summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2009-06-16 08:32:40 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2009-06-16 08:32:40 +0000
commit2820ff6a5f9f43faa8cc823cd954966ca3f5c8cc (patch)
tree1e6105648c255cee829d129141f05004b8255699 /doc
parentf25975c7d36f29b975db2a5159841b5ddcf9c475 (diff)
Relevant BUGIDs:
Purpose of commit: bugfix Commit summary: --------------- 2009-06-16 Thorsten Kukuk <kukuk@thkukuk.de> * doc/sag/Linux-PAM_SAG.xml: Fix typos. * doc/adg/Linux-PAM_ADG.xml: Likewise. * doc/mwg/Linux-PAM_MWG.xml: Likewise.
Diffstat (limited to 'doc')
-rw-r--r--doc/adg/Linux-PAM_ADG.xml19
-rw-r--r--doc/mwg/Linux-PAM_MWG.xml6
-rw-r--r--doc/sag/Linux-PAM_SAG.xml12
3 files changed, 19 insertions, 18 deletions
diff --git a/doc/adg/Linux-PAM_ADG.xml b/doc/adg/Linux-PAM_ADG.xml
index 8f5ec115..ad7966df 100644
--- a/doc/adg/Linux-PAM_ADG.xml
+++ b/doc/adg/Linux-PAM_ADG.xml
@@ -23,7 +23,7 @@
about the <emphasis remap='B'>Linux-PAM</emphasis> library. It
describes how an application might use the
<emphasis remap='B'>Linux-PAM</emphasis> library to authenticate
- users. In addition it contains a description of the funtions
+ users. In addition it contains a description of the functions
to be found in <filename>libpam_misc</filename> library, that can
be used in general applications. Finally, it contains some comments
on PAM related security issues for the application developer.
@@ -380,7 +380,7 @@ cc -o application .... -lpam -lpam_misc
</para>
</section>
- <section id="adg-security-usre-identity">
+ <section id="adg-security-user-identity">
<title>The identity of the user</title>
<para>
The <emphasis remap='B'>Linux-PAM</emphasis> modules will need
@@ -395,9 +395,9 @@ cc -o application .... -lpam -lpam_misc
issue of security. One convention that is actively used by
some modules is that the identity of the user requesting a
service should be the current <emphasis>UID</emphasis>
- (userid) of the running process; the identity of the
+ (user ID) of the running process; the identity of the
privilege granting user is the <emphasis>EUID</emphasis>
- (effective userid) of the running process; the identity of
+ (effective user ID) of the running process; the identity of
the user, under whose name the service will be executed, is
given by the contents of the <emphasis>PAM_USER</emphasis>
<citerefentry>
@@ -459,7 +459,7 @@ cc -o application .... -lpam -lpam_misc
This is also true of conversation prompts. The application should not
accept prompts of arbitrary length with out checking for resource
allocation failure and dealing with such extreme conditions gracefully
- and in a mannor that preserves the PAM API. Such tolerance may be
+ and in a manner that preserves the PAM API. Such tolerance may be
especially important when attempting to track a malicious adversary.
</para>
</section>
@@ -470,7 +470,7 @@ cc -o application .... -lpam -lpam_misc
<para>
To aid the work of the application developer a library of
miscellaneous functions is provided. It is called
- <command>libpam_miscy</command>, and contains a text based
+ <command>libpam_misc</command>, and contains a text based
conversation function, and routines for enhancing the standard
PAM-environment variable support.
</para>
@@ -520,8 +520,9 @@ cc -o application .... -lpam -lpam_misc
being be attached to it. The point being that the "standard"
pop-authentication protocol(s) [which will be needed to satisfy
inflexible/legacy clients] would be supported by inserting an
- appropriate pam_qpopper module(s). However, having rewritten popd
- once in this way any new protocols can be implemented in-situ.
+ appropriate pam_qpopper module(s). However, having rewritten
+ <command>popd</command> once in this way any new protocols can be
+ implemented in-situ.
</para>
<para>
One simple test of a ported application would be to insert the
@@ -558,7 +559,7 @@ cc -o application .... -lpam -lpam_misc
him/herself in a variety of ways. Updating the user's
authentication token thus corresponds to
<emphasis>refreshing</emphasis> the object they use to
- authenticate themself with the system. The word password is
+ authenticate them self with the system. The word password is
avoided to keep open the possibility that the authentication
involves a retinal scan or other non-textual mode of
challenge/response.
diff --git a/doc/mwg/Linux-PAM_MWG.xml b/doc/mwg/Linux-PAM_MWG.xml
index 5a09a7cf..0c6c9201 100644
--- a/doc/mwg/Linux-PAM_MWG.xml
+++ b/doc/mwg/Linux-PAM_MWG.xml
@@ -71,7 +71,7 @@
</para>
</section>
- <section id="mwg-introducton-synopsis">
+ <section id="mwg-introduction-synopsis">
<title>Synopsis</title>
<programlisting>
#include &lt;security/pam_modules.h&gt;
@@ -97,7 +97,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam
First, we cover what the module should expect from the
<emphasis remap='B'>Linux-PAM</emphasis> library and a
<emphasis remap='B'>Linux-PAM</emphasis> aware application.
- Essesntially this is the <filename>libpam.*</filename> library.
+ Essentially this is the <filename>libpam.*</filename> library.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_set_data.xml"/>
@@ -169,7 +169,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam
token of some lesser user. In other cases it may not be
appropriate: when <command>joe</command> maliciously wants
to reset <command>alice</command>'s password; or when anyone
- other than the user themself wishes to reset their
+ other than the user them self wishes to reset their
<emphasis>KERBEROS</emphasis> authentication token. A policy
for this action should be defined by any reasonable
authentication scheme, the module writer should consider
diff --git a/doc/sag/Linux-PAM_SAG.xml b/doc/sag/Linux-PAM_SAG.xml
index b83355ef..a3fc1ee8 100644
--- a/doc/sag/Linux-PAM_SAG.xml
+++ b/doc/sag/Linux-PAM_SAG.xml
@@ -27,7 +27,7 @@
</abstract>
</bookinfo>
- <chapter id='sag-introductoin'>
+ <chapter id='sag-introduction'>
<title>Introduction</title>
<para>
<emphasis remap='B'>Linux-PAM</emphasis> (Pluggable Authentication
@@ -85,7 +85,7 @@
here for locating these files are those of the relevant RFC (RFC-86.0,
see <link linkend="sag-see-also">bibliography"</link>). If you are
using a distribution of Linux (or some other operating system) that
- supports PAM but chooses to distribute these files in a diferent way
+ supports PAM but chooses to distribute these files in a different way
you should be careful when copying examples directly from the text.
</para>
<para>
@@ -210,7 +210,7 @@
If a program is going to use PAM, then it has to have PAM
functions explicitly coded into the program. If you have
access to the source code you can add the appropriate PAM
- functions. If you do not have accessto the source code, and
+ functions. If you do not have access to the source code, and
the binary does not have the PAM functions included, then
it is not possible to use PAM.
</para>
@@ -227,7 +227,7 @@
href="../man/pam.conf-syntax.xml"
xpointer='xpointer(//section[@id = "pam.conf-syntax"]/*)' />
</section>
- <section id='sag-configuratin-dirctory'>
+ <section id='sag-configuration-directory'>
<title>Directory based configuration</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam.conf-dir.xml"
@@ -333,7 +333,7 @@ session required pam_unix.so
<chapter id='sag-security-issues'>
<title>Security issues</title>
- <section id='sag-scurity-issues-wrong'>
+ <section id='sag-security-issues-wrong'>
<title>If something goes wrong</title>
<para>
<emphasis remap='B'>Linux-PAM</emphasis> has the potential
@@ -341,7 +341,7 @@ session required pam_unix.so
choose to have no security or absolute security (no access
permitted). In general, <emphasis remap='B'>Linux-PAM</emphasis>
errs towards the latter. Any number of configuration errors
- can dissable access to your system partially, or completely.
+ can disable access to your system partially, or completely.
</para>
<para>
The most dramatic problem that is likely to be encountered when