Relevant BUGIDs:

Purpose of commit: new feature and cleanup Commit summary: --------------- 2007-12-07 Tomas Mraz <t8m@centrum.cz> * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version. * libpam/pam_audit.c: Add _pam_audit_open() and pam_modutil_audit_write(). (_pam_auditlog): Call _pam_audit_open(). * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write(). * modules/pam_access/pam_access.8.xml: Add noaudit option. Document auditing. * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and only_new_group_syntax variables to struct login_info. Add noaudit member. (_parse_args): Adjust for the move of variables and add support for noaudit option. (group_match): Add debug parameter. (string_match): Likewise. (network_netmask_match): Likewise. (login_access): Adjust for the move of variables. Add nonall_match. Add call to pam_modutil_audit_write(). (list_match): Adjust for the move of variables. (user_match): Likewise. (from_match): Likewise. (pam_sm_authenticate): Call _parse_args() earlier. * modules/pam_limits/pam_limits.8.xml: Add noaudit option. Document auditing. * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option. (setup_limits): Call pam_modutil_audit_write(). * modules/pam_time/pam_time.8.xml: Add debug and noaudit options. Document auditing. * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()). (check_account): Call _pam_parse(). Call pam_modutil_audit_write() and pam_syslog() on login denials.
author: Tomas Mraz <tm@t8m.info> 2007-12-07 15:40:01 +0000
committer: Tomas Mraz <tm@t8m.info> 2007-12-07 15:40:01 +0000
commit: 8ae5f5769c4c611ca6918450bbe6e55dfa4e5926 (patch)
tree: a217a8080c67dbd2189a3fcdb3f627223e8f6101 /modules/pam_access/pam_access.8.xml
parent: 67b5cdd945120d8b0fe4c40fe9df576fa5c2a9a2 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml
index 1d814e88..21970d49 100644
--- a/modules/pam_access/pam_access.8.xml
+++ b/modules/pam_access/pam_access.8.xml
@@ -29,6 +29,9 @@
         nodefgroup
       </arg>
       <arg choice="opt">
+        noaudit
+      </arg>
+      <arg choice="opt">
         accessfile=<replaceable>file</replaceable>
       </arg>
       <arg choice="opt">
@@ -54,6 +57,10 @@
       <filename>/etc/security/access.conf</filename> if you don't specify
       another file.
     </para>
+    <para>
+      If Linux PAM is compiled with audit support the module will report
+      when it denies access based on origin (host or tty). 
+    </para>
   </refsect1>
 
   <refsect1 id="pam_access-options">
@@ -87,6 +94,17 @@
 
       <varlistentry>
         <term>
+          <option>noaudit</option>
+        </term>
+        <listitem>
+          <para>
+            Do not report logins from disallowed hosts and ttys to the audit subsystem.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
           <option>fieldsep=<replaceable>separators</replaceable></option>
         </term>
         <listitem>
author	Tomas Mraz <tm@t8m.info>	2007-12-07 15:40:01 +0000
committer	Tomas Mraz <tm@t8m.info>	2007-12-07 15:40:01 +0000
commit	8ae5f5769c4c611ca6918450bbe6e55dfa4e5926 (patch)
tree	a217a8080c67dbd2189a3fcdb3f627223e8f6101 /modules/pam_access/pam_access.8.xml
parent	67b5cdd945120d8b0fe4c40fe9df576fa5c2a9a2 (diff)