Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2006-06-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_wheel/Makefile.am: Include Make.xml.rules.
        * modules/pam_wheel/pam_wheel.8.xml: New.
        * modules/pam_wheel/pam_wheel.8: New, generated from xml file.
        * modules/pam_wheel/README.xml: New.
        * modules/pam_wheel/README: Regenerated from xml file.

        * modules/pam_xauth/Makefile.am: Include Make.xml.rules.
        * modules/pam_xauth/pam_xauth.8.xml: New.
        * modules/pam_xauth/pam_xauth.8: Regenerated from xml file.
        * modules/pam_xauth/README.xml: New.
        * modules/pam_xauth/README: Regenerated from xml file.

        * modules/pam_deny/pam_deny.8.xml: Fix syntax errors.
        * modules/pam_deny/pam_deny.8: Regenerate from xml file.
        * modules/pam_deny/README: Likewise.

        * modules/pam_warn/Makefile.am: Include Make.xml.rules.
        * modules/pam_warn/pam_warn.8.xml: New.
        * modules/pam_warn/pam_warn.8: New, generated from xml file.
        * modules/pam_warn/README.xml: New.
        * modules/pam_warn/README: Regenerated from xml file.

        * modules/pam_userdb/Makefile.am: Include Make.xml.rules.
        * modules/pam_userdb/pam_userdb.8.xml: New.
        * modules/pam_userdb/pam_userdb.8: New, generated from xml file.
        * modules/pam_userdb/README.xml: New.
        * modules/pam_userdb/README: Regenerated from xml file.

1 files changed, 59 insertions, 37 deletions

diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README
index 2cd156c0..db118205 100644
--- a/modules/pam_wheel/README
+++ b/modules/pam_wheel/README
@@ -1,39 +1,61 @@
+pam_wheel — Only permit root access to members of group wheel
 
-pam_wheel:
-	only permit root authentication to members of wheel group
-
-RECOGNIZED ARGUMENTS:
-	debug		Write a message to syslog indicating success or
-			failure.
-
-	use_uid		The check for wheel membership will be done against
-			the current uid instead of the original one
-			(useful when jumping with su from one account to
-			another for example).
-			
-	trust		The pam_wheel module will return PAM_SUCCESS instead
-			of PAM_IGNORE if the user is a member of the wheel
-			group (thus with a little play stacking the modules
-			the wheel members may be able to su to root without
-			being prompted for a passwd).
-
-	deny		Reverse the sense of the auth operation: if the user
-			is trying to get UID 0 access and is a member of the
-			wheel group, deny access (well, kind of nonsense, but
-			for use in conjunction with 'group' argument... :-)
-	                Conversely, if the user is not in the group, return
-                        PAM_IGNORE (unless 'trust' was also specified, in
-                        which case we return PAM_SUCCESS).
-
-	group=xxxx	Instead of checking the wheel or GID 0 groups, use
-			the xxxx group to perform the authentification.
-
-	root_only	The check for wheel membership is done only
-			if the uid of requested account is 0.
-
-MODULE SERVICES PROVIDED:
-	auth		_authentication, _setcred (blank) and _acct_mgmt
-
-AUTHOR:
-	Cristian Gafton <gafton@redhat.com>
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_wheel PAM module is used to enforce the so-called wheel group. By
+default it permits root access to the system if the applicant user is a member
+of the wheel group. If no group with this name exist, the module is using the
+group with the group-ID 0.
+
+OPTIONS
+
+debug
+
+    Print debug information.
+
+deny
+
+    Reverse the sense of the auth operation: if the user is trying to get UID 0
+    access and is a member of the wheel group (or the group of the group
+    option), deny access. Conversely, if the user is not in the group, return
+    PAM_IGNORE (unless trust was also specified, in which case we return
+    PAM_SUCCESS).
+
+group=name
+
+    Instead of checking the wheel or GID 0 groups, use the name group to
+    perform the authentification.
+
+root_only
+
+    The check for wheel membership is done only.
+
+trust
+
+    The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the
+    user is a member of the wheel group (thus with a little play stacking the
+    modules the wheel members may be able to su to root without being prompted
+    for a passwd).
+
+use_uid
+
+    The check for wheel membership will be done against the current uid instead
+    of the original one (useful when jumping with su from one account to
+    another for example).
+
+EXAMPLES
+
+The root account gains access by default (rootok), only wheel members can
+become root (wheel) but Unix authenticate non-root applicants.
+
+su      auth     sufficient     pam_rootok.so
+su      auth     required       pam_wheel.so
+su      auth     required       pam_unix.so
+
+
+AUTHOR
+
+pam_wheel was written by Cristian Gafton <gafton@redhat.com>.