diff options
author | Tomas Mraz <tm@t8m.info> | 2007-12-06 20:20:07 +0000 |
---|---|---|
committer | Tomas Mraz <tm@t8m.info> | 2007-12-06 20:20:07 +0000 |
commit | 632dffe99cc8e3aefb4410aec2a3091df48a6f46 (patch) | |
tree | a143da18fc11f9f9dbec7a9f514ea9bec110bcad /doc/man/pam_item_types_std.inc.xml | |
parent | 337e34ff7407327700ae3ddf2bdda00698386e13 (diff) |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
* libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
macro.
* libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
PAM_XAUTHDATA items, pam_xauth_data struct.
* libpam/pam_item.c (pam_set_item, pam_get_item): Handle
PAM_XDISPLAY and PAM_XAUTHDATA items.
* libpam/pam_end.c (pam_end): Destroy the new items.
* libpam/pam_private.h (pam_handle): Add data members for new
items. Add prototype for _pam_memdup.
* libpam/pam_misc.c: Add _pam_memdup.
* doc/man/Makefile.am: Add pam_xauth_data.3. Replace
pam_item_types.inc.xml with pam_item_types_std.inc.xml and
pam_item_types_ext.inc.xml.
* doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
* doc/man/pam_set_item.3.xml: Likewise.
* doc/man/pam_item_types.inc.xml: Removed file.
* doc/man/pam_item_types_ext.inc.xml: New file.
* doc/man/pam_item_types_std.inc.xml: New file.
Diffstat (limited to 'doc/man/pam_item_types_std.inc.xml')
-rw-r--r-- | doc/man/pam_item_types_std.inc.xml | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/doc/man/pam_item_types_std.inc.xml b/doc/man/pam_item_types_std.inc.xml new file mode 100644 index 00000000..81f240b0 --- /dev/null +++ b/doc/man/pam_item_types_std.inc.xml @@ -0,0 +1,138 @@ +<!-- this file is included by pam_set_item and pam_get_item --> + + <variablelist> + <varlistentry> + <term>PAM_SERVICE</term> + <listitem> + <para> + The service name (which identifies that PAM stack that + the PAM functions will use to authenticate the program). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_USER</term> + <listitem> + <para> + The username of the entity under whose identity service + will be given. That is, following authentication, + <emphasis>PAM_USER</emphasis> identifies the local entity + that gets to use the service. Note, this value can be mapped + from something (eg., "anonymous") to something else (eg. + "guest119") by any module in the PAM stack. As such an + application should consult the value of + <emphasis>PAM_USER</emphasis> after each call to a PAM function. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_USER_PROMPT</term> + <listitem> + <para> + The string used when prompting for a user's name. The default + value for this string is a localized version of "login: ". + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_TTY</term> + <listitem> + <para> + The terminal name: prefixed by <filename>/dev/</filename> if + it is a device file; for graphical, X-based, applications the + value for this item should be the + <emphasis>$DISPLAY</emphasis> variable. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_RUSER</term> + <listitem> + <para> + The requesting user name: local name for a locally + requesting user or a remote user name for a remote + requesting user. + </para> + <para> + Generally an application or module will attempt to supply + the value that is most strongly authenticated (a local account + before a remote one. The level of trust in this value is + embodied in the actual authentication stack associated with + the application, so it is ultimately at the discretion of the + system administrator. + </para> + <para> + <emphasis>PAM_RUSER@PAM_RHOST</emphasis> should always identify + the requesting user. In some cases, + <emphasis>PAM_RUSER</emphasis> may be NULL. In such situations, + it is unclear who the requesting entity is. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_RHOST</term> + <listitem> + <para> + The requesting hostname (the hostname of the machine from + which the <emphasis>PAM_RUSER</emphasis> entity is requesting + service). That is <emphasis>PAM_RUSER@PAM_RHOST</emphasis> + does identify the requesting user. In some applications, + <emphasis>PAM_RHOST</emphasis> may be NULL. In such situations, + it is unclear where the authentication request is originating + from. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_AUTHTOK</term> + <listitem> + <para> + The authentication token (often a password). This token + should be ignored by all module functions besides + <citerefentry> + <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> and + <citerefentry> + <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>. + In the former function it is used to pass the most recent + authentication token from one stacked module to another. In + the latter function the token is used for another purpose. + It contains the currently active authentication token. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_OLDAUTHTOK</term> + <listitem> + <para> + The old authentication token. This token should be ignored + by all module functions except + <citerefentry> + <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>. + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>PAM_CONV</term> + <listitem> + <para> + The pam_conv structure. See + <citerefentry> + <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>. + </para> + </listitem> + </varlistentry> + + </variablelist> |