summaryrefslogtreecommitdiff
path: root/doc/man
diff options
context:
space:
mode:
authorSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:53:41 -0800
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 18:17:08 -0800
commit212b52cf29c06cc209bc8ac0540dbab1acdf1464 (patch)
tree58da0bf39f5c4122e4a1b4da20fdeea52b97a671 /doc/man
parent9c52e721044e7501c3d4567b36d222dc7326224a (diff)
parent56c8282d128fb484ffc77dff73abf42229b291d3 (diff)
New upstream version 1.1.0
Diffstat (limited to 'doc/man')
-rw-r--r--doc/man/Makefile.am8
-rw-r--r--doc/man/Makefile.in60
-rw-r--r--doc/man/PAM.8218
-rw-r--r--doc/man/misc_conv.3222
-rw-r--r--doc/man/pam.3287
-rw-r--r--doc/man/pam.3.xml6
-rw-r--r--doc/man/pam.conf-syntax.xml8
-rw-r--r--doc/man/pam.conf.5364
-rw-r--r--doc/man/pam_acct_mgmt.3202
-rw-r--r--doc/man/pam_authenticate.3206
-rw-r--r--doc/man/pam_chauthtok.3204
-rw-r--r--doc/man/pam_close_session.3196
-rw-r--r--doc/man/pam_conv.3262
-rw-r--r--doc/man/pam_end.3200
-rw-r--r--doc/man/pam_error.3200
-rw-r--r--doc/man/pam_fail_delay.3292
-rw-r--r--doc/man/pam_get_authtok.3285
-rw-r--r--doc/man/pam_get_authtok.3.xml205
-rw-r--r--doc/man/pam_get_data.3194
-rw-r--r--doc/man/pam_get_item.3260
-rw-r--r--doc/man/pam_get_user.3227
-rw-r--r--doc/man/pam_getenv.3187
-rw-r--r--doc/man/pam_getenv.3.xml7
-rw-r--r--doc/man/pam_getenvlist.3192
-rw-r--r--doc/man/pam_info.3200
-rw-r--r--doc/man/pam_item_types_ext.inc.xml16
-rw-r--r--doc/man/pam_misc_drop_env.3186
-rw-r--r--doc/man/pam_misc_paste_env.3186
-rw-r--r--doc/man/pam_misc_setenv.3188
-rw-r--r--doc/man/pam_open_session.3196
-rw-r--r--doc/man/pam_prompt.3200
-rw-r--r--doc/man/pam_prompt.3.xml6
-rw-r--r--doc/man/pam_putenv.3202
-rw-r--r--doc/man/pam_set_data.3212
-rw-r--r--doc/man/pam_set_item.3260
-rw-r--r--doc/man/pam_setcred.3216
-rw-r--r--doc/man/pam_setcred.3.xml11
-rw-r--r--doc/man/pam_sm_acct_mgmt.3206
-rw-r--r--doc/man/pam_sm_authenticate.3206
-rw-r--r--doc/man/pam_sm_chauthtok.3230
-rw-r--r--doc/man/pam_sm_chauthtok.3.xml37
-rw-r--r--doc/man/pam_sm_close_session.3194
-rw-r--r--doc/man/pam_sm_open_session.3194
-rw-r--r--doc/man/pam_sm_setcred.3223
-rw-r--r--doc/man/pam_sm_setcred.3.xml18
-rw-r--r--doc/man/pam_start.3210
-rw-r--r--doc/man/pam_strerror.3184
-rw-r--r--doc/man/pam_syslog.3200
-rw-r--r--doc/man/pam_xauth_data.3198
49 files changed, 7741 insertions, 930 deletions
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 52e5caab..9b229b16 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -12,8 +12,8 @@ man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \
pam_chauthtok.3 pam_close_session.3 pam_conv.3 \
pam_end.3 pam_error.3 \
pam_fail_delay.3 pam_xauth_data.3 \
- pam_get_data.3 pam_get_item.3 pam_get_user.3 pam_getenv.3 \
- pam_getenvlist.3 \
+ pam_get_authtok.3 pam_get_data.3 pam_get_item.3 pam_get_user.3 \
+ pam_getenv.3 pam_getenvlist.3 \
pam_info.3 \
pam_open_session.3 \
pam_prompt.3 pam_putenv.3 \
@@ -29,8 +29,8 @@ XMLS = pam.3.xml pam.8.xml \
pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \
pam_end.3.xml pam_error.3.xml \
pam_fail_delay.3.xml pam_xauth_data.3 \
- pam_get_data.3.xml pam_get_item.3.xml pam_get_user.3.xml \
- pam_getenv.3.xml pam_getenvlist.3.xml \
+ pam_get_authtok.3.xml pam_get_data.3.xml pam_get_item.3.xml \
+ pam_get_user.3.xml pam_getenv.3.xml pam_getenvlist.3.xml \
pam_info.3.xml \
pam_open_session.3.xml \
pam_prompt.3.xml pam_putenv.3.xml \
diff --git a/doc/man/Makefile.in b/doc/man/Makefile.in
index c4e6beb7..722ffc7c 100644
--- a/doc/man/Makefile.in
+++ b/doc/man/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -39,13 +39,16 @@ subdir = doc/man
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
- $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+ $(top_srcdir)/m4/japhar_grep_cflags.m4 \
$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
- $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
- $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -75,23 +78,19 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXDEPMODE = @CXXDEPMODE@
-CXXFLAGS = @CXXFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DSYMUTIL = @DSYMUTIL@
-ECHO = @ECHO@
+DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
+FGREP = @FGREP@
FO2PDF = @FO2PDF@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
@@ -103,6 +102,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
@@ -126,6 +126,7 @@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
LIBS = @LIBS@
LIBSELINUX = @LIBSELINUX@
LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
@@ -135,15 +136,18 @@ MKDIR_P = @MKDIR_P@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
+NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
-PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
PATH_SEPARATOR = @PATH_SEPARATOR@
PIE_CFLAGS = @PIE_CFLAGS@
PIE_LDFLAGS = @PIE_LDFLAGS@
@@ -157,10 +161,9 @@ SHELL = @SHELL@
STRIP = @STRIP@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
-WITH_DEBUG = @WITH_DEBUG@
-WITH_PAMLOCKING = @WITH_PAMLOCKING@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLCATALOG = @XMLCATALOG@
XMLLINT = @XMLLINT@
XML_CATALOG_FILE = @XML_CATALOG_FILE@
@@ -172,8 +175,7 @@ abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@@ -205,6 +207,7 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -219,6 +222,7 @@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
@@ -229,8 +233,8 @@ man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \
pam_chauthtok.3 pam_close_session.3 pam_conv.3 \
pam_end.3 pam_error.3 \
pam_fail_delay.3 pam_xauth_data.3 \
- pam_get_data.3 pam_get_item.3 pam_get_user.3 pam_getenv.3 \
- pam_getenvlist.3 \
+ pam_get_authtok.3 pam_get_data.3 pam_get_item.3 pam_get_user.3 \
+ pam_getenv.3 pam_getenvlist.3 \
pam_info.3 \
pam_open_session.3 \
pam_prompt.3 pam_putenv.3 \
@@ -247,8 +251,8 @@ XMLS = pam.3.xml pam.8.xml \
pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \
pam_end.3.xml pam_error.3.xml \
pam_fail_delay.3.xml pam_xauth_data.3 \
- pam_get_data.3.xml pam_get_item.3.xml pam_get_user.3.xml \
- pam_getenv.3.xml pam_getenvlist.3.xml \
+ pam_get_authtok.3.xml pam_get_data.3.xml pam_get_item.3.xml \
+ pam_get_user.3.xml pam_getenv.3.xml pam_getenvlist.3.xml \
pam_info.3.xml \
pam_open_session.3.xml \
pam_prompt.3.xml pam_putenv.3.xml \
@@ -269,8 +273,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -311,8 +315,8 @@ install-man3: $(man3_MANS) $(man_MANS)
esac; \
done; \
for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
+ if test -f $$i; then file=$$i; \
+ else file=$(srcdir)/$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
3*) ;; \
@@ -356,8 +360,8 @@ install-man5: $(man5_MANS) $(man_MANS)
esac; \
done; \
for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
+ if test -f $$i; then file=$$i; \
+ else file=$(srcdir)/$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
5*) ;; \
@@ -401,8 +405,8 @@ install-man8: $(man8_MANS) $(man_MANS)
esac; \
done; \
for i in $$list; do \
- if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
- else file=$$i; fi; \
+ if test -f $$i; then file=$$i; \
+ else file=$(srcdir)/$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
case "$$ext" in \
8*) ;; \
diff --git a/doc/man/PAM.8 b/doc/man/PAM.8
index 1872d09a..1aedd522 100644
--- a/doc/man/PAM.8
+++ b/doc/man/PAM.8
@@ -1,48 +1,204 @@
.\" Title: pam
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM" "8" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-PAM, pam - Pluggable Authentication Modules for Linux
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+PAM, pam \- Pluggable Authentication Modules for Linux
.SH "DESCRIPTION"
.PP
This manual is intended to offer a quick introduction to
-\fBLinux\-PAM\fR\. For more information the reader is directed to the
-\fBLinux\-PAM system administrators\' guide\fR\.
+\fBLinux\-PAM\fR\&. For more information the reader is directed to the
+\fBLinux\-PAM system administrators\' guide\fR\&.
.PP
\fBLinux\-PAM\fR
-is a system of libraries that handle the authentication tasks of applications (services) on the system\. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
+is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
\fBlogin\fR(1)
and
-\fBsu\fR(1)) defer to to perform standard authentication tasks\.
+\fBsu\fR(1)) defer to to perform standard authentication tasks\&.
.PP
-The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\. This dynamic configuration is set by the contents of the single
+The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single
\fBLinux\-PAM\fR
configuration file
-\fI/etc/pam\.conf\fR\. Alternatively, the configuration can be set by individual configuration files located in the
-\fI/etc/pam\.d/\fR
-directory\. The presence of this directory will cause
+\FC/etc/pam\&.conf\F[]\&. Alternatively, the configuration can be set by individual configuration files located in the
+\FC/etc/pam\&.d/\F[]
+directory\&. The presence of this directory will cause
\fBLinux\-PAM\fR
to
\fIignore\fR
-\fI/etc/pam\.conf\fR\.
+\FC/etc/pam\&.conf\F[]\&.
.PP
From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the
\fBLinux\-PAM\fR
-library\. The important point to recognize is that the configuration file(s)
+library\&. The important point to recognize is that the configuration file(s)
\fIdefine\fR
the connection between applications
(\fBservices\fR) and the pluggable authentication modules
-(\fBPAM\fRs) that perform the actual authentication tasks\.
+(\fBPAM\fRs) that perform the actual authentication tasks\&.
.PP
\fBLinux\-PAM\fR
separates the tasks of
@@ -54,49 +210,49 @@ management;
\fBpassword\fR
management; and
\fBsession\fR
-management\. (We highlight the abbreviations used for these groups in the configuration file\.)
+management\&. (We highlight the abbreviations used for these groups in the configuration file\&.)
.PP
Simply put, these groups take care of different aspects of a typical user\'s request for a restricted service:
.PP
\fBaccount\fR
\- provide account verification types of service: has the user\'s password expired?; is this user permitted access to the requested service?
.PP
-\fBauth\fRentication \- authenticate a user and set up user credentials\. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of
-\fBLinux\-PAM\fR\.
+\fBauth\fRentication \- authenticate a user and set up user credentials\&. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\&. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of
+\fBLinux\-PAM\fR\&.
.PP
\fBpassword\fR
-\- this group\'s responsibility is the task of updating authentication mechanisms\. Typically, such services are strongly coupled to those of the
+\- this group\'s responsibility is the task of updating authentication mechanisms\&. Typically, such services are strongly coupled to those of the
\fBauth\fR
-group\. Some authentication mechanisms lend themselves well to being updated with such a function\. Standard UN*X password\-based access is the obvious example: please enter a replacement password\.
+group\&. Some authentication mechanisms lend themselves well to being updated with such a function\&. Standard UN*X password\-based access is the obvious example: please enter a replacement password\&.
.PP
\fBsession\fR
-\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\. Such tasks include the maintenance of audit trails and the mounting of the user\'s home directory\. The
+\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\&. Such tasks include the maintenance of audit trails and the mounting of the user\'s home directory\&. The
\fBsession\fR
-management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\.
+management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&.
.SH "FILES"
.PP
-\fI/etc/pam\.conf\fR
+\FC/etc/pam\&.conf\F[]
.RS 4
the configuration file
.RE
.PP
-\fI/etc/pam\.d\fR
+\FC/etc/pam\&.d\F[]
.RS 4
the
\fBLinux\-PAM\fR
-configuration directory\. Generally, if this directory is present, the
-\fI/etc/pam\.conf\fR
-file is ignored\.
+configuration directory\&. Generally, if this directory is present, the
+\FC/etc/pam\&.conf\F[]
+file is ignored\&.
.RE
.SH "ERRORS"
.PP
Typically errors generated by the
\fBLinux\-PAM\fR
system of libraries, will be written to
-\fBsyslog\fR(3)\.
+\fBsyslog\fR(3)\&.
.SH "CONFORMING TO"
.PP
-DCE\-RFC 86\.0, October 1995\. Contains additional features, but remains backwardly compatible with this RFC\.
+DCE\-RFC 86\&.0, October 1995\&. Contains additional features, but remains backwardly compatible with this RFC\&.
.SH "SEE ALSO"
.PP
diff --git a/doc/man/misc_conv.3 b/doc/man/misc_conv.3
index f8b33dff..9033511e 100644
--- a/doc/man/misc_conv.3
+++ b/doc/man/misc_conv.3
@@ -1,26 +1,188 @@
.\" Title: misc_conv
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "MISC_CONV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "MISC_CONV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-misc_conv - text based conversation function
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+misc_conv \- text based conversation function
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_misc\.h>
+#include <security/pam_misc\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 15
+.fam C
+.HP \w'void\ misc_conv('u
.BI "void misc_conv(int\ " "num_msg" ", const\ struct\ pam_message\ **" "msgm" ", struct\ pam_response\ **" "response" ", void\ *" "appdata_ptr" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
@@ -29,28 +191,28 @@ function is part of
\fBlibpam_misc\fR
and not of the standard
\fBlibpam\fR
-library\. This function will prompt the user with the appropriate comments and obtain the appropriate inputs as directed by authentication modules\.
+library\&. This function will prompt the user with the appropriate comments and obtain the appropriate inputs as directed by authentication modules\&.
.PP
In addition to simply slotting into the appropriate
-\fBpam_conv\fR(3), this function provides some time\-out facilities\. The function exports five variables that can be used by an application programmer to limit the amount of time this conversation function will spend waiting for the user to type something\. The five variabls are as follows:
+\fBpam_conv\fR(3), this function provides some time\-out facilities\&. The function exports five variables that can be used by an application programmer to limit the amount of time this conversation function will spend waiting for the user to type something\&. The five variabls are as follows:
.PP
\fBtime_t\fR \fIpam_misc_conv_warn_time\fR;
.RS 4
This variable contains the
\fItime\fR
(as returned by
-\fBtime\fR(2)) that the user should be first warned that the clock is ticking\. By default it has the value
-0, which indicates that no such warning will be given\. The application may set its value to sometime in the future, but this should be done prior to passing control to the
+\fBtime\fR(2)) that the user should be first warned that the clock is ticking\&. By default it has the value
+0, which indicates that no such warning will be given\&. The application may set its value to sometime in the future, but this should be done prior to passing control to the
\fILinux\-PAM\fR
-library\.
+library\&.
.RE
.PP
\fBconst char *\fR\fIpam_misc_conv_warn_line\fR;
.RS 4
Used in conjuction with
-\fIpam_misc_conv_warn_time\fR, this variable is a pointer to the string that will be displayed when it becomes time to warn the user that the timeout is approaching\. Its default value is a translated version of
-\(lq\.\.\.Time is running out\.\.\.\(rq, but this can be changed by the application prior to passing control to
-\fILinux\-PAM\fR\.
+\fIpam_misc_conv_warn_time\fR, this variable is a pointer to the string that will be displayed when it becomes time to warn the user that the timeout is approaching\&. Its default value is a translated version of
+\(lq\&.\&.\&.Time is running out\&.\&.\&.\(rq, but this can be changed by the application prior to passing control to
+\fILinux\-PAM\fR\&.
.RE
.PP
\fBtime_t\fR \fIpam_misc_conv_die_time\fR;
@@ -58,44 +220,44 @@ Used in conjuction with
This variable contains the
\fItime\fR
(as returned by
-\fBtime\fR(2)) that the will time out\. By default it has the value
-0, which indicates that the conversation function will not timeout\. The application may set its value to sometime in the future, but this should be done prior to passing control to the
+\fBtime\fR(2)) that the will time out\&. By default it has the value
+0, which indicates that the conversation function will not timeout\&. The application may set its value to sometime in the future, but this should be done prior to passing control to the
\fILinux\-PAM\fR
-library\.
+library\&.
.RE
.PP
\fBconst char *\fR\fIpam_misc_conv_die_line\fR;
.RS 4
Used in conjuction with
-\fIpam_misc_conv_die_time\fR, this variable is a pointer to the string that will be displayed when the conversation times out\. Its default value is a translated version of
-\(lq\.\.\.Sorry, your time is up!\(rq, but this can be changed by the application prior to passing control to
-\fILinux\-PAM\fR\.
+\fIpam_misc_conv_die_time\fR, this variable is a pointer to the string that will be displayed when the conversation times out\&. Its default value is a translated version of
+\(lq\&.\&.\&.Sorry, your time is up!\(rq, but this can be changed by the application prior to passing control to
+\fILinux\-PAM\fR\&.
.RE
.PP
\fBint\fR \fIpam_misc_conv_died\fR;
.RS 4
Following a return from the
\fILinux\-PAM\fR
-libraray, the value of this variable indicates whether the conversation has timed out\. A value of
+libraray, the value of this variable indicates whether the conversation has timed out\&. A value of
1
-indicates the time\-out occurred\.
+indicates the time\-out occurred\&.
.RE
.PP
-The following two function pointers are available for supporting binary prompts in the conversation function\. They are optimized for the current incarnation of the
+The following two function pointers are available for supporting binary prompts in the conversation function\&. They are optimized for the current incarnation of the
\fBlibpamc\fR
-library and are subject to change\.
+library and are subject to change\&.
.PP
\fBint\fR \fI(*pam_binary_handler_fn)\fR(\fBvoid *\fR\fIappdata\fR, \fBpamc_bp_t *\fR\fIprompt_p\fR);
.RS 4
This function pointer is initialized to
NULL
-but can be filled with a function that provides machine\-machine (hidden) message exchange\. It is intended for use with hidden authentication protocols such as RSA or Diffie\-Hellman key exchanges\. (This is still under development\.)
+but can be filled with a function that provides machine\-machine (hidden) message exchange\&. It is intended for use with hidden authentication protocols such as RSA or Diffie\-Hellman key exchanges\&. (This is still under development\&.)
.RE
.PP
\fBint\fR \fI(*pam_binary_handler_free)\fR(\fBvoid *\fR\fIappdata\fR, \fBpamc_bp_t *\fR\fIdelete_me\fR);
.RS 4
This function pointer is initialized to
-\fBPAM_BP_RENEW(delete_me, 0, 0)\fR, but can be redefined as desired by the application\.
+\fBPAM_BP_RENEW(delete_me, 0, 0)\fR, but can be redefined as desired by the application\&.
.RE
.SH "SEE ALSO"
.PP
@@ -108,4 +270,4 @@ The
\fBmisc_conv\fR
function is part of the
\fBlibpam_misc\fR
-Library and not defined in any standard\.
+Library and not defined in any standard\&.
diff --git a/doc/man/pam.3 b/doc/man/pam.3
index 9de478e5..b6033370 100644
--- a/doc/man/pam.3
+++ b/doc/man/pam.3
@@ -1,104 +1,272 @@
.\" Title: pam
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam - Pluggable Authentication Modules Library
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam \- Pluggable Authentication Modules Library
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_ext\.h>
+#include <security/pam_ext\&.h>
.fi
+.fam
+.ps +1
.ft
.SH "DESCRIPTION"
.PP
\fBPAM\fR
-is a system of libraries that handle the authentication tasks of applications (services) on the system\. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
+is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
\fBlogin\fR(1)
and
-\fBsu\fR(1)) defer to to perform standard authentication tasks\.
+\fBsu\fR(1)) defer to to perform standard authentication tasks\&.
.SS "Initialization and Cleanup"
.PP
The
\fBpam_start\fR(3)
-function creates the PAM context and initiates the PAM transaction\. It is the first of the PAM functions that needs to be called by an application\. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel\. But it is not possible to use the same handle for different transactions, a new one is needed for every new context\.
+function creates the PAM context and initiates the PAM transaction\&. It is the first of the PAM functions that needs to be called by an application\&. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel\&. But it is not possible to use the same handle for different transactions, a new one is needed for every new context\&.
.PP
The
\fBpam_end\fR(3)
-function terminates the PAM transaction and is the last function an application should call in the PAM context\. Upon return the handle pamh is no longer valid and all memory associated with it will be invalid\. It can be called at any time to terminate a PAM transaction\.
+function terminates the PAM transaction and is the last function an application should call in the PAM context\&. Upon return the handle pamh is no longer valid and all memory associated with it will be invalid\&. It can be called at any time to terminate a PAM transaction\&.
.SS "Authentication"
.PP
The
\fBpam_authenticate\fR(3)
-function is used to authenticate the user\. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\.
+function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&.
.PP
The
\fBpam_setcred\fR(3)
-function manages the userscredentials\.
+function manages the userscredentials\&.
.SS "Account Management"
.PP
The
\fBpam_acct_mgmt\fR(3)
-function is used to determine if the users account is valid\. It checks for authentication token and account expiration and verifies access restrictions\. It is typically called after the user has been authenticated\.
+function is used to determine if the users account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&.
.SS "Password Management"
.PP
The
\fBpam_chauthtok\fR(3)
-function is used to change the authentication token for a given user on request or because the token has expired\.
+function is used to change the authentication token for a given user on request or because the token has expired\&.
.SS "Session Management"
.PP
The
\fBpam_open_session\fR(3)
-function sets up a user session for a previously successful authenticated user\. The session should later be terminated with a call to
-\fBpam_close_session\fR(3)\.
+function sets up a user session for a previously successful authenticated user\&. The session should later be terminated with a call to
+\fBpam_close_session\fR(3)\&.
.SS "Conversation"
.PP
-The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\. This callback is specified by the
+The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the
\fIstruct pam_conv\fR
passed to
\fBpam_start\fR(3)
-at the start of the transaction\. See
+at the start of the transaction\&. See
\fBpam_conv\fR(3)
-for details\.
+for details\&.
.SS "Data Objects"
.PP
The
\fBpam_set_item\fR(3)
and
\fBpam_get_item\fR(3)
-functions allows applications and PAM service modules to set and retrieve PAM informations\.
+functions allows applications and PAM service modules to set and retrieve PAM informations\&.
.PP
The
\fBpam_get_user\fR(3)
-function is the preferred method to obtain the username\.
+function is the preferred method to obtain the username\&.
.PP
The
\fBpam_set_data\fR(3)
and
\fBpam_get_data\fR(3)
-functions allows PAM service modules to set and retrieve free\-form data from one invocation to another\.
+functions allows PAM service modules to set and retrieve free\-form data from one invocation to another\&.
.SS "Environment and Error Management"
.PP
The
@@ -106,158 +274,158 @@ The
\fBpam_getenv\fR(3)
and
\fBpam_getenvlist\fR(3)
-functions are for maintaining a set of private environment variables\.
+functions are for maintaining a set of private environment variables\&.
.PP
The
\fBpam_strerror\fR(3)
-function returns a pointer to a string describing the given PAM error code\.
+function returns a pointer to a string describing the given PAM error code\&.
.SH "RETURN VALUES"
.PP
The following return codes are known by PAM:
.PP
PAM_ABORT
.RS 4
-Critical error, immediate abort\.
+Critical error, immediate abort\&.
.RE
.PP
PAM_ACCT_EXPIRED
.RS 4
-User account has expired\.
+User account has expired\&.
.RE
.PP
PAM_AUTHINFO_UNAVAIL
.RS 4
-Authentication service cannot retrieve authentication info\.
+Authentication service cannot retrieve authentication info\&.
.RE
.PP
PAM_AUTHTOK_DISABLE_AGING
.RS 4
-Authentication token aging disabled\.
+Authentication token aging disabled\&.
.RE
.PP
PAM_AUTHTOK_ERR
.RS 4
-Authentication token manipulation error\.
+Authentication token manipulation error\&.
.RE
.PP
PAM_AUTHTOK_EXPIRED
.RS 4
-Authentication token expired\.
+Authentication token expired\&.
.RE
.PP
PAM_AUTHTOK_LOCK_BUSY
.RS 4
-Authentication token lock busy\.
+Authentication token lock busy\&.
.RE
.PP
PAM_AUTHTOK_RECOVERY_ERR
.RS 4
-Authentication information cannot be recovered\.
+Authentication information cannot be recovered\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
-Authentication failure\.
+Authentication failure\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
-Conversation failure\.
+Conversation failure\&.
.RE
.PP
PAM_CRED_ERR
.RS 4
-Failure setting user credentials\.
+Failure setting user credentials\&.
.RE
.PP
PAM_CRED_EXPIRED
.RS 4
-User credentials expired\.
+User credentials expired\&.
.RE
.PP
PAM_CRED_INSUFFICIENT
.RS 4
-Insufficient credentials to access authentication data\.
+Insufficient credentials to access authentication data\&.
.RE
.PP
PAM_CRED_UNAVAIL
.RS 4
-Authentication service cannot retrieve user credentials\.
+Authentication service cannot retrieve user credentials\&.
.RE
.PP
PAM_IGNORE
.RS 4
-The return value should be ignored by PAM dispatch\.
+The return value should be ignored by PAM dispatch\&.
.RE
.PP
PAM_MAXTRIES
.RS 4
-Have exhausted maximum number of retries for service\.
+Have exhausted maximum number of retries for service\&.
.RE
.PP
PAM_MODULE_UNKNOWN
.RS 4
-Module is unknown\.
+Module is unknown\&.
.RE
.PP
PAM_NEW_AUTHTOK_REQD
.RS 4
-Authentication token is no longer valid; new one required\.
+Authentication token is no longer valid; new one required\&.
.RE
.PP
PAM_NO_MODULE_DATA
.RS 4
-No module specific data is present\.
+No module specific data is present\&.
.RE
.PP
PAM_OPEN_ERR
.RS 4
-Failed to load module\.
+Failed to load module\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
-Permission denied\.
+Permission denied\&.
.RE
.PP
PAM_SERVICE_ERR
.RS 4
-Error in service module\.
+Error in service module\&.
.RE
.PP
PAM_SESSION_ERR
.RS 4
-Cannot make/remove an entry for the specified session\.
+Cannot make/remove an entry for the specified session\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Success\.
+Success\&.
.RE
.PP
PAM_SYMBOL_ERR
.RS 4
-Symbol not found\.
+Symbol not found\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-System error\.
+System error\&.
.RE
.PP
PAM_TRY_AGAIN
.RS 4
-Failed preliminary check by password service\.
+Failed preliminary check by password service\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-User not known to the underlying authentication module\.
+User not known to the underlying authentication module\&.
.RE
.SH "SEE ALSO"
.PP
@@ -280,3 +448,8 @@ User not known to the underlying authentication module\.
\fBpam_setcred\fR(3),
\fBpam_start\fR(3),
\fBpam_strerror\fR(3)
+.SH "NOTES"
+.PP
+The
+\fIlibpam\fR
+interfaces are only thread\-safe if each thread within the multithreaded application uses its own PAM handle\&.
diff --git a/doc/man/pam.3.xml b/doc/man/pam.3.xml
index 3cf71b2d..78e1cf3e 100644
--- a/doc/man/pam.3.xml
+++ b/doc/man/pam.3.xml
@@ -430,4 +430,10 @@
</citerefentry>
</para>
</refsect1>
+ <refsect1 id='pam3-notes'><title>NOTES</title>
+ <para>
+ The <emphasis>libpam</emphasis> interfaces are only thread-safe if each
+ thread within the multithreaded application uses its own PAM handle.
+ </para>
+ </refsect1>
</refentry>
diff --git a/doc/man/pam.conf-syntax.xml b/doc/man/pam.conf-syntax.xml
index 1460c6f6..ced8ff1f 100644
--- a/doc/man/pam.conf-syntax.xml
+++ b/doc/man/pam.conf-syntax.xml
@@ -102,6 +102,14 @@
</listitem>
</varlistentry>
</variablelist>
+ <para>
+ If the <emphasis>type</emphasis> value from the list above is prepended
+ with a <emphasis>-</emphasis> character the PAM library will not log to
+ the system log if it is not possible to load the module because it is
+ missing in the system. This can be useful especially for modules which
+ are not always installed on the system and are not required for correct
+ authentication and authorization of the login session.
+ </para>
<para>
The third field, <emphasis>control</emphasis>, indicates the
diff --git a/doc/man/pam.conf.5 b/doc/man/pam.conf.5
index 669739a0..c4f46b3f 100644
--- a/doc/man/pam.conf.5
+++ b/doc/man/pam.conf.5
@@ -1,34 +1,190 @@
.\" Title: pam.conf
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM\&.CONF" "5" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam.conf, pam.d - PAM configuration files
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam.conf, pam.d \- PAM configuration files
.SH "DESCRIPTION"
.PP
When a
\fIPAM\fR
-aware privilege granting application is started, it activates its attachment to the PAM\-API\. This activation performs a number of tasks, the most important being the reading of the configuration file(s):
-\fI/etc/pam\.conf\fR\. Alternatively, this may be the contents of the
-\fI/etc/pam\.d/\fR
-directory\. The presence of this directory will cause Linux\-PAM to ignore
-\fI/etc/pam\.conf\fR\.
+aware privilege granting application is started, it activates its attachment to the PAM\-API\&. This activation performs a number of tasks, the most important being the reading of the configuration file(s):
+\FC/etc/pam\&.conf\F[]\&. Alternatively, this may be the contents of the
+\FC/etc/pam\&.d/\F[]
+directory\&. The presence of this directory will cause Linux\-PAM to ignore
+\FC/etc/pam\&.conf\F[]\&.
.PP
These files list the
\fIPAM\fRs that will do the authentication tasks required by this service, and the appropriate behavior of the PAM\-API in the event that individual
-\fIPAM\fRs fail\.
+\fIPAM\fRs fail\&.
.PP
The syntax of the
-\fI/etc/pam\.conf\fR
-configuration file is as follows\. The file is made up of a list of rules, each rule is typically placed on a single line, but may be extended with an escaped end of line: `\e<LF>\'\. Comments are preceded with `#\' marks and extend to the next end of line\.
+\FC/etc/pam\&.conf\F[]
+configuration file is as follows\&. The file is made up of a list of rules, each rule is typically placed on a single line, but may be extended with an escaped end of line: `\e<LF>\'\&. Comments are preceded with `#\' marks and extend to the next end of line\&.
.PP
The format of each rule is a space separated collection of tokens, the first three being case\-insensitive:
.PP
@@ -36,19 +192,19 @@ The format of each rule is a space separated collection of tokens, the first thr
\fB service type control module\-path module\-arguments\fR
.PP
The syntax of files contained in the
-\fI/etc/pam\.d/\fR
+\FC/etc/pam\&.d/\F[]
directory, are identical except for the absence of any
\fIservice\fR
-field\. In this case, the
+field\&. In this case, the
\fIservice\fR
is the name of the file in the
-\fI/etc/pam\.d/\fR
-directory\. This filename must be in lower case\.
+\FC/etc/pam\&.d/\F[]
+directory\&. This filename must be in lower case\&.
.PP
An important feature of
\fIPAM\fR, is that a number of rules may be
\fIstacked\fR
-to combine the services of a number of PAMs for a given authentication task\.
+to combine the services of a number of PAMs for a given authentication task\&.
.PP
The
\fIservice\fR
@@ -56,42 +212,48 @@ is typically the familiar name of the corresponding application:
\fIlogin\fR
and
\fIsu\fR
-are good examples\. The
+are good examples\&. The
\fIservice\fR\-name,
\fIother\fR, is reserved for giving
\fIdefault\fR
-rules\. Only lines that mention the current service (or in the absence of such, the
+rules\&. Only lines that mention the current service (or in the absence of such, the
\fIother\fR
-entries) will be associated with the given service\-application\.
+entries) will be associated with the given service\-application\&.
.PP
The
\fItype\fR
-is the management group that the rule corresponds to\. It is used to specify which of the management groups the subsequent module is to be associated with\. Valid entries are:
+is the management group that the rule corresponds to\&. It is used to specify which of the management groups the subsequent module is to be associated with\&. Valid entries are:
.PP
account
.RS 4
-this module type performs non\-authentication based account management\. It is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user \-\- \'root\' login only on the console\.
+this module type performs non\-authentication based account management\&. It is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user \-\- \'root\' login only on the console\&.
.RE
.PP
auth
.RS 4
-this module type provides two aspects of authenticating the user\. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification\. Secondly, the module can grant group membership or other privileges through its credential granting properties\.
+this module type provides two aspects of authenticating the user\&. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification\&. Secondly, the module can grant group membership or other privileges through its credential granting properties\&.
.RE
.PP
password
.RS 4
-this module type is required for updating the authentication token associated with the user\. Typically, there is one module for each \'challenge/response\' based authentication (auth) type\.
+this module type is required for updating the authentication token associated with the user\&. Typically, there is one module for each \'challenge/response\' based authentication (auth) type\&.
.RE
.PP
session
.RS 4
-this module type is associated with doing things that need to be done for the user before/after they can be given service\. Such things include the logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc\.
+this module type is associated with doing things that need to be done for the user before/after they can be given service\&. Such things include the logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc\&.
.RE
.PP
+If the
+\fItype\fR
+value from the list above is prepended with a
+\fI\-\fR
+character the PAM library will not log to the system log if it is not possible to load the module because it is missing in the system\&. This can be useful especially for modules which are not always installed on the system and are not required for correct authentication and authorization of the login session\&.
+.PP
The third field,
-\fIcontrol\fR, indicates the behavior of the PAM\-API should the module fail to succeed in its authentication task\. There are two types of syntax for this control field: the simple one has a single simple keyword; the more complicated one involves a square\-bracketed selection of
+\fIcontrol\fR, indicates the behavior of the PAM\-API should the module fail to succeed in its authentication task\&. There are two types of syntax for this control field: the simple one has a single simple keyword; the more complicated one involves a square\-bracketed selection of
\fIvalue=action\fR
-pairs\.
+pairs\&.
.PP
For the simple (historical) syntax valid
\fIcontrol\fR
@@ -104,13 +266,13 @@ failure of such a PAM will ultimately lead to the PAM\-API returning failure but
modules (for this
\fIservice\fR
and
-\fItype\fR) have been invoked\.
+\fItype\fR) have been invoked\&.
.RE
.PP
requisite
.RS 4
like
-\fIrequired\fR, however, in the case that such a module returns a failure, control is directly returned to the application\. The return value is that associated with the first required or requisite module to fail\. Note, this flag can be used to protect against the possibility of a user getting the opportunity to enter a password over an unsafe medium\. It is conceivable that such behavior might inform an attacker of valid accounts on a system\. This possibility should be weighed against the not insignificant concerns of exposing a sensitive password in a hostile environment\.
+\fIrequired\fR, however, in the case that such a module returns a failure, control is directly returned to the application\&. The return value is that associated with the first required or requisite module to fail\&. Note, this flag can be used to protect against the possibility of a user getting the opportunity to enter a password over an unsafe medium\&. It is conceivable that such behavior might inform an attacker of valid accounts on a system\&. This possibility should be weighed against the not insignificant concerns of exposing a sensitive password in a hostile environment\&.
.RE
.PP
sufficient
@@ -118,47 +280,65 @@ sufficient
success of such a module is enough to satisfy the authentication requirements of the stack of modules (if a prior
\fIrequired\fR
module has failed the success of this one is
-\fIignored\fR)\. A failure of this module is not deemed as fatal to satisfying the application that this type has succeeded\. If the module succeeds the PAM framework returns success to the application immediately without trying any other modules\.
+\fIignored\fR)\&. A failure of this module is not deemed as fatal to satisfying the application that this type has succeeded\&. If the module succeeds the PAM framework returns success to the application immediately without trying any other modules\&.
.RE
.PP
optional
.RS 4
the success or failure of this module is only important if it is the only module in the stack associated with this
-\fIservice\fR+\fItype\fR\.
+\fIservice\fR+\fItype\fR\&.
.RE
.PP
include
.RS 4
-include all lines of given type from the configuration file specified as an argument to this control\.
+include all lines of given type from the configuration file specified as an argument to this control\&.
.RE
.PP
substack
.RS 4
-include all lines of given type from the configuration file specified as an argument to this control\. This differs from
+include all lines of given type from the configuration file specified as an argument to this control\&. This differs from
\fIinclude\fR
in that evaluation of the
\fIdone\fR
and
\fIdie\fR
-actions in a substack does not cause skipping the rest of the complete module stack, but only of the substack\. Jumps in a substack also can not make evaluation jump out of it, and the whole substack is counted as one module when the jump is done in a parent stack\. The
+actions in a substack does not cause skipping the rest of the complete module stack, but only of the substack\&. Jumps in a substack also can not make evaluation jump out of it, and the whole substack is counted as one module when the jump is done in a parent stack\&. The
\fIreset\fR
-action will reset the state of a module stack to the state it was in as of beginning of the substack evaluation\.
+action will reset the state of a module stack to the state it was in as of beginning of the substack evaluation\&.
.RE
.PP
For the more complicated syntax valid
\fIcontrol\fR
values have the following form:
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
- [value1=action1 value2=action2 \.\.\.]
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+ [value1=action1 value2=action2 \&.\&.\&.]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.PP
Where
\fIvalueN\fR
-corresponds to the return code from the function invoked in the module for which the line is defined\. It is selected from one of these:
+corresponds to the return code from the function invoked in the module for which the line is defined\&. It is selected from one of these:
\fIsuccess\fR,
\fIopen_err\fR,
\fIsymbol_err\fR,
@@ -191,12 +371,12 @@ corresponds to the return code from the function invoked in the module for which
\fIbad_item\fR,
\fIconv_again\fR,
\fIincomplete\fR, and
-\fIdefault\fR\.
+\fIdefault\fR\&.
.PP
The last of these,
\fIdefault\fR, implies \'all
-\fIvalueN\fR\'s not mentioned explicitly\. Note, the full list of PAM errors is available in
-\fI/usr/include/security/_pam_types\.h\fR\. The
+\fIvalueN\fR\'s not mentioned explicitly\&. Note, the full list of PAM errors is available in
+\FC/usr/include/security/_pam_types\&.h\F[]\&. The
\fIactionN\fR
can be: an unsigned integer,
\fIn\fR, signifying an action of \'jump over the next
@@ -205,36 +385,36 @@ modules in the stack\'; or take one of the following forms:
.PP
ignore
.RS 4
-when used with a stack of modules, the module\'s return status will not contribute to the return code the application obtains\.
+when used with a stack of modules, the module\'s return status will not contribute to the return code the application obtains\&.
.RE
.PP
bad
.RS 4
-this action indicates that the return code should be thought of as indicative of the module failing\. If this module is the first in the stack to fail, its status value will be used for that of the whole stack\.
+this action indicates that the return code should be thought of as indicative of the module failing\&. If this module is the first in the stack to fail, its status value will be used for that of the whole stack\&.
.RE
.PP
die
.RS 4
-equivalent to bad with the side effect of terminating the module stack and PAM immediately returning to the application\.
+equivalent to bad with the side effect of terminating the module stack and PAM immediately returning to the application\&.
.RE
.PP
ok
.RS 4
-this tells PAM that the administrator thinks this return code should contribute directly to the return code of the full stack of modules\. In other words, if the former state of the stack would lead to a return of
-\fIPAM_SUCCESS\fR, the module\'s return code will override this value\. Note, if the former state of the stack holds some value that is indicative of a modules failure, this \'ok\' value will not be used to override that value\.
+this tells PAM that the administrator thinks this return code should contribute directly to the return code of the full stack of modules\&. In other words, if the former state of the stack would lead to a return of
+\fIPAM_SUCCESS\fR, the module\'s return code will override this value\&. Note, if the former state of the stack holds some value that is indicative of a modules failure, this \'ok\' value will not be used to override that value\&.
.RE
.PP
done
.RS 4
-equivalent to ok with the side effect of terminating the module stack and PAM immediately returning to the application\.
+equivalent to ok with the side effect of terminating the module stack and PAM immediately returning to the application\&.
.RE
.PP
reset
.RS 4
-clear all memory of the state of the module stack and start again with the next stacked module\.
+clear all memory of the state of the module stack and start again with the next stacked module\&.
.RE
.PP
-Each of the four keywords: required; requisite; sufficient; and optional, have an equivalent expression in terms of the [\.\.\.] syntax\. They are as follows:
+Each of the four keywords: required; requisite; sufficient; and optional, have an equivalent expression in terms of the [\&.\&.\&.] syntax\&. They are as follows:
.PP
required
.RS 4
@@ -259,56 +439,110 @@ optional
\fImodule\-path\fR
is either the full filename of the PAM to be used by the application (it begins with a \'/\'), or a relative pathname from the default module location:
-\fI/lib/security/\fR
+\FC/lib/security/\F[]
or
-\fI/lib64/security/\fR, depending on the architecture\.
+\FC/lib64/security/\F[], depending on the architecture\&.
.PP
\fImodule\-arguments\fR
-are a space separated list of tokens that can be used to modify the specific behavior of the given PAM\. Such arguments will be documented for each individual module\. Note, if you wish to include spaces in an argument, you should surround that argument with square brackets\.
+are a space separated list of tokens that can be used to modify the specific behavior of the given PAM\&. Such arguments will be documented for each individual module\&. Note, if you wish to include spaces in an argument, you should surround that argument with square brackets\&.
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
- squid auth required pam_mysql\.so user=passwd_query passwd=mada \e
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+ squid auth required pam_mysql\&.so user=passwd_query passwd=mada \e
db=eminence [query=select user_name from internet_service \e
where user_name=\'%u\' and password=PASSWORD(\'%p\') and \e
service=\'web_proxy\']
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.PP
-When using this convention, you can include `[\' characters inside the string, and if you wish to include a `]\' character inside the string that will survive the argument parsing, you should use `\e]\'\. In other words:
+When using this convention, you can include `[\' characters inside the string, and if you wish to include a `]\' character inside the string that will survive the argument parsing, you should use `\e]\'\&. In other words:
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
- [\.\.[\.\.\e]\.\.] \-\-> \.\.[\.\.]\.\.
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+ [\&.\&.[\&.\&.\e]\&.\&.] \-\-> \&.\&.[\&.\&.]\&.\&.
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.PP
-Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the side of caution) to make the authentication process fail\. A corresponding error is written to the system log files with a call to
-\fBsyslog\fR(3)\.
+Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the side of caution) to make the authentication process fail\&. A corresponding error is written to the system log files with a call to
+\fBsyslog\fR(3)\&.
.PP
More flexible than the single configuration file is it to configure libpam via the contents of the
-\fI/etc/pam\.d/\fR
-directory\. In this case the directory is filled with files each of which has a filename equal to a service\-name (in lower\-case): it is the personal configuration file for the named service\.
+\FC/etc/pam\&.d/\F[]
+directory\&. In this case the directory is filled with files each of which has a filename equal to a service\-name (in lower\-case): it is the personal configuration file for the named service\&.
.PP
-The syntax of each file in /etc/pam\.d/ is similar to that of the
-\fI/etc/pam\.conf\fR
+The syntax of each file in /etc/pam\&.d/ is similar to that of the
+\FC/etc/pam\&.conf\F[]
file and is made up of lines of the following form:
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
type control module\-path module\-arguments
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.PP
-The only difference being that the service\-name is not present\. The service\-name is of course the name of the given configuration file\. For example,
-\fI/etc/pam\.d/login\fR
+The only difference being that the service\-name is not present\&. The service\-name is of course the name of the given configuration file\&. For example,
+\FC/etc/pam\&.d/login\F[]
contains the configuration for the
\fBlogin\fR
-service\.
+service\&.
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_acct_mgmt.3 b/doc/man/pam_acct_mgmt.3
index 072cf189..e3788469 100644
--- a/doc/man/pam_acct_mgmt.3
+++ b/doc/man/pam_acct_mgmt.3
@@ -1,78 +1,240 @@
.\" Title: pam_acct_mgmt
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_ACCT_MGMT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ACCT_MGMT" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_acct_mgmt - PAM account validation management
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_acct_mgmt \- PAM account validation management
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 18
+.fam C
+.HP \w'int\ pam_acct_mgmt('u
.BI "int pam_acct_mgmt(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_acct_mgmt\fR
-function is used to determine if the users account is valid\. It checks for authentication token and account expiration and verifies access restrictions\. It is typically called after the user has been authenticated\.
+function is used to determine if the users account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&.
.PP
The
\fIpamh\fR
-argument is an authentication handle obtained by a prior call to pam_start()\. The flags argument is the binary or of zero or more of the following values:
+argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.PP
PAM_DISALLOW_NULL_AUTHTOK
.RS 4
-The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token\.
+The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ACCT_EXPIRED
.RS 4
-User account has expired\.
+User account has expired\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
-Authentication failure\.
+Authentication failure\&.
.RE
.PP
PAM_NEW_AUTHTOK_REQD
.RS 4
The user account is valid but their authentication token is
-\fIexpired\fR\. The correct response to this return\-value is to require that the user satisfies the
+\fIexpired\fR\&. The correct response to this return\-value is to require that the user satisfies the
\fBpam_chauthtok()\fR
-function before obtaining service\. It may not be possible for some applications to do this\. In such cases, the user should be denied access until such time as they can update their password\.
+function before obtaining service\&. It may not be possible for some applications to do this\&. In such cases, the user should be denied access until such time as they can update their password\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
-Permission denied\.
+Permission denied\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The authentication token was successfully updated\.
+The authentication token was successfully updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-User unknown to password service\.
+User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_authenticate.3 b/doc/man/pam_authenticate.3
index 49a540cc..561d6de8 100644
--- a/doc/man/pam_authenticate.3
+++ b/doc/man/pam_authenticate.3
@@ -1,50 +1,212 @@
.\" Title: pam_authenticate
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_AUTHENTICATE" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_AUTHENTICATE" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_authenticate - account authentication
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_authenticate \- account authentication
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 21
+.fam C
+.HP \w'int\ pam_authenticate('u
.BI "int pam_authenticate(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_authenticate\fR
-function is used to authenticate the user\. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\.
+function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&.
.PP
The PAM service module may request that the user enter their username vio the the conversation mechanism (see
\fBpam_start\fR(3)
and
-\fBpam_conv\fR(3))\. The name of the authenticated user will be present in the PAM item PAM_USER\. This item may be recovered with a call to
-\fBpam_get_item\fR(3)\.
+\fBpam_conv\fR(3))\&. The name of the authenticated user will be present in the PAM item PAM_USER\&. This item may be recovered with a call to
+\fBpam_get_item\fR(3)\&.
.PP
The
\fIpamh\fR
-argument is an authentication handle obtained by a prior call to pam_start()\. The flags argument is the binary or of zero or more of the following values:
+argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.PP
PAM_DISALLOW_NULL_AUTHTOK
.RS 4
-The PAM module service should return PAM_AUTH_ERR if the user does not have a registered authentication token\.
+The PAM module service should return PAM_AUTH_ERR if the user does not have a registered authentication token\&.
.RE
.SH "RETURN VALUES"
.PP
@@ -52,37 +214,37 @@ PAM_ABORT
.RS 4
The application should exit immediately after calling
\fBpam_end\fR(3)
-first\.
+first\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
-The user was not authenticated\.
+The user was not authenticated\&.
.RE
.PP
PAM_CRED_INSUFFICIENT
.RS 4
-For some reason the application does not have sufficient credentials to authenticate the user\.
+For some reason the application does not have sufficient credentials to authenticate the user\&.
.RE
.PP
PAM_AUTHINFO_UNVAIL
.RS 4
-The modules were not able to access the authentication information\. This might be due to a network or hardware failure etc\.
+The modules were not able to access the authentication information\&. This might be due to a network or hardware failure etc\&.
.RE
.PP
PAM_MAXTRIES
.RS 4
-One or more of the authentication modules has reached its limit of tries authenticating the user\. Do not try again\.
+One or more of the authentication modules has reached its limit of tries authenticating the user\&. Do not try again\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The user was successfully authenticated\.
+The user was successfully authenticated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-User unknown to authentication service\.
+User unknown to authentication service\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_chauthtok.3 b/doc/man/pam_chauthtok.3
index 4580ae9b..d366e587 100644
--- a/doc/man/pam_chauthtok.3
+++ b/doc/man/pam_chauthtok.3
@@ -1,86 +1,248 @@
.\" Title: pam_chauthtok
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_CHAUTHTOK" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_CHAUTHTOK" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_chauthtok - updating authentication tokens
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_chauthtok \- updating authentication tokens
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 18
+.fam C
+.HP \w'int\ pam_chauthtok('u
.BI "int pam_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_chauthtok\fR
function is used to change the authentication token for a given user (as indicated by the state associated with the handle
-\fIpamh\fR)\.
+\fIpamh\fR)\&.
.PP
The
\fIpamh\fR
-argument is an authentication handle obtained by a prior call to pam_start()\. The flags argument is the binary or of zero or more of the following values:
+argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.PP
PAM_CHANGE_EXPIRED_AUTHTOK
.RS 4
-This argument indicates to the modules that the users authentication token (password) should only be changed if it has expired\. If this argument is not passed, the application requires that all authentication tokens are to be changed\.
+This argument indicates to the modules that the users authentication token (password) should only be changed if it has expired\&. If this argument is not passed, the application requires that all authentication tokens are to be changed\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_AUTHTOK_ERR
.RS 4
-A module was unable to obtain the new authentication token\.
+A module was unable to obtain the new authentication token\&.
.RE
.PP
PAM_AUTHTOK_RECOVERY_ERR
.RS 4
-A module was unable to obtain the old authentication token\.
+A module was unable to obtain the old authentication token\&.
.RE
.PP
PAM_AUTHTOK_LOCK_BUSY
.RS 4
-One or more of the modules was unable to change the authentication token since it is currently locked\.
+One or more of the modules was unable to change the authentication token since it is currently locked\&.
.RE
.PP
PAM_AUTHTOK_DISABLE_AGING
.RS 4
-Authentication token aging has been disabled for at least one of the modules\.
+Authentication token aging has been disabled for at least one of the modules\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
-Permission denied\.
+Permission denied\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The authentication token was successfully updated\.
+The authentication token was successfully updated\&.
.RE
.PP
PAM_TRY_AGAIN
.RS 4
-Not all of the modules were in a position to update the authentication token(s)\. In such a case none of the user\'s authentication tokens are updated\.
+Not all of the modules were in a position to update the authentication token(s)\&. In such a case none of the user\'s authentication tokens are updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-User unknown to password service\.
+User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_close_session.3 b/doc/man/pam_close_session.3
index 8088c5dc..95b6aaed 100644
--- a/doc/man/pam_close_session.3
+++ b/doc/man/pam_close_session.3
@@ -1,62 +1,224 @@
.\" Title: pam_close_session
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_CLOSE_SESSION" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_CLOSE_SESSION" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_close_session - terminate PAM session management
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_close_session \- terminate PAM session management
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 22
+.fam C
+.HP \w'int\ pam_close_session('u
.BI "int pam_close_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_close_session\fR
-function is used to indicate that an authenticated session has ended\. The session should have been created with a call to
-\fBpam_open_session\fR(3)\.
+function is used to indicate that an authenticated session has ended\&. The session should have been created with a call to
+\fBpam_open_session\fR(3)\&.
.PP
It should be noted that the effective uid,
-\fBgeteuid\fR(2)\. of the application should be of sufficient privilege to perform such tasks as unmounting the user\'s home directory for example\.
+\fBgeteuid\fR(2)\&. of the application should be of sufficient privilege to perform such tasks as unmounting the user\'s home directory for example\&.
.PP
The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ABORT
.RS 4
-General failure\.
+General failure\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_SESSION_ERR
.RS 4
-Session failure\.
+Session failure\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Session was successful terminated\.
+Session was successful terminated\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_conv.3 b/doc/man/pam_conv.3
index 626d47af..bf7ef3bf 100644
--- a/doc/man/pam_conv.3
+++ b/doc/man/pam_conv.3
@@ -1,26 +1,187 @@
.\" Title: pam_conv
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_CONV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_CONV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_conv - PAM conversation function
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_conv \- PAM conversation function
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
.sp
-.RS 4
+.fam C
+.ps -1
.nf
struct pam_message {
int msg_style;
@@ -39,39 +200,40 @@ struct pam_conv {
};
.fi
-.RE
+.fam
+.ps +1
.SH "DESCRIPTION"
.PP
-The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\. This callback is specified by the
+The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the
\fIstruct pam_conv\fR
passed to
\fBpam_start\fR(3)
-at the start of the transaction\.
+at the start of the transaction\&.
.PP
When a module calls the referenced conv() function, the argument
\fIappdata_ptr\fR
-is set to the second element of this structure\.
+is set to the second element of this structure\&.
.PP
-The other arguments of a call to conv() concern the information exchanged by module and application\. That is to say,
+The other arguments of a call to conv() concern the information exchanged by module and application\&. That is to say,
\fInum_msg\fR
holds the length of the array of pointers,
-\fImsg\fR\. After a successful return, the pointer
+\fImsg\fR\&. After a successful return, the pointer
\fIresp\fR
-points to an array of pam_response structures, holding the application supplied text\. The
+points to an array of pam_response structures, holding the application supplied text\&. The
\fIresp_retcode\fR
-member of this struct is unused and should be set to zero\. It is the caller\'s responsibility to release both, this array and the responses themselves, using
-\fBfree\fR(3)\. Note,
+member of this struct is unused and should be set to zero\&. It is the caller\'s responsibility to release both, this array and the responses themselves, using
+\fBfree\fR(3)\&. Note,
\fI*resp\fR
is a
\fIstruct pam_response\fR
-array and not an array of pointers\.
+array and not an array of pointers\&.
.PP
The number of responses is always equal to the
\fInum_msg\fR
-conversation function argument\. This does require that the response array is
-\fBfree\fR(3)\'d after every call to the conversation function\. The index of the responses corresponds directly to the prompt index in the pam_message array\.
+conversation function argument\&. This does require that the response array is
+\fBfree\fR(3)\'d after every call to the conversation function\&. The index of the responses corresponds directly to the prompt index in the pam_message array\&.
.PP
-On failure, the conversation function should release any resources it has allocated, and return one of the predefined PAM error codes\.
+On failure, the conversation function should release any resources it has allocated, and return one of the predefined PAM error codes\&.
.PP
Each message can have one of four types, specified by the
\fImsg_style\fR
@@ -80,60 +242,92 @@ member of
.PP
PAM_PROMPT_ECHO_OFF
.RS 4
-Obtain a string without echoing any text\.
+Obtain a string without echoing any text\&.
.RE
.PP
PAM_PROMPT_ECHO_ON
.RS 4
-Obtain a string whilst echoing text\.
+Obtain a string whilst echoing text\&.
.RE
.PP
PAM_ERROR_MSG
.RS 4
-Display an error message\.
+Display an error message\&.
.RE
.PP
PAM_TEXT_INFO
.RS 4
-Display some text\.
+Display some text\&.
.RE
.PP
-The point of having an array of messages is that it becomes possible to pass a number of things to the application in a single call from the module\. It can also be convenient for the application that related things come at once: a windows based application can then present a single form with many messages/prompts on at once\.
+The point of having an array of messages is that it becomes possible to pass a number of things to the application in a single call from the module\&. It can also be convenient for the application that related things come at once: a windows based application can then present a single form with many messages/prompts on at once\&.
.PP
-In passing, it is worth noting that there is a descrepency between the way Linux\-PAM handles the const struct pam_message **msg conversation function argument from the way that Solaris\' PAM (and derivitives, known to include HP/UX, are there others?) does\. Linux\-PAM interprets the msg argument as entirely equivalent to the following prototype const struct pam_message *msg[] (which, in spirit, is consistent with the commonly used prototypes for argv argument to the familiar main() function: char **argv; and char *argv[])\. Said another way Linux\-PAM interprets the msg argument as a pointer to an array of num_msg read only \'struct pam_message\' pointers\. Solaris\' PAM implementation interprets this argument as a pointer to a pointer to an array of num_msg pam_message structures\. Fortunately, perhaps, for most module/application developers when num_msg has a value of one these two definitions are entirely equivalent\. Unfortunately, casually raising this number to two has led to unanticipated compatibility problems\.
+In passing, it is worth noting that there is a descrepency between the way Linux\-PAM handles the const struct pam_message **msg conversation function argument from the way that Solaris\' PAM (and derivitives, known to include HP/UX, are there others?) does\&. Linux\-PAM interprets the msg argument as entirely equivalent to the following prototype const struct pam_message *msg[] (which, in spirit, is consistent with the commonly used prototypes for argv argument to the familiar main() function: char **argv; and char *argv[])\&. Said another way Linux\-PAM interprets the msg argument as a pointer to an array of num_msg read only \'struct pam_message\' pointers\&. Solaris\' PAM implementation interprets this argument as a pointer to a pointer to an array of num_msg pam_message structures\&. Fortunately, perhaps, for most module/application developers when num_msg has a value of one these two definitions are entirely equivalent\&. Unfortunately, casually raising this number to two has led to unanticipated compatibility problems\&.
.PP
For what its worth the two known module writer work\-arounds for trying to maintain source level compatibility with both PAM implementations are:
.sp
.RS 4
-\h'-04'\(bu\h'+03'never call the conversation function with num_msg greater than one\.
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+never call the conversation function with num_msg greater than one\&.
.RE
.sp
.RS 4
-\h'-04'\(bu\h'+03'set up msg as doubly referenced so both types of conversation function can find the messages\. That is, make
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+set up msg as doubly referenced so both types of conversation function can find the messages\&. That is, make
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
msg[n] = & (( *msg )[n])
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.RE
.SH "RETURN VALUES"
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
-Conversation failure\. The application should not set
-\fI*resp\fR\.
+Conversation failure\&. The application should not set
+\fI*resp\fR\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Success\.
+Success\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_end.3 b/doc/man/pam_end.3
index 10893944..e1368e71 100644
--- a/doc/man/pam_end.3
+++ b/doc/man/pam_end.3
@@ -1,37 +1,199 @@
.\" Title: pam_end
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_END" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_END" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_end - termination of PAM transaction
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_end \- termination of PAM transaction
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 12
+.fam C
+.HP \w'int\ pam_end('u
.BI "int pam_end(pam_handle_t\ *" "pamh" ", int\ " "pam_status" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_end\fR
-function terminates the PAM transaction and is the last function an application should call in the PAM context\. Upon return the handle
+function terminates the PAM transaction and is the last function an application should call in the PAM context\&. Upon return the handle
\fIpamh\fR
-is no longer valid and all memory associated with it will be invalid\.
+is no longer valid and all memory associated with it will be invalid\&.
.PP
The
\fIpam_status\fR
-argument should be set to the value returned to the application by the last PAM library call\.
+argument should be set to the value returned to the application by the last PAM library call\&.
.PP
The value taken by
\fIpam_status\fR
@@ -40,29 +202,29 @@ is used as an argument to the module specific callback function,
(See
\fBpam_set_data\fR(3)
and
-\fBpam_get_data\fR(3))\. In this way the module can be given notification of the pass/fail nature of the tear\-down process, and perform any last minute tasks that are appropriate to the module before it is unlinked\. This argument can be logically OR\'d with
+\fBpam_get_data\fR(3))\&. In this way the module can be given notification of the pass/fail nature of the tear\-down process, and perform any last minute tasks that are appropriate to the module before it is unlinked\&. This argument can be logically OR\'d with
\fIPAM_DATA_SILENT\fR
-to indicate to indicate that the module should not treat the call too seriously\. It is generally used to indicate that the current closing of the library is in a
-\fBfork\fR(2)ed process, and that the parent will take care of cleaning up things that exist outside of the current process space (files etc\.)\.
+to indicate to indicate that the module should not treat the call too seriously\&. It is generally used to indicate that the current closing of the library is in a
+\fBfork\fR(2)ed process, and that the parent will take care of cleaning up things that exist outside of the current process space (files etc\&.)\&.
.PP
This function
\fIfree\fR\'s all memory for items associated with the
\fBpam_set_item\fR(3)
and
\fBpam_get_item\fR(3)
-functions\. Pointers associated with such objects are not valid anymore after
+functions\&. Pointers associated with such objects are not valid anymore after
\fBpam_end\fR
-was called\.
+was called\&.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
-Transaction was successful terminated\.
+Transaction was successful terminated\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-System error, for example a NULL pointer was submitted as PAM handle or the function was called by a module\.
+System error, for example a NULL pointer was submitted as PAM handle or the function was called by a module\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_error.3 b/doc/man/pam_error.3
index a211e4a5..fbf32926 100644
--- a/doc/man/pam_error.3
+++ b/doc/man/pam_error.3
@@ -1,33 +1,197 @@
.\" Title: pam_error
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_ERROR" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ERROR" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_error, pam_verror - display error messages to the user
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_error, pam_verror \- display error messages to the user
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_ext\.h>
+#include <security/pam_ext\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 14
-.BI "int pam_error(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", " "\.\.\." ");"
-.HP 15
+.fam C
+.HP \w'int\ pam_error('u
+.BI "int pam_error(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");"
+.fam
+.fam C
+.HP \w'int\ pam_verror('u
.BI "int pam_verror(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", va_list\ " "args" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_error\fR
-function prints error messages through the conversation function to the user\.
+function prints error messages through the conversation function to the user\&.
.PP
The
\fBpam_verror\fR
@@ -35,27 +199,27 @@ function performs the same task as
\fBpam_error()\fR
with the difference that it takes a set of arguments which have been obtained using the
\fBstdarg\fR(3)
-variable argument list macros\.
+variable argument list macros\&.
.SH "RETURN VALUES"
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
-Conversation failure\.
+Conversation failure\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Error message was displayed\.
+Error message was displayed\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-System error\.
+System error\&.
.RE
.SH "SEE ALSO"
.PP
@@ -71,4 +235,4 @@ The
\fBpam_error\fR
and
\fBpam_verror\fR
-functions are Linux\-PAM extensions\.
+functions are Linux\-PAM extensions\&.
diff --git a/doc/man/pam_fail_delay.3 b/doc/man/pam_fail_delay.3
index 865659ed..57132d67 100644
--- a/doc/man/pam_fail_delay.3
+++ b/doc/man/pam_fail_delay.3
@@ -1,67 +1,265 @@
.\" Title: pam_fail_delay
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_FAIL_DELAY" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_FAIL_DELAY" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_fail_delay - request a delay on failure
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_fail_delay \- request a delay on failure
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 19
+.fam C
+.HP \w'int\ pam_fail_delay('u
.BI "int pam_fail_delay(pam_handle_t\ *" "pamh" ", unsigned\ int\ " "usec" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_fail_delay\fR
function provides a mechanism by which an application or module can suggest a minimum delay of
\fIusec\fR
-micro\-seconds\. The function keeps a record of the longest time requested with this function\. Should
+micro\-seconds\&. The function keeps a record of the longest time requested with this function\&. Should
\fBpam_authenticate\fR(3)
-fail, the failing return to the application is delayed by an amount of time randomly distributed (by up to 25%) about this longest value\.
+fail, the failing return to the application is delayed by an amount of time randomly distributed (by up to 25%) about this longest value\&.
.PP
-Independent of success, the delay time is reset to its zero default value when the PAM service module returns control to the application\. The delay occurs
+Independent of success, the delay time is reset to its zero default value when the PAM service module returns control to the application\&. The delay occurs
\fIafter\fR
all authentication modules have been called, but
\fIbefore\fR
-control is returned to the service application\.
+control is returned to the service application\&.
.PP
When using this function the programmer should check if it is available with:
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
#ifdef HAVE_PAM_FAIL_DELAY
- \.\.\.\.
+ \&.\&.\&.\&.
#endif /* HAVE_PAM_FAIL_DELAY */
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.PP
-For applications written with a single thread that are event driven in nature, generating this delay may be undesirable\. Instead, the application may want to register the delay in some other way\. For example, in a single threaded server that serves multiple authentication requests from a single event loop, the application might want to simply mark a given connection as blocked until an application timer expires\. For this reason the delay function can be changed with the
+For applications written with a single thread that are event driven in nature, generating this delay may be undesirable\&. Instead, the application may want to register the delay in some other way\&. For example, in a single threaded server that serves multiple authentication requests from a single event loop, the application might want to simply mark a given connection as blocked until an application timer expires\&. For this reason the delay function can be changed with the
\fIPAM_FAIL_DELAY\fR
-item\. It can be queried and set with
+item\&. It can be queried and set with
\fBpam_get_item\fR(3)
and
\fBpam_set_item \fR(3)
-respectively\. The value used to set it should be a function pointer of the following prototype:
+respectively\&. The value used to set it should be a function pointer of the following prototype:
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr);
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.sp
The arguments being the
\fIretval\fR
@@ -70,56 +268,92 @@ return code of the module stack, the
micro\-second delay that libpam is requesting and the
\fIappdata_ptr\fR
that the application has associated with the current
-\fIpamh\fR\. This last value was set by the application when it called
+\fIpamh\fR\&. This last value was set by the application when it called
\fBpam_start\fR(3)
or explicitly with
-\fBpam_set_item\fR(3)\. Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay will be performed\.
+\fBpam_set_item\fR(3)\&. Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay will be performed\&.
.SH "RATIONALE"
.PP
-It is often possible to attack an authentication scheme by exploiting the time it takes the scheme to deny access to an applicant user\. In cases of
+It is often possible to attack an authentication scheme by exploiting the time it takes the scheme to deny access to an applicant user\&. In cases of
\fIshort\fR
timeouts, it may prove possible to attempt a
\fIbrute force\fR
-dictionary attack \-\- with an automated process, the attacker tries all possible passwords to gain access to the system\. In other cases, where individual failures can take measurable amounts of time (indicating the nature of the failure), an attacker can obtain useful information about the authentication process\. These latter attacks make use of procedural delays that constitute a
+dictionary attack \-\- with an automated process, the attacker tries all possible passwords to gain access to the system\&. In other cases, where individual failures can take measurable amounts of time (indicating the nature of the failure), an attacker can obtain useful information about the authentication process\&. These latter attacks make use of procedural delays that constitute a
\fIcovert channel\fR
-of useful information\.
+of useful information\&.
.PP
-To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process\. Preferable this value should be set by the application or a special PAM module\. Standard PAM modules should not modify the delay unconditional\.
+To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process\&. Preferable this value should be set by the application or a special PAM module\&. Standard PAM modules should not modify the delay unconditional\&.
.SH "EXAMPLE"
.PP
-For example, a login application may require a failure delay of roughly 3 seconds\. It will contain the following code:
+For example, a login application may require a failure delay of roughly 3 seconds\&. It will contain the following code:
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
pam_fail_delay (pamh, 3000000 /* micro\-seconds */ );
pam_authenticate (pamh, 0);
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.PP
-if the modules do not request a delay, the failure delay will be between 2\.25 and 3\.75 seconds\.
+if the modules do not request a delay, the failure delay will be between 2\&.25 and 3\&.75 seconds\&.
.PP
However, the modules, invoked in the authentication process, may also request delays:
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
module #1: pam_fail_delay (pamh, 2000000);
module #2: pam_fail_delay (pamh, 4000000);
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.PP
-in this case, it is the largest requested value that is used to compute the actual failed delay: here between 3 and 5 seconds\.
+in this case, it is the largest requested value that is used to compute the actual failed delay: here between 3 and 5 seconds\&.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
-Delay was successful adjusted\.
+Delay was successful adjusted\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-A NULL pointer was submitted as PAM handle\.
+A NULL pointer was submitted as PAM handle\&.
.RE
.SH "SEE ALSO"
.PP
@@ -131,4 +365,4 @@ A NULL pointer was submitted as PAM handle\.
.PP
The
\fBpam_fail_delay\fR
-function is an Linux\-PAM extension\.
+function is an Linux\-PAM extension\&.
diff --git a/doc/man/pam_get_authtok.3 b/doc/man/pam_get_authtok.3
new file mode 100644
index 00000000..9d8000c5
--- /dev/null
+++ b/doc/man/pam_get_authtok.3
@@ -0,0 +1,285 @@
+.\" Title: pam_get_authtok
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_GET_AUTHTOK" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_get_authtok \- get authentication token
+.SH "Synopsis"
+.sp
+.ft B
+.fam C
+.ps -1
+.nf
+#include <security/pam_ext\&.h>
+.fi
+.fam
+.ps +1
+.ft
+.fam C
+.HP \w'int\ pam_get_authtok('u
+.BI "int pam_get_authtok(pam_handle_t\ *" "pamh" ", int\ " "item" ", const\ char\ **" "authtok" ", const\ char\ *" "prompt" ");"
+.fam
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_get_authtok\fR
+function returns the cached authentication token, or prompts the user if no token is currently cached\&. It is intended for internal use by Linux\-PAM and PAM service modules\&. Upon successful return,
+\fIauthtok\fR
+contains a pointer to the value of the authentication token\&. Note, this is a pointer to the
+\fIactual\fR
+data and should
+\fBnot\fR
+be
+\fIfree()\fR\'ed or over\-written!
+.PP
+The
+\fIprompt\fR
+argument specifies a prompt to use if no token is cached\&. If a NULL pointer is given,
+\fBpam_get_authtok\fR
+uses pre\-defined prompts\&.
+.PP
+The following values are supported for
+\fIitem\fR:
+.PP
+PAM_AUTHTOK
+.RS 4
+Returns the current authentication token\&. Called from
+\fBpam_sm_chauthtok\fR(3)
+\fBpam_get_authtok\fR
+will ask the user to confirm the new token by retyping it\&. If a prompt was specified, "Retype" will be used as prefix\&.
+.RE
+.PP
+PAM_OLDAUTHTOK
+.RS 4
+Returns the previous authentication token when changing authentication tokens\&.
+.RE
+.SH "OPTIONS"
+.PP
+
+\fBpam_get_authtok\fR
+honours the following module options:
+.PP
+\fBtry_first_pass\fR
+.RS 4
+Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\&.
+.RE
+.PP
+\fBuse_first_pass\fR
+.RS 4
+The argument
+\fBuse_first_pass\fR
+forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\&.
+.RE
+.PP
+\fBuse_authtok\fR
+.RS 4
+When password changing enforce the module to set the new token to the one provided by a previously stacked
+\fBpassword\fR
+module\&. If no token is available token changing will fail\&.
+.RE
+.PP
+\fBauthtok_type=\fR\fB\fIXXX\fR\fR
+.RS 4
+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word
+\fIUNIX\fR
+can be replaced with this option, by default it is empty\&.
+.RE
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+Authentication token could not be retrieved\&.
+.RE
+.PP
+PAM_AUTHTOK_ERR
+.RS 4
+New authentication could not be retrieved\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Authentication token was successful retrieved\&.
+.RE
+.PP
+PAM_SYSTEM_ERR
+.RS 4
+No space for an authentication token was provided\&.
+.RE
+.PP
+PAM_TRY_AGAIN
+.RS 4
+New authentication tokens mismatch\&.
+.RE
+.SH "SEE ALSO"
+.PP
+
+\fBpam\fR(8)
+.SH "STANDARDS"
+.PP
+The
+\fBpam_get_authtok\fR
+function is a Linux\-PAM extensions\&.
diff --git a/doc/man/pam_get_authtok.3.xml b/doc/man/pam_get_authtok.3.xml
new file mode 100644
index 00000000..4edf69e7
--- /dev/null
+++ b/doc/man/pam_get_authtok.3.xml
@@ -0,0 +1,205 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id="pam_get_authtok">
+
+ <refmeta>
+ <refentrytitle>pam_get_authtok</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_get_authtok-name">
+ <refname>pam_get_authtok</refname>
+ <refpurpose>get authentication token</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv id="pam_get_authtok-synopsis">
+ <funcsynopsis>
+ <funcsynopsisinfo>#include &lt;security/pam_ext.h&gt;</funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>int <function>pam_get_authtok</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>item</parameter></paramdef>
+ <paramdef>const char **<parameter>authtok</parameter></paramdef>
+ <paramdef>const char *<parameter>prompt</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='pam_get_authtok-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_get_authtok</function> function returns the
+ cached authentication token, or prompts the user if no token is
+ currently cached. It is intended for internal use by Linux-PAM and
+ PAM service modules. Upon successful return,
+ <emphasis>authtok</emphasis> contains a pointer to the value of the
+ authentication token. Note, this is a pointer to the
+ <emphasis>actual</emphasis> data and should
+ <emphasis remap="B">not</emphasis> be <emphasis>free()</emphasis>'ed or
+ over-written!
+ </para>
+ <para>
+ The <emphasis>prompt</emphasis> argument specifies a prompt to use
+ if no token is cached. If a NULL pointer
+ is given, <function>pam_get_authtok</function> uses pre-defined prompts.
+ </para>
+ <para>
+ The following values are supported for <emphasis>item</emphasis>:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTHTOK</term>
+ <listitem>
+ <para>
+ Returns the current authentication token. Called from
+ <citerefentry><refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> <function>pam_get_authtok</function> will
+ ask the user to confirm the new token by retyping it. If
+ a prompt was specified, "Retype" will be used as prefix.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_OLDAUTHTOK</term>
+ <listitem>
+ <para>
+ Returns the previous authentication token when changing
+ authentication tokens.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_get_authtok-options">
+ <title>OPTIONS</title>
+ <para>
+ <function>pam_get_authtok</function> honours the following module
+ options:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>try_first_pass</option>
+ </term>
+ <listitem>
+ <para>
+ Before prompting the user for their password, the module first
+ tries the previous stacked module's password in case that
+ satisfies this module as well.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>use_first_pass</option>
+ </term>
+ <listitem>
+ <para>
+ The argument <option>use_first_pass</option> forces the module
+ to use a previous stacked modules password and will never prompt
+ the user - if no password is available or the password is not
+ appropriate, the user will be denied access.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>use_authtok</option>
+ </term>
+ <listitem>
+ <para>
+ When password changing enforce the module to set the new
+ token to the one provided by a previously stacked
+ <option>password</option> module. If no token is available
+ token changing will fail.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>authtok_type=<replaceable>XXX</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The default action is for the module to use the
+ following prompts when requesting passwords:
+ "New UNIX password: " and "Retype UNIX password: ".
+ The example word <emphasis>UNIX</emphasis> can
+ be replaced with this option, by default it is empty.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+
+ <refsect1 id="pam_get_authtok-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ Authentication token could not be retrieved.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_ERR</term>
+ <listitem>
+ <para>
+ New authentication could not be retrieved.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Authentication token was successful retrieved.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SYSTEM_ERR</term>
+ <listitem>
+ <para>
+ No space for an authentication token was provided.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_TRY_AGAIN</term>
+ <listitem>
+ <para>
+ New authentication tokens mismatch.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_get_authtok-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_get_authtok-standards'>
+ <title>STANDARDS</title>
+ <para>
+ The <function>pam_get_authtok</function> function is a Linux-PAM
+ extensions.
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/doc/man/pam_get_data.3 b/doc/man/pam_get_data.3
index 3364eafe..3e026e35 100644
--- a/doc/man/pam_get_data.3
+++ b/doc/man/pam_get_data.3
@@ -1,31 +1,193 @@
.\" Title: pam_get_data
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_GET_DATA" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_GET_DATA" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_get_data - get module internal data
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_get_data \- get module internal data
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 17
+.fam C
+.HP \w'int\ pam_get_data('u
.BI "int pam_get_data(const\ pam_handle_t\ *" "pamh" ", const\ char\ *" "module_data_name" ", const\ void\ **" "data" ");"
+.fam
.SH "DESCRIPTION"
.PP
This function together with the
\fBpam_set_data\fR(3)
-function is useful to manage module\-specific data meaningful only to the calling PAM module\.
+function is useful to manage module\-specific data meaningful only to the calling PAM module\&.
.PP
The
\fBpam_get_data\fR
@@ -33,30 +195,30 @@ function looks up the object associated with the (hopefully) unique string
\fImodule_data_name\fR
in the PAM context specified by the
\fIpamh\fR
-argument\. A successful call to
+argument\&. A successful call to
\fBpam_get_data\fR
will result in
\fIdata\fR
-pointing to the object\. Note, this data is
+pointing to the object\&. Note, this data is
\fInot\fR
a copy and should be treated as
\fIconstant\fR
-by the module\.
+by the module\&.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
-Data was successful retrieved\.
+Data was successful retrieved\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-A NULL pointer was submitted as PAM handle or the function was called by an application\.
+A NULL pointer was submitted as PAM handle or the function was called by an application\&.
.RE
.PP
PAM_NO_MODULE_DATA
.RS 4
-Module data not found or there is an entry, but it has the value NULL\.
+Module data not found or there is an entry, but it has the value NULL\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3
index 550cafcd..9ab436dd 100644
--- a/doc/man/pam_get_item.3
+++ b/doc/man/pam_get_item.3
@@ -1,34 +1,196 @@
.\" Title: pam_get_item
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_GET_ITEM" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_GET_ITEM" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_get_item - getting PAM informations
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_get_item \- getting PAM informations
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 17
+.fam C
+.HP \w'int\ pam_get_item('u
.BI "int pam_get_item(const\ pam_handle_t\ *" "pamh" ", int\ " "item_type" ", const\ void\ **" "item" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_get_item\fR
function allows applications and PAM service modules to access and retrieve PAM informations of
-\fIitem_type\fR\. Upon successful return,
+\fIitem_type\fR\&. Upon successful return,
\fIitem\fR
-contains a pointer to the value of the corresponding item\. Note, this is a pointer to the
+contains a pointer to the value of the corresponding item\&. Note, this is a pointer to the
\fIactual\fR
data and should
\fBnot\fR
@@ -38,133 +200,141 @@ be
.PP
PAM_SERVICE
.RS 4
-The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\.
+The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\&.
.RE
.PP
PAM_USER
.RS 4
-The username of the entity under whose identity service will be given\. That is, following authentication,
+The username of the entity under whose identity service will be given\&. That is, following authentication,
\fIPAM_USER\fR
-identifies the local entity that gets to use the service\. Note, this value can be mapped from something (eg\., "anonymous") to something else (eg\. "guest119") by any module in the PAM stack\. As such an application should consult the value of
+identifies the local entity that gets to use the service\&. Note, this value can be mapped from something (eg\&., "anonymous") to something else (eg\&. "guest119") by any module in the PAM stack\&. As such an application should consult the value of
\fIPAM_USER\fR
-after each call to a PAM function\.
+after each call to a PAM function\&.
.RE
.PP
PAM_USER_PROMPT
.RS 4
-The string used when prompting for a user\'s name\. The default value for this string is a localized version of "login: "\.
+The string used when prompting for a user\'s name\&. The default value for this string is a localized version of "login: "\&.
.RE
.PP
PAM_TTY
.RS 4
The terminal name: prefixed by
-\fI/dev/\fR
+\FC/dev/\F[]
if it is a device file; for graphical, X\-based, applications the value for this item should be the
\fI$DISPLAY\fR
-variable\.
+variable\&.
.RE
.PP
PAM_RUSER
.RS 4
-The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\.
+The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\&.
.sp
-Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\.
+Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\&. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\&.
.sp
\fIPAM_RUSER@PAM_RHOST\fR
-should always identify the requesting user\. In some cases,
+should always identify the requesting user\&. In some cases,
\fIPAM_RUSER\fR
-may be NULL\. In such situations, it is unclear who the requesting entity is\.
+may be NULL\&. In such situations, it is unclear who the requesting entity is\&.
.RE
.PP
PAM_RHOST
.RS 4
The requesting hostname (the hostname of the machine from which the
\fIPAM_RUSER\fR
-entity is requesting service)\. That is
+entity is requesting service)\&. That is
\fIPAM_RUSER@PAM_RHOST\fR
-does identify the requesting user\. In some applications,
+does identify the requesting user\&. In some applications,
\fIPAM_RHOST\fR
-may be NULL\. In such situations, it is unclear where the authentication request is originating from\.
+may be NULL\&. In such situations, it is unclear where the authentication request is originating from\&.
.RE
.PP
PAM_AUTHTOK
.RS 4
-The authentication token (often a password)\. This token should be ignored by all module functions besides
+The authentication token (often a password)\&. This token should be ignored by all module functions besides
\fBpam_sm_authenticate\fR(3)
and
-\fBpam_sm_chauthtok\fR(3)\. In the former function it is used to pass the most recent authentication token from one stacked module to another\. In the latter function the token is used for another purpose\. It contains the currently active authentication token\.
+\fBpam_sm_chauthtok\fR(3)\&. In the former function it is used to pass the most recent authentication token from one stacked module to another\&. In the latter function the token is used for another purpose\&. It contains the currently active authentication token\&.
.RE
.PP
PAM_OLDAUTHTOK
.RS 4
-The old authentication token\. This token should be ignored by all module functions except
-\fBpam_sm_chauthtok\fR(3)\.
+The old authentication token\&. This token should be ignored by all module functions except
+\fBpam_sm_chauthtok\fR(3)\&.
.RE
.PP
PAM_CONV
.RS 4
-The pam_conv structure\. See
-\fBpam_conv\fR(3)\.
+The pam_conv structure\&. See
+\fBpam_conv\fR(3)\&.
.RE
.PP
The following additional items are specific to Linux\-PAM and should not be used in portable applications:
.PP
PAM_FAIL_DELAY
.RS 4
-A function pointer to redirect centrally managed failure delays\. See
-\fBpam_fail_delay\fR(3)\.
+A function pointer to redirect centrally managed failure delays\&. See
+\fBpam_fail_delay\fR(3)\&.
.RE
.PP
PAM_XDISPLAY
.RS 4
-The name of the X display\. For graphical, X\-based applications the value for this item should be the
+The name of the X display\&. For graphical, X\-based applications the value for this item should be the
\fI$DISPLAY\fR
-variable\. This value may be used independently of
+variable\&. This value may be used independently of
\fIPAM_TTY\fR
-for passing the name of the display\.
+for passing the name of the display\&.
.RE
.PP
PAM_XAUTHDATA
.RS 4
A pointer to a structure containing the X authentication data required to make a connection to the display specified by
-\fIPAM_XDISPLAY\fR, if such information is necessary\. See
-\fBpam_xauth_data\fR(3)\.
+\fIPAM_XDISPLAY\fR, if such information is necessary\&. See
+\fBpam_xauth_data\fR(3)\&.
+.RE
+.PP
+PAM_AUTHTOK_TYPE
+.RS 4
+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word
+\fIUNIX\fR
+can be replaced with this item, by default it is empty\&. This item is used by
+\fBpam_get_authtok\fR(3)\&.
.RE
.PP
If a service module wishes to obtain the name of the user, it should not use this function, but instead perform a call to
-\fBpam_get_user\fR(3)\.
+\fBpam_get_user\fR(3)\&.
.PP
-Only a service module is privileged to read the authentication tokens, PAM_AUTHTOK and PAM_OLDAUTHTOK\.
+Only a service module is privileged to read the authentication tokens, PAM_AUTHTOK and PAM_OLDAUTHTOK\&.
.SH "RETURN VALUES"
.PP
PAM_BAD_ITEM
.RS 4
-The application attempted to set an undefined or inaccessible item\.
+The application attempted to set an undefined or inaccessible item\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
The value of
\fIitem\fR
-was NULL\.
+was NULL\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Data was successful updated\.
+Data was successful updated\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
The
\fIpam_handle_t\fR
-passed as first argument was invalid\.
+passed as first argument was invalid\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_get_user.3 b/doc/man/pam_get_user.3
index c4333cc9..18a948ea 100644
--- a/doc/man/pam_get_user.3
+++ b/doc/man/pam_get_user.3
@@ -1,58 +1,241 @@
.\" Title: pam_get_user
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_GET_USER" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_GET_USER" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_get_user - get user name
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_get_user \- get user name
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 17
+.fam C
+.HP \w'int\ pam_get_user('u
.BI "int pam_get_user(const\ pam_handle_t\ *" "pamh" ", const\ char\ **" "user" ", const\ char\ *" "prompt" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_get_user\fR
function returns the name of the user specified by
-\fBpam_start\fR(3)\. If no user was specified it what
-\fBpam_get_item (pamh, PAM_USER, \.\.\. );\fR
-would have returned\. If this is NULL it obtains the username via the
+\fBpam_start\fR(3)\&. If no user was specified it what
+\fBpam_get_item (pamh, PAM_USER, \&.\&.\&. );\fR
+would have returned\&. If this is NULL it obtains the username via the
\fBpam_conv\fR(3)
mechanism, it prompts the user with the first non\-NULL string in the following list:
.sp
.RS 4
-\h'-04'\(bu\h'+03'The
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The
\fIprompt\fR
-argument passed to the function\.
+argument passed to the function\&.
.RE
.sp
.RS 4
-\h'-04'\(bu\h'+03'What is returned by pam_get_item (pamh, PAM_USER_PROMPT, \.\.\. );
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+What is returned by pam_get_item (pamh, PAM_USER_PROMPT, \&.\&.\&. );
.RE
.sp
.RS 4
-\h'-04'\(bu\h'+03'The default prompt: "login: "
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The default prompt: "login: "
.RE
.PP
By whatever means the username is obtained, a pointer to it is returned as the contents of
-\fI*user\fR\. Note, this memory should
+\fI*user\fR\&. Note, this memory should
\fBnot\fR
be
\fIfree()\fR\'d or
\fImodified\fR
-by the module\.
+by the module\&.
.PP
This function sets the
\fIPAM_USER\fR
@@ -60,22 +243,22 @@ item associated with the
\fBpam_set_item\fR(3)
and
\fBpam_get_item\fR(3)
-functions\.
+functions\&.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
-User name was successful retrieved\.
+User name was successful retrieved\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-A NULL pointer was submitted\.
+A NULL pointer was submitted\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
-The conversation method supplied by the application failed to obtain the username\.
+The conversation method supplied by the application failed to obtain the username\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_getenv.3 b/doc/man/pam_getenv.3
index f5ab262d..20476e4e 100644
--- a/doc/man/pam_getenv.3
+++ b/doc/man/pam_getenv.3
@@ -1,39 +1,202 @@
.\" Title: pam_getenv
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_GETENV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_getenv - get a PAM environment variable
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_getenv \- get a PAM environment variable
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 23
+.fam C
+.HP \w'const\ char\ *pam_getenv('u
.BI "const char *pam_getenv(pam_handle_t\ *" "pamh" ", const\ char\ *" "name" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_getenv\fR
function searches the PAM environment list as associated with the handle
\fIpamh\fR
-for a string that matches the string pointed to by
-\fIname\fR\. The return values are of the form: "\fIname=value\fR"\.
+for an item that matches the string pointed to by
+\fIname\fR
+and returns a pointer to the value of the environment variable\&. The application is not allowed to free the data\&.
.SH "RETURN VALUES"
.PP
The
\fBpam_getenv\fR
-function returns NULL on failure\.
+function returns NULL on failure\&.
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_getenv.3.xml b/doc/man/pam_getenv.3.xml
index e78aa3c2..7e8db015 100644
--- a/doc/man/pam_getenv.3.xml
+++ b/doc/man/pam_getenv.3.xml
@@ -32,9 +32,10 @@
<para>
The <function>pam_getenv</function> function searches the
PAM environment list as associated with the handle
- <emphasis>pamh</emphasis> for a string that matches the string
- pointed to by <emphasis>name</emphasis>. The return values are
- of the form: "<emphasis>name=value</emphasis>".
+ <emphasis>pamh</emphasis> for an item that matches the string
+ pointed to by <emphasis>name</emphasis> and returns a pointer
+ to the value of the environment variable. The application is
+ not allowed to free the data.
</para>
</refsect1>
diff --git a/doc/man/pam_getenvlist.3 b/doc/man/pam_getenvlist.3
index 2c74f581..81213d44 100644
--- a/doc/man/pam_getenvlist.3
+++ b/doc/man/pam_getenvlist.3
@@ -1,46 +1,208 @@
.\" Title: pam_getenvlist
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_GETENVLIST" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_GETENVLIST" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_getenvlist - getting the PAM environment
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_getenvlist \- getting the PAM environment
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 22
+.fam C
+.HP \w'char\ **pam_getenvlist('u
.BI "char **pam_getenvlist(pam_handle_t\ *" "pamh" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_getenvlist\fR
function returns a complete copy of the PAM environment as associated with the handle
-\fIpamh\fR\. The PAM environment variables represent the contents of the regular environment variables of the authenticated user when service is granted\.
+\fIpamh\fR\&. The PAM environment variables represent the contents of the regular environment variables of the authenticated user when service is granted\&.
.PP
-The format of the memory is a malloc()\'d array of char pointers, the last element of which is set to NULL\. Each of the non\-NULL entries in this array point to a NUL terminated and malloc()\'d char string of the form: "\fIname=value\fR"\.
+The format of the memory is a malloc()\'d array of char pointers, the last element of which is set to NULL\&. Each of the non\-NULL entries in this array point to a NUL terminated and malloc()\'d char string of the form: "\fIname=value\fR"\&.
.PP
-It should be noted that this memory will never be free()\'d by libpam\. Once obtained by a call to
-\fBpam_getenvlist\fR, it is the responsibility of the calling application to free() this memory\.
+It should be noted that this memory will never be free()\'d by libpam\&. Once obtained by a call to
+\fBpam_getenvlist\fR, it is the responsibility of the calling application to free() this memory\&.
.PP
It is by design, and not a coincidence, that the format and contents of the returned array matches that required for the third argument of the
\fBexecle\fR(3)
-function call\.
+function call\&.
.SH "RETURN VALUES"
.PP
The
\fBpam_getenvlist\fR
-function returns NULL on failure\.
+function returns NULL on failure\&.
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_info.3 b/doc/man/pam_info.3
index 7fb5e28b..a70d8423 100644
--- a/doc/man/pam_info.3
+++ b/doc/man/pam_info.3
@@ -1,33 +1,197 @@
.\" Title: pam_info
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_INFO" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_INFO" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_info, pam_vinfo - display messages to the user
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_info, pam_vinfo \- display messages to the user
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_ext\.h>
+#include <security/pam_ext\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 13
-.BI "int pam_info(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", " "\.\.\." ");"
-.HP 14
+.fam C
+.HP \w'int\ pam_info('u
+.BI "int pam_info(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");"
+.fam
+.fam C
+.HP \w'int\ pam_vinfo('u
.BI "int pam_vinfo(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", va_list\ " "args" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_info\fR
-function prints messages through the conversation function to the user\.
+function prints messages through the conversation function to the user\&.
.PP
The
\fBpam_vinfo\fR
@@ -35,27 +199,27 @@ function performs the same task as
\fBpam_info()\fR
with the difference that it takes a set of arguments which have been obtained using the
\fBstdarg\fR(3)
-variable argument list macros\.
+variable argument list macros\&.
.SH "RETURN VALUES"
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
-Conversation failure\.
+Conversation failure\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Transaction was successful created\.
+Transaction was successful created\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-System error\.
+System error\&.
.RE
.SH "SEE ALSO"
.PP
@@ -67,4 +231,4 @@ The
\fBpam_info\fR
and
\fBpam_vinfo\fR
-functions are Linux\-PAM extensions\.
+functions are Linux\-PAM extensions\&.
diff --git a/doc/man/pam_item_types_ext.inc.xml b/doc/man/pam_item_types_ext.inc.xml
index 89f19875..d36a5bd1 100644
--- a/doc/man/pam_item_types_ext.inc.xml
+++ b/doc/man/pam_item_types_ext.inc.xml
@@ -42,4 +42,20 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_TYPE</term>
+ <listitem>
+ <para>
+ The default action is for the module to use the
+ following prompts when requesting passwords:
+ "New UNIX password: " and "Retype UNIX password: ".
+ The example word <emphasis>UNIX</emphasis> can
+ be replaced with this item, by default it is empty.
+ This item is used by <citerefentry>
+ <refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
diff --git a/doc/man/pam_misc_drop_env.3 b/doc/man/pam_misc_drop_env.3
index c79e3bb2..f23638e9 100644
--- a/doc/man/pam_misc_drop_env.3
+++ b/doc/man/pam_misc_drop_env.3
@@ -1,37 +1,199 @@
.\" Title: pam_misc_drop_env
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_MISC_DROP_ENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_MISC_DROP_ENV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_misc_drop_env - liberating a locally saved environment
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_misc_drop_env \- liberating a locally saved environment
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_misc\.h>
+#include <security/pam_misc\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 22
+.fam C
+.HP \w'int\ pam_misc_drop_env('u
.BI "int pam_misc_drop_env(char\ **" "env" ");"
+.fam
.SH "DESCRIPTION"
.PP
This function is defined to complement the
\fBpam_getenvlist\fR(3)
-function\. It liberates the memory associated with
+function\&. It liberates the memory associated with
\fIenv\fR,
\fIoverwriting\fR
with
\fI0\fR
all memory before
-\fBfree()\fRing it\.
+\fBfree()\fRing it\&.
.SH "SEE ALSO"
.PP
@@ -43,4 +205,4 @@ The
\fBpam_misc_drop_env\fR
function is part of the
\fBlibpam_misc\fR
-Library and not defined in any standard\.
+Library and not defined in any standard\&.
diff --git a/doc/man/pam_misc_paste_env.3 b/doc/man/pam_misc_paste_env.3
index c157301b..8c565cac 100644
--- a/doc/man/pam_misc_paste_env.3
+++ b/doc/man/pam_misc_paste_env.3
@@ -1,32 +1,194 @@
.\" Title: pam_misc_paste_env
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_MISC_PASTE_ENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_MISC_PASTE_ENV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_misc_paste_env - transcribing an environment to that of PAM
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_misc_paste_env \- transcribing an environment to that of PAM
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_misc\.h>
+#include <security/pam_misc\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 23
+.fam C
+.HP \w'int\ pam_misc_paste_env('u
.BI "int pam_misc_paste_env(pam_handle_t\ *" "pamh" ", const\ char\ *\ const\ *" "user" ");"
+.fam
.SH "DESCRIPTION"
.PP
This function takes the supplied list of environment pointers and
\fIuploads\fR
-its contents to the PAM environment\. Success is indicated by
-PAM_SUCCESS\.
+its contents to the PAM environment\&. Success is indicated by
+PAM_SUCCESS\&.
.SH "SEE ALSO"
.PP
@@ -38,4 +200,4 @@ The
\fBpam_misc_paste_env\fR
function is part of the
\fBlibpam_misc\fR
-Library and not defined in any standard\.
+Library and not defined in any standard\&.
diff --git a/doc/man/pam_misc_setenv.3 b/doc/man/pam_misc_setenv.3
index e6f2e6c1..0b9a4f3c 100644
--- a/doc/man/pam_misc_setenv.3
+++ b/doc/man/pam_misc_setenv.3
@@ -1,37 +1,199 @@
.\" Title: pam_misc_setenv
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_MISC_SETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_MISC_SETENV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_misc_setenv - BSD like PAM environment variable setting
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_misc_setenv \- BSD like PAM environment variable setting
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_misc\.h>
+#include <security/pam_misc\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 20
+.fam C
+.HP \w'int\ pam_misc_setenv('u
.BI "int pam_misc_setenv(pam_handle_t\ *" "pamh" ", const\ char\ *" "name" ", const\ char\ *" "value" ", int" "readonly" ");"
+.fam
.SH "DESCRIPTION"
.PP
This function performs a task equivalent to
\fBpam_putenv\fR(3), its syntax is, however, more like the BSD style function;
-\fBsetenv()\fR\. The
+\fBsetenv()\fR\&. The
\fIname\fR
and
\fIvalue\fR
are concatenated with an \'=\' to form a name=value and passed to
-\fBpam_putenv()\fR\. If, however, the PAM variable is already set, the replacement will only be applied if the last argument,
-\fIreadonly\fR, is zero\.
+\fBpam_putenv()\fR\&. If, however, the PAM variable is already set, the replacement will only be applied if the last argument,
+\fIreadonly\fR, is zero\&.
.SH "SEE ALSO"
.PP
@@ -43,4 +205,4 @@ The
\fBpam_misc_setenv\fR
function is part of the
\fBlibpam_misc\fR
-Library and not defined in any standard\.
+Library and not defined in any standard\&.
diff --git a/doc/man/pam_open_session.3 b/doc/man/pam_open_session.3
index 7105a056..be0c31c4 100644
--- a/doc/man/pam_open_session.3
+++ b/doc/man/pam_open_session.3
@@ -1,62 +1,224 @@
.\" Title: pam_open_session
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_OPEN_SESSION" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_OPEN_SESSION" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_open_session - start PAM session management
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_open_session \- start PAM session management
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 21
+.fam C
+.HP \w'int\ pam_open_session('u
.BI "int pam_open_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_open_session\fR
-function sets up a user session for a previously successful authenticated user\. The session should later be terminated with a call to
-\fBpam_close_session\fR(3)\.
+function sets up a user session for a previously successful authenticated user\&. The session should later be terminated with a call to
+\fBpam_close_session\fR(3)\&.
.PP
It should be noted that the effective uid,
-\fBgeteuid\fR(2)\. of the application should be of sufficient privilege to perform such tasks as creating or mounting the user\'s home directory for example\.
+\fBgeteuid\fR(2)\&. of the application should be of sufficient privilege to perform such tasks as creating or mounting the user\'s home directory for example\&.
.PP
The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ABORT
.RS 4
-General failure\.
+General failure\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_SESSION_ERR
.RS 4
-Session failure\.
+Session failure\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Session was successful created\.
+Session was successful created\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_prompt.3 b/doc/man/pam_prompt.3
index fa3d96b4..8b631db6 100644
--- a/doc/man/pam_prompt.3
+++ b/doc/man/pam_prompt.3
@@ -1,53 +1,219 @@
.\" Title: pam_prompt
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_PROMPT" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_prompt, pam_vprompt - interface to conversation function
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_prompt, pam_vprompt \- interface to conversation function
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_ext\.h>
+#include <security/pam_ext\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 16
-.BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\.\.\." ");"
-.HP 17
+.fam C
+.HP \w'void\ pam_prompt('u
+.BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");"
+.fam
+.fam C
+.HP \w'void\ pam_vprompt('u
.BI "void pam_vprompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", va_list\ " "args" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_prompt\fR
-function constructs a message from the specified format string and arguments and passes it to
+function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\&. Upon successful return,
+\fIresponse\fR
+is set to point to a string returned from the conversation function\&. This string is allocated on heap and should be freed\&.
.SH "RETURN VALUES"
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
-Conversation failure\.
+Conversation failure\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Transaction was successful created\.
+Transaction was successful created\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-System error\.
+System error\&.
.RE
.SH "SEE ALSO"
.PP
@@ -60,4 +226,4 @@ The
\fBpam_prompt\fR
and
\fBpam_vprompt\fR
-functions are Linux\-PAM extensions\.
+functions are Linux\-PAM extensions\&.
diff --git a/doc/man/pam_prompt.3.xml b/doc/man/pam_prompt.3.xml
index d0824131..b526457e 100644
--- a/doc/man/pam_prompt.3.xml
+++ b/doc/man/pam_prompt.3.xml
@@ -44,7 +44,11 @@
<title>DESCRIPTION</title>
<para>
The <function>pam_prompt</function> function constructs a message
- from the specified format string and arguments and passes it to
+ from the specified format string and arguments and passes it to the
+ conversation function as set by the service. Upon successful return,
+ <emphasis>response</emphasis> is set to point to a string
+ returned from the conversation function. This string is allocated
+ on heap and should be freed.
</para>
</refsect1>
diff --git a/doc/man/pam_putenv.3 b/doc/man/pam_putenv.3
index 58844701..a60929e3 100644
--- a/doc/man/pam_putenv.3
+++ b/doc/man/pam_putenv.3
@@ -1,90 +1,252 @@
.\" Title: pam_putenv
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_PUTENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_PUTENV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_putenv - set or change PAM environment variable
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_putenv \- set or change PAM environment variable
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 15
+.fam C
+.HP \w'int\ pam_putenv('u
.BI "int pam_putenv(pam_handle_t\ *" "pamh" ", const\ char\ *" "name_value" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_putenv\fR
function is used to add or change the value of PAM environment variables as associated with the
\fIpamh\fR
-handle\.
+handle\&.
.PP
The
\fIpamh\fR
-argument is an authentication handle obtained by a prior call to pam_start()\. The
+argument is an authentication handle obtained by a prior call to pam_start()\&. The
\fIname_value\fR
argument is a single NUL terminated string of one of the following forms:
.PP
NAME=value of variable
.RS 4
In this case the environment variable of the given NAME is set to the indicated value:
-\fIvalue of variable\fR\. If this variable is already known, it is overwritten\. Otherwise it is added to the PAM environment\.
+\fIvalue of variable\fR\&. If this variable is already known, it is overwritten\&. Otherwise it is added to the PAM environment\&.
.RE
.PP
NAME=
.RS 4
-This function sets the variable to an empty value\. It is listed separately to indicate that this is the correct way to achieve such a setting\.
+This function sets the variable to an empty value\&. It is listed separately to indicate that this is the correct way to achieve such a setting\&.
.RE
.PP
NAME
.RS 4
Without an \'=\' the
-\fBpam_putenv\fR() function will delete the corresponding variable from the PAM environment\.
+\fBpam_putenv\fR() function will delete the corresponding variable from the PAM environment\&.
.RE
.PP
\fBpam_putenv\fR() operates on a copy of
\fIname_value\fR, which means in contrast to
-\fBputenv\fR(3), the application is responsible to free the data\.
+\fBputenv\fR(3), the application is responsible to free the data\&.
.SH "RETURN VALUES"
.PP
PAM_PERM_DENIED
.RS 4
Argument
\fIname_value\fR
-given is a NULL pointer\.
+given is a NULL pointer\&.
.RE
.PP
PAM_BAD_ITEM
.RS 4
-Variable requested (for deletion) is not currently set\.
+Variable requested (for deletion) is not currently set\&.
.RE
.PP
PAM_ABORT
.RS 4
The
\fIpamh\fR
-handle is corrupt\.
+handle is corrupt\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The environment variable was successfully updated\.
+The environment variable was successfully updated\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_set_data.3 b/doc/man/pam_set_data.3
index f8ac607c..634fe0e4 100644
--- a/doc/man/pam_set_data.3
+++ b/doc/man/pam_set_data.3
@@ -1,26 +1,188 @@
.\" Title: pam_set_data
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SET_DATA" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SET_DATA" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_set_data - set module internal data
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_set_data \- set module internal data
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 17
+.fam C
+.HP \w'int\ pam_set_data('u
.BI "int pam_set_data(pam_handle_t\ *" "pamh" ", const\ char\ *" "module_data_name" ", void\ *" "data" ", void\ " "(*cleanup)(pam_handle_t\ *pamh,\ void\ *data,\ int\ error_status)" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
@@ -29,30 +191,30 @@ function associates a pointer to an object with the (hopefully) unique string
\fImodule_data_name\fR
in the PAM context specified by the
\fIpamh\fR
-argument\.
+argument\&.
.PP
-PAM modules may be dynamically loadable objects\. In general such files should not contain
+PAM modules may be dynamically loadable objects\&. In general such files should not contain
\fIstatic\fR
-variables\. This function and its counterpart
+variables\&. This function and its counterpart
\fBpam_get_data\fR(3), provide a mechanism for a module to associate some data with the handle
-\fIpamh\fR\. Typically a module will call the
+\fIpamh\fR\&. Typically a module will call the
\fBpam_set_data\fR
function to register some data under a (hopefully) unique
-\fImodule_data_name\fR\. The data is available for use by other modules too but
+\fImodule_data_name\fR\&. The data is available for use by other modules too but
\fInot\fR
-by an application\. Since this functions stores only a pointer to the
-\fIdata\fR, the module should not modify or free the content of it\.
+by an application\&. Since this functions stores only a pointer to the
+\fIdata\fR, the module should not modify or free the content of it\&.
.PP
The function
\fBcleanup()\fR
is associated with the
\fIdata\fR
and, if non\-NULL, it is called when this data is over\-written or following a call to
-\fBpam_end\fR(3)\.
+\fBpam_end\fR(3)\&.
.PP
The
\fIerror_status\fR
-argument is used to indicate to the module the sort of action it is to take in cleaning this data item\. As an example, Kerberos creates a ticket file during the authentication phase, this file might be associated with a data item\. When
+argument is used to indicate to the module the sort of action it is to take in cleaning this data item\&. As an example, Kerberos creates a ticket file during the authentication phase, this file might be associated with a data item\&. When
\fBpam_end\fR(3)
is called by the module, the
\fIerror_status\fR
@@ -60,7 +222,7 @@ carries the return value of the
\fBpam_authenticate\fR(3)
or other
\fIlibpam\fR
-function as appropriate\. Based on this value the Kerberos module may choose to delete the ticket file (\fIauthentication failure\fR) or leave it in place\.
+function as appropriate\&. Based on this value the Kerberos module may choose to delete the ticket file (\fIauthentication failure\fR) or leave it in place\&.
.PP
The
\fIerror_status\fR
@@ -69,31 +231,31 @@ may have been logically OR\'d with either of the following two values:
PAM_DATA_REPLACE
.RS 4
When a data item is being replaced (through a second call to
-\fBpam_set_data\fR) this mask is used\. Otherwise, the call is assumed to be from
-\fBpam_end\fR(3)\.
+\fBpam_set_data\fR) this mask is used\&. Otherwise, the call is assumed to be from
+\fBpam_end\fR(3)\&.
.RE
.PP
PAM_DATA_SILENT
.RS 4
Which indicates that the process would prefer to perform the
\fBcleanup()\fR
-quietly\. That is, discourages logging/messages to the user\.
+quietly\&. That is, discourages logging/messages to the user\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Data was successful stored\.
+Data was successful stored\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-A NULL pointer was submitted as PAM handle or the function was called by an application\.
+A NULL pointer was submitted as PAM handle or the function was called by an application\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_set_item.3 b/doc/man/pam_set_item.3
index 015cc8e4..53b0d923 100644
--- a/doc/man/pam_set_item.3
+++ b/doc/man/pam_set_item.3
@@ -1,167 +1,337 @@
.\" Title: pam_set_item
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SET_ITEM" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SET_ITEM" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_set_item - set and update PAM informations
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_set_item \- set and update PAM informations
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 17
+.fam C
+.HP \w'int\ pam_set_item('u
.BI "int pam_set_item(pam_handle_t\ *" "pamh" ", int\ " "item_type" ", const\ void\ *" "item" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_set_item\fR
function allows applications and PAM service modules to access and to update PAM informations of
-\fIitem_type\fR\. For this a copy of the object pointed to by the
+\fIitem_type\fR\&. For this a copy of the object pointed to by the
\fIitem\fR
-argument is created\. The following
+argument is created\&. The following
\fIitem_type\fRs are supported:
.PP
PAM_SERVICE
.RS 4
-The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\.
+The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\&.
.RE
.PP
PAM_USER
.RS 4
-The username of the entity under whose identity service will be given\. That is, following authentication,
+The username of the entity under whose identity service will be given\&. That is, following authentication,
\fIPAM_USER\fR
-identifies the local entity that gets to use the service\. Note, this value can be mapped from something (eg\., "anonymous") to something else (eg\. "guest119") by any module in the PAM stack\. As such an application should consult the value of
+identifies the local entity that gets to use the service\&. Note, this value can be mapped from something (eg\&., "anonymous") to something else (eg\&. "guest119") by any module in the PAM stack\&. As such an application should consult the value of
\fIPAM_USER\fR
-after each call to a PAM function\.
+after each call to a PAM function\&.
.RE
.PP
PAM_USER_PROMPT
.RS 4
-The string used when prompting for a user\'s name\. The default value for this string is a localized version of "login: "\.
+The string used when prompting for a user\'s name\&. The default value for this string is a localized version of "login: "\&.
.RE
.PP
PAM_TTY
.RS 4
The terminal name: prefixed by
-\fI/dev/\fR
+\FC/dev/\F[]
if it is a device file; for graphical, X\-based, applications the value for this item should be the
\fI$DISPLAY\fR
-variable\.
+variable\&.
.RE
.PP
PAM_RUSER
.RS 4
-The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\.
+The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\&.
.sp
-Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\.
+Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\&. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\&.
.sp
\fIPAM_RUSER@PAM_RHOST\fR
-should always identify the requesting user\. In some cases,
+should always identify the requesting user\&. In some cases,
\fIPAM_RUSER\fR
-may be NULL\. In such situations, it is unclear who the requesting entity is\.
+may be NULL\&. In such situations, it is unclear who the requesting entity is\&.
.RE
.PP
PAM_RHOST
.RS 4
The requesting hostname (the hostname of the machine from which the
\fIPAM_RUSER\fR
-entity is requesting service)\. That is
+entity is requesting service)\&. That is
\fIPAM_RUSER@PAM_RHOST\fR
-does identify the requesting user\. In some applications,
+does identify the requesting user\&. In some applications,
\fIPAM_RHOST\fR
-may be NULL\. In such situations, it is unclear where the authentication request is originating from\.
+may be NULL\&. In such situations, it is unclear where the authentication request is originating from\&.
.RE
.PP
PAM_AUTHTOK
.RS 4
-The authentication token (often a password)\. This token should be ignored by all module functions besides
+The authentication token (often a password)\&. This token should be ignored by all module functions besides
\fBpam_sm_authenticate\fR(3)
and
-\fBpam_sm_chauthtok\fR(3)\. In the former function it is used to pass the most recent authentication token from one stacked module to another\. In the latter function the token is used for another purpose\. It contains the currently active authentication token\.
+\fBpam_sm_chauthtok\fR(3)\&. In the former function it is used to pass the most recent authentication token from one stacked module to another\&. In the latter function the token is used for another purpose\&. It contains the currently active authentication token\&.
.RE
.PP
PAM_OLDAUTHTOK
.RS 4
-The old authentication token\. This token should be ignored by all module functions except
-\fBpam_sm_chauthtok\fR(3)\.
+The old authentication token\&. This token should be ignored by all module functions except
+\fBpam_sm_chauthtok\fR(3)\&.
.RE
.PP
PAM_CONV
.RS 4
-The pam_conv structure\. See
-\fBpam_conv\fR(3)\.
+The pam_conv structure\&. See
+\fBpam_conv\fR(3)\&.
.RE
.PP
The following additional items are specific to Linux\-PAM and should not be used in portable applications:
.PP
PAM_FAIL_DELAY
.RS 4
-A function pointer to redirect centrally managed failure delays\. See
-\fBpam_fail_delay\fR(3)\.
+A function pointer to redirect centrally managed failure delays\&. See
+\fBpam_fail_delay\fR(3)\&.
.RE
.PP
PAM_XDISPLAY
.RS 4
-The name of the X display\. For graphical, X\-based applications the value for this item should be the
+The name of the X display\&. For graphical, X\-based applications the value for this item should be the
\fI$DISPLAY\fR
-variable\. This value may be used independently of
+variable\&. This value may be used independently of
\fIPAM_TTY\fR
-for passing the name of the display\.
+for passing the name of the display\&.
.RE
.PP
PAM_XAUTHDATA
.RS 4
A pointer to a structure containing the X authentication data required to make a connection to the display specified by
-\fIPAM_XDISPLAY\fR, if such information is necessary\. See
-\fBpam_xauth_data\fR(3)\.
+\fIPAM_XDISPLAY\fR, if such information is necessary\&. See
+\fBpam_xauth_data\fR(3)\&.
+.RE
+.PP
+PAM_AUTHTOK_TYPE
+.RS 4
+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word
+\fIUNIX\fR
+can be replaced with this item, by default it is empty\&. This item is used by
+\fBpam_get_authtok\fR(3)\&.
.RE
.PP
For all
\fIitem_type\fRs, other than PAM_CONV and PAM_FAIL_DELAY,
\fIitem\fR
-is a pointer to a <NUL> terminated character string\. In the case of PAM_CONV,
+is a pointer to a <NUL> terminated character string\&. In the case of PAM_CONV,
\fIitem\fR
points to an initialized
\fIpam_conv\fR
-structure\. In the case of PAM_FAIL_DELAY,
+structure\&. In the case of PAM_FAIL_DELAY,
\fIitem\fR
is a function pointer:
\fBvoid (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr)\fR
.PP
-Both, PAM_AUTHTOK and PAM_OLDAUTHTOK, will be reseted before returning to the application\. Which means an application is not able to access the authentication tokens\.
+Both, PAM_AUTHTOK and PAM_OLDAUTHTOK, will be reseted before returning to the application\&. Which means an application is not able to access the authentication tokens\&.
.SH "RETURN VALUES"
.PP
PAM_BAD_ITEM
.RS 4
-The application attempted to set an undefined or inaccessible item\.
+The application attempted to set an undefined or inaccessible item\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Data was successful updated\.
+Data was successful updated\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
The
\fIpam_handle_t\fR
-passed as first argument was invalid\.
+passed as first argument was invalid\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_setcred.3 b/doc/man/pam_setcred.3
index 10bcae8a..9ef20047 100644
--- a/doc/man/pam_setcred.3
+++ b/doc/man/pam_setcred.3
@@ -1,41 +1,204 @@
.\" Title: pam_setcred
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SETCRED" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SETCRED" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_setcred - establish / delete user credentials
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_setcred \- establish / delete user credentials
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 16
+.fam C
+.HP \w'int\ pam_setcred('u
.BI "int pam_setcred(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_setcred\fR
-function is used to establish, maintain and delete the credentials of a user\. It should be called after a user has been authenticated and before a session is opened for the user (with
-\fBpam_open_session\fR(3))\.
+function is used to establish, maintain and delete the credentials of a user\&. It should be called to set the credentials after a user has been authenticated and before a session is opened for the user (with
+\fBpam_open_session\fR(3))\&. The credentials should be deleted after the sesseion has been closed (with
+\fBpam_close_session\fR(3))\&.
.PP
-A credential is something that the user possesses\. It is some property, such as a
+A credential is something that the user possesses\&. It is some property, such as a
\fIKerberos\fR
-ticket, or a supplementary group membership that make up the uniqueness of a given user\. On a Linux system the user\'s
+ticket, or a supplementary group membership that make up the uniqueness of a given user\&. On a Linux system the user\'s
\fIUID\fR
and
-\fIGID\fR\'s are credentials too\. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM\. Such credentials should be established, by the application, prior to a call to this function\. For example,
+\fIGID\fR\'s are credentials too\&. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM\&. Such credentials should be established, by the application, prior to a call to this function\&. For example,
\fBinitgroups\fR(2)
-(or equivalent) should have been performed\.
+(or equivalent) should have been performed\&.
.PP
Valid
\fIflags\fR, any one of which, may be logically OR\'d with
@@ -43,62 +206,63 @@ Valid
.PP
PAM_ESTABLISH_CRED
.RS 4
-Initialize the credentials for the user\.
+Initialize the credentials for the user\&.
.RE
.PP
PAM_DELETE_CRED
.RS 4
-Delete the user\'s credentials\.
+Delete the user\'s credentials\&.
.RE
.PP
PAM_REINITIALIZE_CRED
.RS 4
-Fully reinitialize the user\'s credentials\.
+Fully reinitialize the user\'s credentials\&.
.RE
.PP
PAM_REFRESH_CRED
.RS 4
-Extend the lifetime of the existing credentials\.
+Extend the lifetime of the existing credentials\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_CRED_ERR
.RS 4
-Failed to set user credentials\.
+Failed to set user credentials\&.
.RE
.PP
PAM_CRED_EXPIRED
.RS 4
-User credentials are expired\.
+User credentials are expired\&.
.RE
.PP
PAM_CRED_UNAVAIL
.RS 4
-Failed to retrieve user credentials\.
+Failed to retrieve user credentials\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Data was successful stored\.
+Data was successful stored\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occured\.
+A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occured\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-User is not known to an authentication module\.
+User is not known to an authentication module\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_authenticate\fR(3),
\fBpam_open_session\fR(3),
+\fBpam_close_session\fR(3),
\fBpam_strerror\fR(3)
diff --git a/doc/man/pam_setcred.3.xml b/doc/man/pam_setcred.3.xml
index 90e23b5c..b7cd290d 100644
--- a/doc/man/pam_setcred.3.xml
+++ b/doc/man/pam_setcred.3.xml
@@ -35,10 +35,14 @@
<para>
The <function>pam_setcred</function> function is used to establish,
maintain and delete the credentials of a user. It should be called
- after a user has been authenticated and before a session is opened
- for the user (with
+ to set the credentials after a user has been authenticated and before
+ a session is opened for the user (with
<citerefentry>
<refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>). The credentials should be deleted after the sesseion
+ has been closed (with
+ <citerefentry>
+ <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>).
</para>
@@ -166,6 +170,9 @@
<refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
+ <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
diff --git a/doc/man/pam_sm_acct_mgmt.3 b/doc/man/pam_sm_acct_mgmt.3
index 563b1239..850de8dc 100644
--- a/doc/man/pam_sm_acct_mgmt.3
+++ b/doc/man/pam_sm_acct_mgmt.3
@@ -1,48 +1,214 @@
.\" Title: pam_sm_acct_mgmt
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SM_ACCT_MGMT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SM_ACCT_MGMT" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_sm_acct_mgmt - PAM service function for account management
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_sm_acct_mgmt \- PAM service function for account management
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
#define PAM_SM_ACCOUNT
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 32
+.fam C
+.HP \w'PAM_EXTERN\ int\ pam_sm_acct_mgmt('u
.BI "PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_sm_acct_mgmt\fR
function is the service module\'s implementation of the
\fBpam_acct_mgmt\fR(3)
-interface\.
+interface\&.
.PP
-This function performs the task of establishing whether the user is permitted to gain access at this time\. It should be understood that the user has previously been validated by an authentication module\. This function checks for other things\. Such things might be: the time of day or the date, the terminal line, remote hostname, etc\. This function may also determine things like the expiration on passwords, and respond that the user change it before continuing\.
+This function performs the task of establishing whether the user is permitted to gain access at this time\&. It should be understood that the user has previously been validated by an authentication module\&. This function checks for other things\&. Such things might be: the time of day or the date, the terminal line, remote hostname, etc\&. This function may also determine things like the expiration on passwords, and respond that the user change it before continuing\&.
.PP
Valid flags, which may be logically OR\'d with
\fIPAM_SILENT\fR, are:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.PP
PAM_DISALLOW_NULL_AUTHTOK
@@ -51,39 +217,39 @@ Return
\fBPAM_AUTH_ERR\fR
if the database of authentication tokens for this authentication mechanism has a
\fINULL\fR
-entry for the user\.
+entry for the user\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ACCT_EXPIRED
.RS 4
-User account has expired\.
+User account has expired\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
-Authentication failure\.
+Authentication failure\&.
.RE
.PP
PAM_NEW_AUTHTOK_REQD
.RS 4
-The user\'s authentication token has expired\. Before calling this function again the application will arrange for a new one to be given\. This will likely result in a call to
-\fBpam_sm_chauthtok()\fR\.
+The user\'s authentication token has expired\&. Before calling this function again the application will arrange for a new one to be given\&. This will likely result in a call to
+\fBpam_sm_chauthtok()\fR\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
-Permission denied\.
+Permission denied\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The authentication token was successfully updated\.
+The authentication token was successfully updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-User unknown to password service\.
+User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_sm_authenticate.3 b/doc/man/pam_sm_authenticate.3
index 2c262261..c19df08d 100644
--- a/doc/man/pam_sm_authenticate.3
+++ b/doc/man/pam_sm_authenticate.3
@@ -1,48 +1,214 @@
.\" Title: pam_sm_authenticate
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SM_AUTHENTICATE" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SM_AUTHENTICATE" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_sm_authenticate - PAM service function for user authentication
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_sm_authenticate \- PAM service function for user authentication
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
#define PAM_SM_AUTH
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 35
+.fam C
+.HP \w'PAM_EXTERN\ int\ pam_sm_authenticate('u
.BI "PAM_EXTERN int pam_sm_authenticate(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_sm_authenticate\fR
function is the service module\'s implementation of the
\fBpam_authenticate\fR(3)
-interface\.
+interface\&.
.PP
-This function performs the task of authenticating the user\.
+This function performs the task of authenticating the user\&.
.PP
Valid flags, which may be logically OR\'d with
\fIPAM_SILENT\fR, are:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.PP
PAM_DISALLOW_NULL_AUTHTOK
@@ -51,40 +217,40 @@ Return
\fBPAM_AUTH_ERR\fR
if the database of authentication tokens for this authentication mechanism has a
\fINULL\fR
-entry for the user\. Without this flag, such a
+entry for the user\&. Without this flag, such a
\fINULL\fR
-token will lead to a success without the user being prompted\.
+token will lead to a success without the user being prompted\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_AUTH_ERR
.RS 4
-Authentication failure\.
+Authentication failure\&.
.RE
.PP
PAM_CRED_INSUFFICIENT
.RS 4
-For some reason the application does not have sufficient credentials to authenticate the user\.
+For some reason the application does not have sufficient credentials to authenticate the user\&.
.RE
.PP
PAM_AUTHINFO_UNAVAIL
.RS 4
-The modules were not able to access the authentication information\. This might be due to a network or hardware failure etc\.
+The modules were not able to access the authentication information\&. This might be due to a network or hardware failure etc\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The authentication token was successfully updated\.
+The authentication token was successfully updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-The supplied username is not known to the authentication service\.
+The supplied username is not known to the authentication service\&.
.RE
.PP
PAM_MAXTRIES
.RS 4
-One or more of the authentication modules has reached its limit of tries authenticating the user\. Do not try again\.
+One or more of the authentication modules has reached its limit of tries authenticating the user\&. Do not try again\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_sm_chauthtok.3 b/doc/man/pam_sm_chauthtok.3
index 57e7c4ed..e7986ed0 100644
--- a/doc/man/pam_sm_chauthtok.3
+++ b/doc/man/pam_sm_chauthtok.3
@@ -1,115 +1,287 @@
.\" Title: pam_sm_chauthtok
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SM_CHAUTHTOK" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SM_CHAUTHTOK" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_sm_chauthtok - PAM service function for authentication token management
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_sm_chauthtok \- PAM service function for authentication token management
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
#define PAM_SM_PASSWORD
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 32
+.fam C
+.HP \w'PAM_EXTERN\ int\ pam_sm_chauthtok('u
.BI "PAM_EXTERN int pam_sm_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_sm_chauthtok\fR
function is the service module\'s implementation of the
\fBpam_chauthtok\fR(3)
-interface\.
+interface\&.
.PP
-This function is used to (re\-)set the authentication token of the user\.
+This function is used to (re\-)set the authentication token of the user\&.
.PP
Valid flags, which may be logically OR\'d with
\fIPAM_SILENT\fR, are:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.PP
PAM_CHANGE_EXPIRED_AUTHTOK
.RS 4
-This argument indicates to the module that the users authentication token (password) should only be changed if it has expired\. This flag is optional and
+This argument indicates to the module that the users authentication token (password) should only be changed if it has expired\&. This flag is optional and
\fImust\fR
-be combined with one of the following two flags\. Note, however, the following two options are
-\fImutually exclusive\fR\.
+be combined with one of the following two flags\&. Note, however, the following two options are
+\fImutually exclusive\fR\&.
.RE
.PP
PAM_PRELIM_CHECK
.RS 4
-This indicates that the modules are being probed as to their ready status for altering the user\'s authentication token\. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag\. If a module cannot establish it is ready to update the user\'s authentication token it should return
-\fBPAM_TRY_AGAIN\fR, this information will be passed back to the application\.
+This indicates that the modules are being probed as to their ready status for altering the user\'s authentication token\&. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag\&. If a module cannot establish it is ready to update the user\'s authentication token it should return
+\fBPAM_TRY_AGAIN\fR, this information will be passed back to the application\&.
+.sp
+If the control value
+\fIsufficient\fR
+is used in the password stack, the
+\fIPAM_PRELIM_CHECK\fR
+section of the modules following that control value is not always executed\&.
.RE
.PP
PAM_UPDATE_AUTHTOK
.RS 4
-This informs the module that this is the call it should change the authorization tokens\. If the flag is logically OR\'d with
-\fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired\.
+This informs the module that this is the call it should change the authorization tokens\&. If the flag is logically OR\'d with
+\fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired\&.
.RE
.PP
-The PAM library calls this function twice in succession\. The first time with
+The PAM library calls this function twice in succession\&. The first time with
\fBPAM_PRELIM_CHECK\fR
and then, if the module does not return
\fBPAM_TRY_AGAIN\fR, subsequently with
-\fBPAM_UPDATE_AUTHTOK\fR\. It is only on the second call that the authorization token is (possibly) changed\.
+\fBPAM_UPDATE_AUTHTOK\fR\&. It is only on the second call that the authorization token is (possibly) changed\&.
.SH "RETURN VALUES"
.PP
PAM_AUTHTOK_ERR
.RS 4
-The module was unable to obtain the new authentication token\.
+The module was unable to obtain the new authentication token\&.
.RE
.PP
PAM_AUTHTOK_RECOVERY_ERR
.RS 4
-The module was unable to obtain the old authentication token\.
+The module was unable to obtain the old authentication token\&.
.RE
.PP
PAM_AUTHTOK_LOCK_BUSY
.RS 4
-Cannot change the authentication token since it is currently locked\.
+Cannot change the authentication token since it is currently locked\&.
.RE
.PP
PAM_AUTHTOK_DISABLE_AGING
.RS 4
-Authentication token aging has been disabled\.
+Authentication token aging has been disabled\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
-Permission denied\.
+Permission denied\&.
.RE
.PP
PAM_TRY_AGAIN
.RS 4
-Preliminary check was unsuccessful\. Signals an immediate return to the application is desired\.
+Preliminary check was unsuccessful\&. Signals an immediate return to the application is desired\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The authentication token was successfully updated\.
+The authentication token was successfully updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-User unknown to password service\.
+User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml
index c36a0baf..40ab191e 100644
--- a/doc/man/pam_sm_chauthtok.3.xml
+++ b/doc/man/pam_sm_chauthtok.3.xml
@@ -40,7 +40,7 @@
</citerefentry> interface.
</para>
<para>
- This function is used to (re-)set the authentication token of the user.
+ This function is used to (re-)set the authentication token of the user.
</para>
<para>
Valid flags, which may be logically OR'd with
@@ -60,10 +60,10 @@
<listitem>
<para>
This argument indicates to the module that the users
- authentication token (password) should only be changed if
- it has expired. This flag is optional and
- <emphasis>must</emphasis> be combined with one of the
- following two flags. Note, however, the following two options
+ authentication token (password) should only be changed if
+ it has expired. This flag is optional and
+ <emphasis>must</emphasis> be combined with one of the
+ following two flags. Note, however, the following two options
are <emphasis>mutually exclusive</emphasis>.
</para>
</listitem>
@@ -72,15 +72,20 @@
<term>PAM_PRELIM_CHECK</term>
<listitem>
<para>
- This indicates that the modules are being probed as to
- their ready status for altering the user's authentication
- token. If the module requires access to another system over
- some network it should attempt to verify it can connect to
- this system on receiving this flag. If a module cannot establish
- it is ready to update the user's authentication token it should
+ This indicates that the modules are being probed as to
+ their ready status for altering the user's authentication
+ token. If the module requires access to another system over
+ some network it should attempt to verify it can connect to
+ this system on receiving this flag. If a module cannot establish
+ it is ready to update the user's authentication token it should
return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this
information will be passed back to the application.
</para>
+ <para>
+ If the control value <emphasis>sufficient</emphasis> is used in
+ the password stack, the <emphasis>PAM_PRELIM_CHECK</emphasis> section
+ of the modules following that control value is not always executed.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -89,18 +94,18 @@
<para>
This informs the module that this is the call it should change
the authorization tokens. If the flag is logically OR'd with
- <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the
+ <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the
token is only changed if it has actually expired.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
- The PAM library calls this function twice in succession. The first
- time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then,
- if the module does not return
+ The PAM library calls this function twice in succession. The first
+ time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then,
+ if the module does not return
<emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with
- <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on
+ <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on
the second call that the authorization token is (possibly) changed.
</para>
</refsect1>
diff --git a/doc/man/pam_sm_close_session.3 b/doc/man/pam_sm_close_session.3
index 1078d5aa..90510a3e 100644
--- a/doc/man/pam_sm_close_session.3
+++ b/doc/man/pam_sm_close_session.3
@@ -1,58 +1,224 @@
.\" Title: pam_sm_close_session
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SM_CLOSE_SESSION" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SM_CLOSE_SESSION" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_sm_close_session - PAM service function to terminate session management
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_sm_close_session \- PAM service function to terminate session management
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
#define PAM_SM_SESSION
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 36
+.fam C
+.HP \w'PAM_EXTERN\ int\ pam_sm_close_session('u
.BI "PAM_EXTERN int pam_sm_close_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_sm_close_session\fR
function is the service module\'s implementation of the
\fBpam_close_session\fR(3)
-interface\.
+interface\&.
.PP
-This function is called to terminate a session\. The only valid value for
+This function is called to terminate a session\&. The only valid value for
\fIflags\fR
is zero or:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_SESSION_ERR
.RS 4
-Cannot make/remove an entry for the specified session\.
+Cannot make/remove an entry for the specified session\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The session was successfully terminated\.
+The session was successfully terminated\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_sm_open_session.3 b/doc/man/pam_sm_open_session.3
index ccaf403e..8613cf85 100644
--- a/doc/man/pam_sm_open_session.3
+++ b/doc/man/pam_sm_open_session.3
@@ -1,58 +1,224 @@
.\" Title: pam_sm_open_session
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SM_OPEN_SESSION" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SM_OPEN_SESSION" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_sm_open_session - PAM service function to start session management
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_sm_open_session \- PAM service function to start session management
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
#define PAM_SM_SESSION
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 35
+.fam C
+.HP \w'PAM_EXTERN\ int\ pam_sm_open_session('u
.BI "PAM_EXTERN int pam_sm_open_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_sm_open_session\fR
function is the service module\'s implementation of the
\fBpam_open_session\fR(3)
-interface\.
+interface\&.
.PP
-This function is called to commence a session\. The only valid value for
+This function is called to commence a session\&. The only valid value for
\fIflags\fR
is zero or:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_SESSION_ERR
.RS 4
-Cannot make/remove an entry for the specified session\.
+Cannot make/remove an entry for the specified session\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The session was successfully started\.
+The session was successfully started\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_sm_setcred.3 b/doc/man/pam_sm_setcred.3
index ce875631..ec986cdd 100644
--- a/doc/man/pam_sm_setcred.3
+++ b/doc/man/pam_sm_setcred.3
@@ -1,65 +1,236 @@
.\" Title: pam_sm_setcred
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SM_SETCRED" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SM_SETCRED" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_sm_setcred - PAM service function to alter credentials
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_sm_setcred \- PAM service function to alter credentials
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
#define PAM_SM_AUTH
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_modules\.h>
+#include <security/pam_modules\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 30
+.fam C
+.HP \w'PAM_EXTERN\ int\ pam_sm_setcred('u
.BI "PAM_EXTERN int pam_sm_setcred(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_sm_setcred\fR
function is the service module\'s implementation of the
\fBpam_setcred\fR(3)
-interface\.
+interface\&.
.PP
-This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme\. Generally, an authentication module may have access to more information about a user than their authentication token\. This function is used to make such information available to the application\. It should only be called
+This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme\&. Generally, an authentication module may have access to more information about a user than their authentication token\&. This function is used to make such information available to the application\&. It should only be called
\fIafter\fR
-the user has been authenticated but before a session has been established\.
+the user has been authenticated but before a session has been established\&.
.PP
Valid flags, which may be logically OR\'d with
\fIPAM_SILENT\fR, are:
.PP
PAM_SILENT
.RS 4
-Do not emit any messages\.
+Do not emit any messages\&.
+.RE
+.PP
+PAM_ESTABLISH_CRED
+.RS 4
+Initialize the credentials for the user\&.
.RE
.PP
PAM_DELETE_CRED
.RS 4
-Delete the credentials associated with the authentication service\.
+Delete the credentials associated with the authentication service\&.
.RE
.PP
PAM_REINITIALIZE_CRED
.RS 4
-Reinitialize the user credentials\.
+Reinitialize the user credentials\&.
.RE
.PP
PAM_REFRESH_CRED
.RS 4
-Extend the lifetime of the user credentials\.
+Extend the lifetime of the user credentials\&.
.RE
.PP
The way the
@@ -67,41 +238,41 @@ The way the
stack is navigated in order to evaluate the
\fBpam_setcred\fR() function call, independent of the
\fBpam_sm_setcred\fR() return codes, is exactly the same way that it was navigated when evaluating the
-\fBpam_authenticate\fR() library call\. Typically, if a stack entry was ignored in evaluating
+\fBpam_authenticate\fR() library call\&. Typically, if a stack entry was ignored in evaluating
\fBpam_authenticate\fR(), it will be ignored when libpam evaluates the
-\fBpam_setcred\fR() function call\. Otherwise, the return codes from each module specific
+\fBpam_setcred\fR() function call\&. Otherwise, the return codes from each module specific
\fBpam_sm_setcred\fR() call are treated as
-\fBrequired\fR\.
+\fBrequired\fR\&.
.SH "RETURN VALUES"
.PP
PAM_CRED_UNAVAIL
.RS 4
-This module cannot retrieve the user\'s credentials\.
+This module cannot retrieve the user\'s credentials\&.
.RE
.PP
PAM_CRED_EXPIRED
.RS 4
-The user\'s credentials have expired\.
+The user\'s credentials have expired\&.
.RE
.PP
PAM_CRED_ERR
.RS 4
-This module was unable to set the credentials of the user\.
+This module was unable to set the credentials of the user\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-The user credential was successfully set\.
+The user credential was successfully set\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
-The user is not known to this authentication module\.
+The user is not known to this authentication module\&.
.RE
.PP
These, non\-\fIPAM_SUCCESS\fR, return values will typically lead to the credential stack
-\fIfailing\fR\. The first such error will dominate in the return value of
-\fBpam_setcred\fR()\.
+\fIfailing\fR\&. The first such error will dominate in the return value of
+\fBpam_setcred\fR()\&.
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml
index e4809ad7..e557000c 100644
--- a/doc/man/pam_sm_setcred.3.xml
+++ b/doc/man/pam_sm_setcred.3.xml
@@ -62,6 +62,12 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>PAM_ESTABLISH_CRED</term>
+ <listitem>
+ <para>Initialize the credentials for the user.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>PAM_DELETE_CRED</term>
<listitem>
<para>
@@ -87,15 +93,15 @@
</varlistentry>
</variablelist>
<para>
- The way the <emphasis remap='B'>auth</emphasis> stack is
+ The way the <emphasis remap='B'>auth</emphasis> stack is
navigated in order to evaluate the <function>pam_setcred</function>()
- function call, independent of the <function>pam_sm_setcred</function>()
+ function call, independent of the <function>pam_sm_setcred</function>()
return codes, is exactly the same way that it was navigated when
evaluating the <function>pam_authenticate</function>() library
call. Typically, if a stack entry was ignored in evaluating
<function>pam_authenticate</function>(), it will be ignored when
- libpam evaluates the <function>pam_setcred</function>() function
- call. Otherwise, the return codes from each module specific
+ libpam evaluates the <function>pam_setcred</function>() function
+ call. Otherwise, the return codes from each module specific
<function>pam_sm_setcred</function>() call are treated as
<emphasis remap='B'>required</emphasis>.
</para>
@@ -146,9 +152,9 @@
</varlistentry>
</variablelist>
<para>
- These, non-<emphasis>PAM_SUCCESS</emphasis>, return values will
+ These, non-<emphasis>PAM_SUCCESS</emphasis>, return values will
typically lead to the credential stack <emphasis>failing</emphasis>.
- The first such error will dominate in the return value of
+ The first such error will dominate in the return value of
<function>pam_setcred</function>().
</para>
</refsect1>
diff --git a/doc/man/pam_start.3 b/doc/man/pam_start.3
index c2273b63..9c3ba298 100644
--- a/doc/man/pam_start.3
+++ b/doc/man/pam_start.3
@@ -1,83 +1,245 @@
.\" Title: pam_start
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_START" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_START" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_start - initialization of PAM transaction
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_start \- initialization of PAM transaction
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 14
+.fam C
+.HP \w'int\ pam_start('u
.BI "int pam_start(const\ char\ *" "service_name" ", const\ char\ *" "user" ", const\ struct\ pam_conv\ *" "pam_conversation" ", pam_handle_t\ **" "pamh" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_start\fR
-function creates the PAM context and initiates the PAM transaction\. It is the first of the PAM functions that needs to be called by an application\. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel\. But it is not possible to use the same handle for different transactions, a new one is needed for every new context\.
+function creates the PAM context and initiates the PAM transaction\&. It is the first of the PAM functions that needs to be called by an application\&. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel\&. But it is not possible to use the same handle for different transactions, a new one is needed for every new context\&.
.PP
The
\fIservice_name\fR
-argument specifies the name of the service to apply and will be stored as PAM_SERVICE item in the new context\. The policy for the service will be read from the file
-\fI/etc/pam\.d/service_name\fR
+argument specifies the name of the service to apply and will be stored as PAM_SERVICE item in the new context\&. The policy for the service will be read from the file
+\FC/etc/pam\&.d/service_name\F[]
or, if that file does not exist, from
-\fI/etc/pam\.conf\fR\.
+\FC/etc/pam\&.conf\F[]\&.
.PP
The
\fIuser\fR
-argument can specify the name of the target user and will be stored as PAM_USER item\. If the argument is NULL, the module has to ask for this item if necessary\.
+argument can specify the name of the target user and will be stored as PAM_USER item\&. If the argument is NULL, the module has to ask for this item if necessary\&.
.PP
The
\fIpam_conversation\fR
argument points to a
\fIstruct pam_conv\fR
-describing the conversation function to use\. An application must provide this for direct communication between a loaded module and the application\.
+describing the conversation function to use\&. An application must provide this for direct communication between a loaded module and the application\&.
.PP
Following a successful return (PAM_SUCCESS) the contents of
\fIpamh\fR
-is a handle that contains the PAM context for successive calls to the PAM functions\. In an error case is the content of
+is a handle that contains the PAM context for successive calls to the PAM functions\&. In an error case is the content of
\fIpamh\fR
-undefined\.
+undefined\&.
.PP
The
\fIpam_handle_t\fR
-is a blind structure and the application should not attempt to probe it directly for information\. Instead the PAM library provides the functions
+is a blind structure and the application should not attempt to probe it directly for information\&. Instead the PAM library provides the functions
\fBpam_set_item\fR(3)
and
-\fBpam_get_item\fR(3)\. The PAM handle cannot be used for mulitiple authentications at the same time as long as
+\fBpam_get_item\fR(3)\&. The PAM handle cannot be used for mulitiple authentications at the same time as long as
\fBpam_end\fR
-was not called on it before\.
+was not called on it before\&.
.SH "RETURN VALUES"
.PP
PAM_ABORT
.RS 4
-General failure\.
+General failure\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
-Memory buffer error\.
+Memory buffer error\&.
.RE
.PP
PAM_SUCCESS
.RS 4
-Transaction was successful created\.
+Transaction was successful created\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
-System error, for example a NULL pointer was submitted instead of a pointer to data\.
+System error, for example a NULL pointer was submitted instead of a pointer to data\&.
.RE
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_strerror.3 b/doc/man/pam_strerror.3
index 785cd69e..5ef225ee 100644
--- a/doc/man/pam_strerror.3
+++ b/doc/man/pam_strerror.3
@@ -1,35 +1,197 @@
.\" Title: pam_strerror
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_STRERROR" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_STRERROR" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_strerror - return string describing PAM error code
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_strerror \- return string describing PAM error code
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 25
+.fam C
+.HP \w'const\ char\ *pam_strerror('u
.BI "const char *pam_strerror(pam_handle_t\ *" "pamh" ", int\ " "errnum" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_strerror\fR
function returns a pointer to a string describing the error code passed in the argument
-\fIerrnum\fR, possibly using the LC_MESSAGES part of the current locale to select the appropriate language\. This string must not be modified by the application\. No library function will modify this string\.
+\fIerrnum\fR, possibly using the LC_MESSAGES part of the current locale to select the appropriate language\&. This string must not be modified by the application\&. No library function will modify this string\&.
.SH "RETURN VALUES"
.PP
-This function returns always a pointer to a string\.
+This function returns always a pointer to a string\&.
.SH "SEE ALSO"
.PP
diff --git a/doc/man/pam_syslog.3 b/doc/man/pam_syslog.3
index d606746a..39960c4c 100644
--- a/doc/man/pam_syslog.3
+++ b/doc/man/pam_syslog.3
@@ -1,45 +1,213 @@
.\" Title: pam_syslog
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_SYSLOG" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_SYSLOG" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_syslog, pam_vsyslog - send messages to the system logger
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_syslog, pam_vsyslog \- send messages to the system logger
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <syslog\.h>
+#include <syslog\&.h>
.fi
+.fam
+.ps +1
.ft
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_ext\.h>
+#include <security/pam_ext\&.h>
.fi
+.fam
+.ps +1
.ft
-.HP 16
-.BI "void pam_syslog(pam_handle_t\ *" "pamh" ", int\ " "priority" ", const\ char\ *" "fmt" ", " "\.\.\." ");"
-.HP 17
+.fam C
+.HP \w'void\ pam_syslog('u
+.BI "void pam_syslog(pam_handle_t\ *" "pamh" ", int\ " "priority" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");"
+.fam
+.fam C
+.HP \w'void\ pam_vsyslog('u
.BI "void pam_vsyslog(pam_handle_t\ *" "pamh" ", int\ " "priority" ", const\ char\ *" "fmt" ", va_list\ " "args" ");"
+.fam
.SH "DESCRIPTION"
.PP
The
\fBpam_syslog\fR
function logs messages using
\fBsyslog\fR(3)
-and is intended for internal use by Linux\-PAM and PAM service modules\. The
+and is intended for internal use by Linux\-PAM and PAM service modules\&. The
\fIpriority\fR
argument is formed by ORing the facility and the level values as documented in the
\fBsyslog\fR(3)
-manual page\.
+manual page\&.
.PP
The
\fBpam_vsyslog\fR
@@ -47,7 +215,7 @@ function performs the same task as
\fBpam_syslog()\fR
with the difference that it takes a set of arguments which have been obtained using the
\fBstdarg\fR(3)
-variable argument list macros\.
+variable argument list macros\&.
.SH "SEE ALSO"
.PP
@@ -58,4 +226,4 @@ The
\fBpam_syslog\fR
and
\fBpam_vsyslog\fR
-functions are Linux\-PAM extensions\.
+functions are Linux\-PAM extensions\&.
diff --git a/doc/man/pam_xauth_data.3 b/doc/man/pam_xauth_data.3
index 5c4b58fa..2566b24b 100644
--- a/doc/man/pam_xauth_data.3
+++ b/doc/man/pam_xauth_data.3
@@ -1,26 +1,187 @@
.\" Title: pam_xauth_data
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 04/16/2008
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 03/02/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+.\" Language: English
.\"
-.TH "PAM_XAUTH_DATA" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_XAUTH_DATA" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-pam_xauth_data - structure containing X authentication data
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_xauth_data \- structure containing X authentication data
+.SH "Synopsis"
.sp
.ft B
+.fam C
+.ps -1
.nf
-#include <security/pam_appl\.h>
+#include <security/pam_appl\&.h>
.fi
+.fam
+.ps +1
.ft
.sp
-.RS 4
+.fam C
+.ps -1
.nf
struct pam_xauth_data {
int namelen;
@@ -30,32 +191,33 @@ struct pam_xauth_data {
};
.fi
-.RE
+.fam
+.ps +1
.SH "DESCRIPTION"
.PP
The
\fBpam_xauth_data\fR
-structure contains X authentication data used to make a connection to an X display\. Using this mechanism, an application can communicate X authentication data to PAM service modules\. This allows modules to make a connection to the user\'s X display in order to label the user\'s session on login, display visual feedback or for other purposes\.
+structure contains X authentication data used to make a connection to an X display\&. Using this mechanism, an application can communicate X authentication data to PAM service modules\&. This allows modules to make a connection to the user\'s X display in order to label the user\'s session on login, display visual feedback or for other purposes\&.
.PP
The
\fIname\fR
-field contains the name of the authentication method, such as "MIT\-MAGIC\-COOKIE\-1"\. The
+field contains the name of the authentication method, such as "MIT\-MAGIC\-COOKIE\-1"\&. The
\fInamelen\fR
-field contains the length of this string, not including the trailing NUL character\.
+field contains the length of this string, not including the trailing NUL character\&.
.PP
The
\fIdata\fR
-field contains the authentication method\-specific data corresponding to the specified name\. The
+field contains the authentication method\-specific data corresponding to the specified name\&. The
\fIdatalen\fR
-field contains its length in bytes\.
+field contains its length in bytes\&.
.PP
The X authentication data can be changed with the
\fIPAM_XAUTH_DATA\fR
-item\. It can be queried and set with
+item\&. It can be queried and set with
\fBpam_get_item\fR(3)
and
\fBpam_set_item \fR(3)
-respectively\. The value used to set it should be a pointer to a pam_xauth_data structure\. An internal copy of both the structure itself and its fields is made by PAM when setting the item\.
+respectively\&. The value used to set it should be a pointer to a pam_xauth_data structure\&. An internal copy of both the structure itself and its fields is made by PAM when setting the item\&.
.SH "SEE ALSO"
.PP
@@ -67,4 +229,4 @@ The
\fBpam_xauth_data\fR
structure and
\fIPAM_XAUTH_DATA\fR
-item are Linux\-PAM extensions\.
+item are Linux\-PAM extensions\&.