info.3 -=================================================================== ---- pam.orig/doc/man/pam_info.3 -+++ pam/doc/man/pam_info.3 -@@ -76,7 +76,7 @@ - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_misc_drop_env.3.xml -=================================================================== ---- pam.orig/doc/man/pam_misc_drop_env.3.xml -+++ pam/doc/man/pam_misc_drop_env.3.xml -@@ -46,7 +46,7 @@ - <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_misc_drop_env.3 -=================================================================== ---- pam.orig/doc/man/pam_misc_drop_env.3 -+++ pam/doc/man/pam_misc_drop_env.3 -@@ -52,7 +52,7 @@ - .SH "SEE ALSO" - .PP - \fBpam_getenvlist\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_misc_paste_env.3.xml -=================================================================== ---- pam.orig/doc/man/pam_misc_paste_env.3.xml -+++ pam/doc/man/pam_misc_paste_env.3.xml -@@ -44,7 +44,7 @@ - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_misc_paste_env.3 -=================================================================== ---- pam.orig/doc/man/pam_misc_paste_env.3 -+++ pam/doc/man/pam_misc_paste_env.3 -@@ -47,7 +47,7 @@ - .SH "SEE ALSO" - .PP - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_misc_setenv.3.xml -=================================================================== ---- pam.orig/doc/man/pam_misc_setenv.3.xml -+++ pam/doc/man/pam_misc_setenv.3.xml -@@ -51,7 +51,7 @@ - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_misc_setenv.3 -=================================================================== ---- pam.orig/doc/man/pam_misc_setenv.3 -+++ pam/doc/man/pam_misc_setenv.3 -@@ -52,7 +52,7 @@ - .SH "SEE ALSO" - .PP - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_prompt.3.xml -=================================================================== ---- pam.orig/doc/man/pam_prompt.3.xml -+++ pam/doc/man/pam_prompt.3.xml -@@ -95,7 +95,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> -Index: pam/doc/man/pam_prompt.3 -=================================================================== ---- pam.orig/doc/man/pam_prompt.3 -+++ pam/doc/man/pam_prompt.3 -@@ -70,7 +70,7 @@ - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8), -+\fBpam\fR(7), - \fBpam_conv\fR(3) - .SH "STANDARDS" - .PP -Index: pam/doc/man/pam_putenv.3.xml -=================================================================== ---- pam.orig/doc/man/pam_putenv.3.xml -+++ pam/doc/man/pam_putenv.3.xml -@@ -145,7 +145,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_putenv.3 -=================================================================== ---- pam.orig/doc/man/pam_putenv.3 -+++ pam/doc/man/pam_putenv.3 -@@ -108,4 +108,4 @@ - \fBpam_getenv\fR(3), - \fBpam_getenvlist\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_strerror.3.xml -=================================================================== ---- pam.orig/doc/man/pam_strerror.3.xml -+++ pam/doc/man/pam_strerror.3.xml -@@ -51,7 +51,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_strerror.3 -=================================================================== ---- pam.orig/doc/man/pam_strerror.3 -+++ pam/doc/man/pam_strerror.3 -@@ -49,4 +49,4 @@ - This function returns always a pointer to a string\&. - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_syslog.3.xml -=================================================================== ---- pam.orig/doc/man/pam_syslog.3.xml -+++ pam/doc/man/pam_syslog.3.xml -@@ -66,7 +66,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_syslog.3 -=================================================================== ---- pam.orig/doc/man/pam_syslog.3 -+++ pam/doc/man/pam_syslog.3 -@@ -67,7 +67,7 @@ - variable argument list macros\&. - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/modules/pam_userdb/pam_userdb.8.xml -=================================================================== ---- pam.orig/modules/pam_userdb/pam_userdb.8.xml -+++ pam/modules/pam_userdb/pam_userdb.8.xml -@@ -279,7 +279,7 @@ + pam_timestamp was written by Nalin Dahyabhai\&. +diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml +index a763ad8..e6b2df7 100644 +--- a/modules/pam_timestamp/pam_timestamp.8.xml ++++ b/modules/pam_timestamp/pam_timestamp.8.xml +@@ -190,7 +190,7 @@ session optional pam_timestamp.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1461,24 +2263,24 @@ Index: pam/modules/pam_userdb/pam_userdb.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_userdb/pam_userdb.8 -=================================================================== ---- pam.orig/modules/pam_userdb/pam_userdb.8 -+++ pam/modules/pam_userdb/pam_userdb.8 -@@ -152,7 +152,7 @@ - \fBcrypt\fR(3), +diff --git a/modules/pam_timestamp/pam_timestamp_check.8 b/modules/pam_timestamp/pam_timestamp_check.8 +index 3425a36..f19a225 100644 +--- a/modules/pam_timestamp/pam_timestamp_check.8 ++++ b/modules/pam_timestamp/pam_timestamp_check.8 +@@ -127,7 +127,7 @@ timestamp files and directories + \fBpam_timestamp_check\fR(8), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. -Index: pam/modules/pam_warn/pam_warn.8.xml -=================================================================== ---- pam.orig/modules/pam_warn/pam_warn.8.xml -+++ pam/modules/pam_warn/pam_warn.8.xml -@@ -90,7 +90,7 @@ + pam_timestamp was written by Nalin Dahyabhai\&. +diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml +index f0c0956..e947f75 100644 +--- a/modules/pam_timestamp/pam_timestamp_check.8.xml ++++ b/modules/pam_timestamp/pam_timestamp_check.8.xml +@@ -189,7 +189,7 @@ session optional pam_timestamp.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1487,24 +2289,24 @@ Index: pam/modules/pam_warn/pam_warn.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_warn/pam_warn.8 -=================================================================== ---- pam.orig/modules/pam_warn/pam_warn.8 -+++ pam/modules/pam_warn/pam_warn.8 -@@ -83,7 +83,7 @@ - .PP +diff --git a/modules/pam_tty_audit/pam_tty_audit.8 b/modules/pam_tty_audit/pam_tty_audit.8 +index ada11ae..2ba5335 100644 +--- a/modules/pam_tty_audit/pam_tty_audit.8 ++++ b/modules/pam_tty_audit/pam_tty_audit.8 +@@ -129,7 +129,7 @@ session required pam_tty_audit\&.so disable=* enable=root + \fBaureport\fR(8), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_warn was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_wheel/pam_wheel.8.xml -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.8.xml -+++ pam/modules/pam_wheel/pam_wheel.8.xml -@@ -213,7 +213,7 @@ + pam_tty_audit was written by Miloslav Trmač <mitr@redhat\&.com>\&. The log_passwd option was added by Richard Guy Briggs <rgb@redhat\&.com>\&. +diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml +index b46bbf7..79d8115 100644 +--- a/modules/pam_tty_audit/pam_tty_audit.8.xml ++++ b/modules/pam_tty_audit/pam_tty_audit.8.xml +@@ -178,7 +178,7 @@ session required pam_tty_audit.so disable=* enable=root <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1513,11 +2315,11 @@ Index: pam/modules/pam_wheel/pam_wheel.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_wheel/pam_wheel.8 -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.8 -+++ pam/modules/pam_wheel/pam_wheel.8 -@@ -136,7 +136,7 @@ +diff --git a/modules/pam_umask/pam_umask.8 b/modules/pam_umask/pam_umask.8 +index 741c316..c7636e2 100644 +--- a/modules/pam_umask/pam_umask.8 ++++ b/modules/pam_umask/pam_umask.8 +@@ -170,7 +170,7 @@ to set the user specific umask at login: .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1525,12 +2327,12 @@ Index: pam/modules/pam_wheel/pam_wheel.8 +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&. -Index: pam/modules/pam_xauth/pam_xauth.8.xml -=================================================================== ---- pam.orig/modules/pam_xauth/pam_xauth.8.xml -+++ pam/modules/pam_xauth/pam_xauth.8.xml -@@ -276,7 +276,7 @@ + pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&. +diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml +index 0527667..acb3bc0 100644 +--- a/modules/pam_umask/pam_umask.8.xml ++++ b/modules/pam_umask/pam_umask.8.xml +@@ -243,7 +243,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1539,89 +2341,50 @@ Index: pam/modules/pam_xauth/pam_xauth.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_xauth/pam_xauth.8 -=================================================================== ---- pam.orig/modules/pam_xauth/pam_xauth.8 -+++ pam/modules/pam_xauth/pam_xauth.8 -@@ -177,7 +177,7 @@ - .PP +diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8 +index 6f5f19b..07f8308 100644 +--- a/modules/pam_unix/pam_unix.8 ++++ b/modules/pam_unix/pam_unix.8 +@@ -310,7 +310,7 @@ session required pam_unix\&.so + \fBlogin.defs\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_xauth was written by Nalin Dahyabhai <nalin@redhat\&.com>, based on original version by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. -Index: pam/modules/pam_env/pam_env.8 -=================================================================== ---- pam.orig/modules/pam_env/pam_env.8 -+++ pam/modules/pam_env/pam_env.8 -@@ -7,7 +7,7 @@ - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ENV" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "7" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -Index: pam/modules/pam_pwhistory/pam_pwhistory.8.xml -=================================================================== ---- pam.orig/modules/pam_pwhistory/pam_pwhistory.8.xml -+++ pam/modules/pam_pwhistory/pam_pwhistory.8.xml -@@ -229,7 +229,7 @@ + pam_unix was written by various people\&. +diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml +index 4e63a49..a025c0e 100644 +--- a/modules/pam_unix/pam_unix.8.xml ++++ b/modules/pam_unix/pam_unix.8.xml +@@ -556,7 +556,7 @@ session required pam_unix.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> </citerefentry> - <citerefentry> - <refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum> -Index: pam/modules/pam_pwhistory/pam_pwhistory.8 -=================================================================== ---- pam.orig/modules/pam_pwhistory/pam_pwhistory.8 -+++ pam/modules/pam_pwhistory/pam_pwhistory.8 -@@ -156,7 +156,7 @@ - .PP + </para> + </refsect1> +diff --git a/modules/pam_userdb/pam_userdb.8 b/modules/pam_userdb/pam_userdb.8 +index c639772..a2493b5 100644 +--- a/modules/pam_userdb/pam_userdb.8 ++++ b/modules/pam_userdb/pam_userdb.8 +@@ -152,7 +152,7 @@ auth sufficient pam_userdb\&.so icase db=/etc/dbtest + \fBcrypt\fR(3), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) - \fBpam_get_authtok\fR(3) .SH "AUTHOR" .PP -Index: pam/modules/pam_sepermit/sepermit.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_sepermit/sepermit.conf.5.xml -+++ pam/modules/pam_sepermit/sepermit.conf.5.xml -@@ -96,7 +96,7 @@ - <para> - <citerefentry><refentrytitle>pam_sepermit</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, - <citerefentry><refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - </para> - </refsect1> -Index: pam/modules/pam_sepermit/sepermit.conf.5 -=================================================================== ---- pam.orig/modules/pam_sepermit/sepermit.conf.5 -+++ pam/modules/pam_sepermit/sepermit.conf.5 -@@ -110,7 +110,7 @@ - .PP - \fBpam_sepermit\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBselinux\fR(8), - .SH "AUTHOR" - .PP -Index: pam/modules/pam_timestamp/pam_timestamp.8.xml -=================================================================== ---- pam.orig/modules/pam_timestamp/pam_timestamp.8.xml -+++ pam/modules/pam_timestamp/pam_timestamp.8.xml -@@ -193,7 +193,7 @@ + pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. +diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml +index 0f96410..86ba895 100644 +--- a/modules/pam_userdb/pam_userdb.8.xml ++++ b/modules/pam_userdb/pam_userdb.8.xml +@@ -276,7 +276,7 @@ auth sufficient pam_userdb.so icase db=/etc/dbtest <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1630,24 +2393,24 @@ Index: pam/modules/pam_timestamp/pam_timestamp.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_timestamp/pam_timestamp.8 -=================================================================== ---- pam.orig/modules/pam_timestamp/pam_timestamp.8 -+++ pam/modules/pam_timestamp/pam_timestamp.8 -@@ -129,7 +129,7 @@ - \fBpam_timestamp_check\fR(8), +diff --git a/modules/pam_warn/pam_warn.8 b/modules/pam_warn/pam_warn.8 +index 3e507d7..0138c70 100644 +--- a/modules/pam_warn/pam_warn.8 ++++ b/modules/pam_warn/pam_warn.8 +@@ -83,7 +83,7 @@ other session required pam_deny\&.so + .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_timestamp was written by Nalin Dahyabhai\&. -Index: pam/modules/pam_timestamp/pam_timestamp_check.8.xml -=================================================================== ---- pam.orig/modules/pam_timestamp/pam_timestamp_check.8.xml -+++ pam/modules/pam_timestamp/pam_timestamp_check.8.xml -@@ -192,7 +192,7 @@ + pam_warn was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +diff --git a/modules/pam_warn/pam_warn.8.xml b/modules/pam_warn/pam_warn.8.xml +index a20c5f7..a69e1d6 100644 +--- a/modules/pam_warn/pam_warn.8.xml ++++ b/modules/pam_warn/pam_warn.8.xml +@@ -87,7 +87,7 @@ other session required pam_deny.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1656,24 +2419,11 @@ Index: pam/modules/pam_timestamp/pam_timestamp_check.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_timestamp/pam_timestamp_check.8 -=================================================================== ---- pam.orig/modules/pam_timestamp/pam_timestamp_check.8 -+++ pam/modules/pam_timestamp/pam_timestamp_check.8 -@@ -127,7 +127,7 @@ - \fBpam_timestamp_check\fR(8), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_timestamp was written by Nalin Dahyabhai\&. -Index: pam/modules/pam_tty_audit/pam_tty_audit.8.xml -=================================================================== ---- pam.orig/modules/pam_tty_audit/pam_tty_audit.8.xml -+++ pam/modules/pam_tty_audit/pam_tty_audit.8.xml -@@ -181,7 +181,7 @@ +diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml +index 0e89002..c73aa7d 100644 +--- a/modules/pam_wheel/pam_wheel.8.xml ++++ b/modules/pam_wheel/pam_wheel.8.xml +@@ -225,7 +225,7 @@ su auth required pam_unix.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1682,42 +2432,29 @@ Index: pam/modules/pam_tty_audit/pam_tty_audit.8.xml </citerefentry> </para> </refsect1> -Index: pam/modules/pam_tty_audit/pam_tty_audit.8 -=================================================================== ---- pam.orig/modules/pam_tty_audit/pam_tty_audit.8 -+++ pam/modules/pam_tty_audit/pam_tty_audit.8 -@@ -129,7 +129,7 @@ - \fBaureport\fR(8), +diff --git a/modules/pam_xauth/pam_xauth.8 b/modules/pam_xauth/pam_xauth.8 +index 31c9074..e6f23c1 100644 +--- a/modules/pam_xauth/pam_xauth.8 ++++ b/modules/pam_xauth/pam_xauth.8 +@@ -177,7 +177,7 @@ XXX + .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_tty_audit was written by Miloslav Trmač <mitr@redhat\&.com>\&. The log_passwd option was added by Richard Guy Briggs <rgb@redhat\&.com>\&. -Index: pam/doc/man/pam_get_authtok.3.xml -=================================================================== ---- pam.orig/doc/man/pam_get_authtok.3.xml -+++ pam/doc/man/pam_get_authtok.3.xml -@@ -232,7 +232,7 @@ - <title>SEE ALSO</title> - <para> + pam_xauth was written by Nalin Dahyabhai <nalin@redhat\&.com>, based on original version by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. +diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml +index f5fc5a3..214226b 100644 +--- a/modules/pam_xauth/pam_xauth.8.xml ++++ b/modules/pam_xauth/pam_xauth.8.xml +@@ -273,7 +273,7 @@ session optional pam_xauth.so + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> </citerefentry> </para> </refsect1> -Index: pam/doc/man/pam_get_authtok.3 -=================================================================== ---- pam.orig/doc/man/pam_get_authtok.3 -+++ pam/doc/man/pam_get_authtok.3 -@@ -162,7 +162,7 @@ - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/debian/patches/do_not_check_nis_accidentally b/debian/patches/do_not_check_nis_accidentally index 29ce6097..5ef39a00 100644 --- a/debian/patches/do_not_check_nis_accidentally +++ b/debian/patches/do_not_check_nis_accidentally @@ -1,3 +1,7 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: do_not_check_nis_accidentally + Patch for Debian bug #469635 Always call _unix_getpwnam() consistent with the value of the 'nis' @@ -6,12 +10,15 @@ option, so that we only grab from the backends we're expecting. Authors: Quentin Godfroy <godfroy@clipper.ens.fr> Upstream status: should be submitted +--- + modules/pam_unix/pam_unix_passwd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) -Index: pam/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam/modules/pam_unix/pam_unix_passwd.c -@@ -669,7 +669,7 @@ +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 5b81343..78f8e20 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -660,7 +660,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_USER_UNKNOWN; } else { struct passwd *pwd; diff --git a/debian/patches/fix-autoreconf.patch b/debian/patches/fix-autoreconf.patch index bdd96262..927a0473 100644 --- a/debian/patches/fix-autoreconf.patch +++ b/debian/patches/fix-autoreconf.patch @@ -8,11 +8,11 @@ Do not override user variables in Makefile.am, see the doc/specs/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -Index: pam/doc/specs/Makefile.am -=================================================================== ---- pam.orig/doc/specs/Makefile.am -+++ pam/doc/specs/Makefile.am -@@ -12,9 +12,9 @@ +diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am +index 58e14b3..2ebd980 100644 +--- a/doc/specs/Makefile.am ++++ b/doc/specs/Makefile.am +@@ -12,9 +12,9 @@ draft-morgan-pam-current.txt: padout draft-morgan-pam.raw AM_YFLAGS = -d CC = @CC_FOR_BUILD@ diff --git a/debian/patches/hurd_no_setfsuid b/debian/patches/hurd_no_setfsuid index 00610a87..16d8ba54 100644 --- a/debian/patches/hurd_no_setfsuid +++ b/debian/patches/hurd_no_setfsuid @@ -1,14 +1,21 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: hurd_no_setfsuid + On systems without setfsuid(), use setreuid() instead. Authors: Steve Langasek <vorlon@debian.org> Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv are implemented +--- + libpam/pam_modutil_priv.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) -Index: pam/libpam/pam_modutil_priv.c -=================================================================== ---- pam.orig/libpam/pam_modutil_priv.c -+++ pam/libpam/pam_modutil_priv.c +diff --git a/libpam/pam_modutil_priv.c b/libpam/pam_modutil_priv.c +index a463e06..7df6e6b 100644 +--- a/libpam/pam_modutil_priv.c ++++ b/libpam/pam_modutil_priv.c @@ -14,7 +14,9 @@ #include <syslog.h> #include <pwd.h> diff --git a/debian/patches/lib_security_multiarch_compat b/debian/patches/lib_security_multiarch_compat index e386ff39..0e7ada42 100644 --- a/debian/patches/lib_security_multiarch_compat +++ b/debian/patches/lib_security_multiarch_compat @@ -1,3 +1,7 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: lib_security_multiarch_compat + Unqualified module paths should always be looked up in *both* the default module dir, *and* the ISA dir. That's what paths are for. @@ -10,12 +14,15 @@ Upstream status: not ready to be committed - this needs tweaked, we're currently abusing the existing variables and inverting their meaning in order to get everything installed where we want it and get absolute paths the way we want them. +--- + libpam/pam_handlers.c | 34 ++++++++++++++++++++++------------ + 1 file changed, 22 insertions(+), 12 deletions(-) -Index: pam-1.4.0/libpam/pam_handlers.c -=================================================================== ---- pam-1.4.0.orig/libpam/pam_handlers.c -+++ pam-1.4.0/libpam/pam_handlers.c -@@ -735,7 +735,27 @@ _pam_load_module(pam_handle_t *pamh, con +diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c +index c7045d2..dc5f81f 100644 +--- a/libpam/pam_handlers.c ++++ b/libpam/pam_handlers.c +@@ -737,7 +737,27 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) success = PAM_ABORT; D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); @@ -44,7 +51,7 @@ Index: pam-1.4.0/libpam/pam_handlers.c D(("_pam_load_module: _pam_dlopen'ed")); D(("_pam_load_module: dlopen'ed")); if (mod->dl_handle == NULL) { -@@ -812,7 +832,6 @@ int _pam_add_handler(pam_handle_t *pamh +@@ -814,7 +834,6 @@ int _pam_add_handler(pam_handle_t *pamh struct handler **handler_p2; struct handlers *the_handlers; const char *sym, *sym2; @@ -52,7 +59,7 @@ Index: pam-1.4.0/libpam/pam_handlers.c servicefn func, func2; int mod_type = PAM_MT_FAULTY_MOD; -@@ -824,16 +843,7 @@ int _pam_add_handler(pam_handle_t *pamh +@@ -826,16 +845,7 @@ int _pam_add_handler(pam_handle_t *pamh if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && mod_path != NULL) { diff --git a/debian/patches/make_documentation_reproducible.patch b/debian/patches/make_documentation_reproducible.patch index b6a4bfe3..6fa72406 100644 --- a/debian/patches/make_documentation_reproducible.patch +++ b/debian/patches/make_documentation_reproducible.patch @@ -1,14 +1,20 @@ -Description: Make documentation reproducible - Add LC_ALL=C.UTF-8 to w3m to avoid changes in the output when build the - documentation with different locales. -Author: Juan Picca <jumapico@gmail.com>, Steve Langasek <vorlon@debian.org> +From: "Juan Picca jumapico@gmail.com, Steve Langasek" <vorlon@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: Make documentation reproducible + Last-Update: 2019-01-06 -Index: pam/configure.ac -=================================================================== ---- pam.orig/configure.ac -+++ pam/configure.ac -@@ -585,7 +585,7 @@ +Add LC_ALL=C.UTF-8 to w3m to avoid changes in the output when build the +documentation with different locales. +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index b9b0f83..5f11912 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -647,7 +647,7 @@ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl-ns/current/manp AC_PATH_PROG([BROWSER], [w3m]) if test -n "$BROWSER"; then diff --git a/debian/patches/no_PATH_MAX_on_hurd b/debian/patches/no_PATH_MAX_on_hurd index ab2403dd..6c20ab8c 100644 --- a/debian/patches/no_PATH_MAX_on_hurd +++ b/debian/patches/no_PATH_MAX_on_hurd @@ -1,13 +1,19 @@ -Description: define PATH_MAX for compatibility when it's not already set - Some platforms, such as the Hurd, don't set PATH_MAX. Set a reasonable - default value in this case. -Author: Steve Langasek <vorlon@debian.org> +From: Steve Langasek <vorlon@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: define PATH_MAX for compatibility when it's not already set + Bug-Debian: http://bugs.debian.org/552043 -Index: pam/tests/tst-dlopen.c -=================================================================== ---- pam.orig/tests/tst-dlopen.c -+++ pam/tests/tst-dlopen.c +Some platforms, such as the Hurd, don't set PATH_MAX. Set a reasonable +default value in this case. +--- + tests/tst-dlopen.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c +index 7092716..535ee1c 100644 +--- a/tests/tst-dlopen.c ++++ b/tests/tst-dlopen.c @@ -16,6 +16,11 @@ #include <limits.h> #include <sys/stat.h> diff --git a/debian/patches/nullok_secure-compat.patch b/debian/patches/nullok_secure-compat.patch index d85aa9fe..a69cd05e 100644 --- a/debian/patches/nullok_secure-compat.patch +++ b/debian/patches/nullok_secure-compat.patch @@ -1,12 +1,17 @@ -Description: Support nullok_secure as a deprecated alias for nullok -Author: Steve Langasek <vorlon@debian.org> +From: Steve Langasek <vorlon@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: Support nullok_secure as a deprecated alias for nullok + Last-Update: 2020-08-11 +--- + modules/pam_unix/support.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) -Index: pam/modules/pam_unix/support.h -=================================================================== ---- pam.orig/modules/pam_unix/support.h -+++ pam/modules/pam_unix/support.h -@@ -102,8 +102,9 @@ +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index 91e7478..e15ee98 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -102,8 +102,9 @@ typedef struct { #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ #define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */ @@ -17,7 +22,7 @@ Index: pam/modules/pam_unix/support.h #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) -@@ -147,6 +148,7 @@ +@@ -147,6 +148,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1}, /* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0}, /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0}, diff --git a/debian/patches/pam-limits-nofile-fd-setsize-cap b/debian/patches/pam-limits-nofile-fd-setsize-cap index 9c0503c7..8b466254 100644 --- a/debian/patches/pam-limits-nofile-fd-setsize-cap +++ b/debian/patches/pam-limits-nofile-fd-setsize-cap @@ -1,5 +1,7 @@ From: Robie Basak <robie.basak@ubuntu.com> -Subject: pam_limits: cap the default soft nofile limit read from pid 1 to FD_SETSIZE +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: pam_limits: cap the default soft nofile limit read from pid 1 to + FD_SETSIZE Cap the default soft nofile limit read from pid 1 to FD_SETSIZE since larger values can cause problems with fd_set overflow and systemd sets @@ -38,12 +40,15 @@ Forwarded: no Reviewed-by: Adam Conrad <adconrad@ubuntu.com> Reviewed-by: Martin Pitt <martin.pitt@ubuntu.com> Last-Update: 2015-04-22 +--- + modules/pam_limits/pam_limits.c | 8 ++++++++ + 1 file changed, 8 insertions(+) -Index: pam/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -450,6 +450,14 @@ +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index bb81559..60c809b 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -460,6 +460,14 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int pl->limits[i].src_hard = LIMITS_DEF_KERNEL; } fclose(limitsfile); diff --git a/debian/patches/pam_mkhomedir_stat_before_opendir b/debian/patches/pam_mkhomedir_stat_before_opendir index aec49b69..50026225 100644 --- a/debian/patches/pam_mkhomedir_stat_before_opendir +++ b/debian/patches/pam_mkhomedir_stat_before_opendir @@ -1,8 +1,17 @@ -Index: pam/modules/pam_mkhomedir/mkhomedir_helper.c +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: pam_mkhomedir_stat_before_opendir + =================================================================== ---- pam.orig/modules/pam_mkhomedir/mkhomedir_helper.c -+++ pam/modules/pam_mkhomedir/mkhomedir_helper.c -@@ -39,6 +39,7 @@ +--- + modules/pam_mkhomedir/mkhomedir_helper.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c +index 3213f02..643d5d0 100644 +--- a/modules/pam_mkhomedir/mkhomedir_helper.c ++++ b/modules/pam_mkhomedir/mkhomedir_helper.c +@@ -39,6 +39,7 @@ create_homedir(const struct passwd *pwd, DIR *d; struct dirent *dent; int retval = PAM_SESSION_ERR; @@ -10,7 +19,7 @@ Index: pam/modules/pam_mkhomedir/mkhomedir_helper.c /* Create the new directory */ if (mkdir(dest, 0700) && errno != EEXIST) -@@ -54,6 +55,12 @@ +@@ -54,6 +55,12 @@ create_homedir(const struct passwd *pwd, goto go_out; } diff --git a/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch index 6a9e525e..5a94c25d 100644 --- a/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch +++ b/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch @@ -1,3 +1,7 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: pam_unix_dont_trust_chkpwd_caller + Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd helper could be sgid shadow instead of suid root, as it is in Debian and Ubuntu by default. Drop any sgid bits as well. @@ -6,12 +10,15 @@ Authors: Steve Langasek <vorlon@debian.org>, Michael Spang <mspang@csclub.uwaterloo.ca> Upstream status: to be submitted +--- + modules/pam_unix/unix_chkpwd.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) -Index: pam/modules/pam_unix/unix_chkpwd.c -=================================================================== ---- pam.orig/modules/pam_unix/unix_chkpwd.c -+++ pam/modules/pam_unix/unix_chkpwd.c -@@ -138,9 +138,10 @@ +diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c +index 556a2e2..5e7b571 100644 +--- a/modules/pam_unix/unix_chkpwd.c ++++ b/modules/pam_unix/unix_chkpwd.c +@@ -138,9 +138,10 @@ int main(int argc, char *argv[]) /* if the caller specifies the username, verify that user matches it */ if (user == NULL || strcmp(user, argv[1])) { diff --git a/debian/patches/series b/debian/patches/series index 3ea285ae..bc458602 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,18 +7,17 @@ make_documentation_reproducible.patch 026_pam_unix_passwd_unknown_user do_not_check_nis_accidentally 027_pam_limits_better_init_allow_explicit_root -031_pam_include +031_pam_include 032_pam_limits_EPERM_NOT_FATAL 036_pam_wheel_getlogin_considered_harmful hurd_no_setfsuid 040_pam_limits_log_failure 045_pam_dispatch_jump_is_ignore -PAM-manpage-section +PAM-manpage-section update-motd no_PATH_MAX_on_hurd lib_security_multiarch_compat pam-limits-nofile-fd-setsize-cap fix-autoreconf.patch nullok_secure-compat.patch - pam_mkhomedir_stat_before_opendir diff --git a/debian/patches/update-motd b/debian/patches/update-motd index 14d5fee4..fc9c9d8d 100644 --- a/debian/patches/update-motd +++ b/debian/patches/update-motd @@ -1,3 +1,7 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: update-motd + Provide a more dynamic MOTD, based on the short-lived update-motd project. Authors: Dustin Kirkland <kirkland@canonical.com> @@ -5,12 +9,73 @@ Authors: Dustin Kirkland <kirkland@canonical.com> Last-Update: 2019-02-12 Forwarded: no Bug-Ubuntu: https://bugs.launchpad.net/bugs/399071 +--- + modules/pam_motd/README | 4 ++++ + modules/pam_motd/pam_motd.8 | 7 +++++++ + modules/pam_motd/pam_motd.8.xml | 11 +++++++++++ + modules/pam_motd/pam_motd.c | 18 ++++++++++++++++++ + 4 files changed, 40 insertions(+) -Index: pam/modules/pam_motd/pam_motd.c -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.c -+++ pam/modules/pam_motd/pam_motd.c -@@ -352,6 +352,7 @@ +diff --git a/modules/pam_motd/README b/modules/pam_motd/README +index 01bc64e..375ec80 100644 +--- a/modules/pam_motd/README ++++ b/modules/pam_motd/README +@@ -52,6 +52,10 @@ motd_dir=/path/dirname.d + colon-separated list. By default this option is set to /etc/motd.d:/run/ + motd.d:/usr/lib/motd.d. + ++noupdate ++ ++ Don't run the scripts in /etc/update-motd.d to refresh the motd file. ++ + When no options are given, the default behavior applies for both options. + Specifying either option (or both) will disable the default behavior for both + options. +diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8 +index 3f65bb5..6a6ab4e 100644 +--- a/modules/pam_motd/pam_motd.8 ++++ b/modules/pam_motd/pam_motd.8 +@@ -109,6 +109,13 @@ directory is scanned and each file contained inside of it is displayed\&. Multip + /etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&. + .RE + .PP ++\fBnoupdate\fR ++.RS 4 ++Don\*(Aqt run the scripts in ++/etc/update\-motd\&.d ++to refresh the motd file\&. ++.RE ++.PP + When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&. + .SH "MODULE TYPES PROVIDED" + .PP +diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml +index 2fc5310..8369779 100644 +--- a/modules/pam_motd/pam_motd.8.xml ++++ b/modules/pam_motd/pam_motd.8.xml +@@ -112,6 +112,17 @@ + </para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term> ++ <option>noupdate</option> ++ </term> ++ <listitem> ++ <para> ++ Don't run the scripts in <filename>/etc/update-motd.d</filename> ++ to refresh the motd file. ++ </para> ++ </listitem> ++ </varlistentry> + </variablelist> + <para> + When no options are given, the default behavior applies for both +diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c +index 5ca486e..8472dd6 100644 +--- a/modules/pam_motd/pam_motd.c ++++ b/modules/pam_motd/pam_motd.c +@@ -383,6 +383,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval = PAM_IGNORE; @@ -18,7 +83,7 @@ Index: pam/modules/pam_motd/pam_motd.c const char *motd_path = NULL; char *motd_path_copy = NULL; unsigned int num_motd_paths = 0; -@@ -361,6 +362,7 @@ +@@ -392,6 +393,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, unsigned int num_motd_dir_paths = 0; char **motd_dir_path_split = NULL; int report_missing; @@ -26,7 +91,7 @@ Index: pam/modules/pam_motd/pam_motd.c if (flags & PAM_SILENT) { return retval; -@@ -390,6 +392,9 @@ +@@ -421,6 +423,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, "motd_dir= specification missing argument - ignored"); } } @@ -36,7 +101,7 @@ Index: pam/modules/pam_motd/pam_motd.c else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } -@@ -402,6 +407,19 @@ +@@ -433,6 +438,19 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, report_missing = 1; } @@ -56,58 +121,3 @@ Index: pam/modules/pam_motd/pam_motd.c if (motd_path != NULL) { motd_path_copy = strdup(motd_path); } -Index: pam/modules/pam_motd/pam_motd.8.xml -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.8.xml -+++ pam/modules/pam_motd/pam_motd.8.xml -@@ -115,6 +115,17 @@ - </para> - </listitem> - </varlistentry> -+ <varlistentry> -+ <term> -+ <option>noupdate</option> -+ </term> -+ <listitem> -+ <para> -+ Don't run the scripts in <filename>/etc/update-motd.d</filename> -+ to refresh the motd file. -+ </para> -+ </listitem> -+ </varlistentry> - </variablelist> - <para> - When no options are given, the default behavior applies for both -Index: pam/modules/pam_motd/pam_motd.8 -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.8 -+++ pam/modules/pam_motd/pam_motd.8 -@@ -109,6 +109,13 @@ - /etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&. - .RE - .PP -+\fBnoupdate\fR -+.RS 4 -+Don\*(Aqt run the scripts in -+/etc/update\-motd\&.d -+to refresh the motd file\&. -+.RE -+.PP - When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&. - .SH "MODULE TYPES PROVIDED" - .PP -Index: pam/modules/pam_motd/README -=================================================================== ---- pam.orig/modules/pam_motd/README -+++ pam/modules/pam_motd/README -@@ -52,6 +52,10 @@ - colon-separated list. By default this option is set to /etc/motd.d:/run/ - motd.d:/usr/lib/motd.d. - -+noupdate -+ -+ Don't run the scripts in /etc/update-motd.d to refresh the motd file. -+ - When no options are given, the default behavior applies for both options. - Specifying either option (or both) will disable the default behavior for both - options. |