diff options
2 files changed, 20 insertions, 16 deletions
diff --git a/ChangeLog b/ChangeLog
index 8941c316..f5a021c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2005-10-27 Thorsten Kukuk <>
+ * doc/man/pam.8: Fix wording for authentication chapter [#1197444]
2005-10-26 Tomas Mraz <>
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
@@ -6,15 +10,15 @@
uid to 0 before executing the helper if SELinux is enabled.
* modules/pam_unix/unix_chkpwd.c (main): Disable user check only
if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
2005-10-20 Tomas Mraz <>
* Added check for xauth binary and --with-xauth option.
* Added configurable PAM_PATH_XAUTH.
* modules/pam_xauth/README,
modules/pam_xauth/pam_xauth.8: Document where xauth is looked for.
- * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
+ * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
searching xauth binary on multiple places.
(run_coprocess): Don't use execvp as it can be a security risk.
@@ -103,16 +107,16 @@
2005-09-26 Tomas Mraz <>
* NEWS: Add a few missing entries from CHANGELOG.
* AUTHORS: Fixed entries for Toady and me.
* (M4_FILES): Fixed out of tree build.
* doc/specs/ (EXTRA_DIST): Removed lex.yy.c
(spec, lex.yy.c): Fixed out of tree build.
* modules/pam_userdb/README: Document try_first_pass and
use_first_pass options, remove use_authtok option.
2005-09-26 Dmitry V. Levin <>
@@ -182,7 +186,7 @@
* po/zh_TW.po: Likewise.
2005-09-23 Tomas Mraz <>
* modules/pam_access/pam_access.c (from_match): Support NULL from.
(string_match): Support NULL string, add NONE keyword matching it.
(pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
diff --git a/doc/man/pam.8 b/doc/man/pam.8
index 50fc9767..fc032bcc 100644
--- a/doc/man/pam.8
+++ b/doc/man/pam.8
@@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id$
.\" Copyright (c) Andrew G. Morgan 1996-7,2001 <>
-.TH PAM 8 "2001 Jan 20" "Linux-PAM 0.74" "Linux-PAM Manual"
+.TH PAM 8 "2005 Oct 27" "Linux-PAM 1.0" "Linux-PAM Manual"
Linux-PAM \- Pluggable Authentication Modules for Linux
@@ -81,9 +81,9 @@ expired?; is this user permitted access to the requested service?
.BR auth "entication - "
-establish the user is who they claim to be. Typically this is via some
-challenge-response request that the user must satisfy: if you are who
-you claim to be please enter your password. Not all authentications
+authenticate a user and set up user credentials. Typically this is via
+some challenge-response request that the user must satisfy: if you are
+who you claim to be please enter your password. Not all authentications
are of this type, there exist hardware based authentication schemes
(such as the use of smart-cards and biometric devices), with suitable
modules, these may be substituted seamlessly for more standard
@@ -149,7 +149,7 @@ first three being case-insensitive:
The syntax of files contained in the
.B /etc/pam.d/
directory, are identical except for the absence of any
-.I service
+.I service
field. In this case, the
.I service
is the name of the file in the
@@ -169,7 +169,7 @@ The
.BR service
is typically the familiar name of the corresponding application:
.BR login
.BR su
are good examples. The
.BR service "-name, " other ", "
@@ -285,7 +285,7 @@ implies 'all
not mentioned explicitly. Note, the full list of PAM errors is
available in /usr/include/security/_pam_types.h . The
.B actionN
-can be: an unsigned integer,
+can be: an unsigned integer,
.BR J ,
signifying an action of 'jump over the next J modules in the stack';
or take one of the following forms:
@@ -294,7 +294,7 @@ or take one of the following forms:
- when used with a stack of modules, the module's return status will
not contribute to the return code the application obtains;
-.B bad
+.B bad
- this action indicates that the return code should be thought of as
indicative of the module failing. If this module is the first in the
stack to fail, its status value will be used for that of the whole