summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog24
-rw-r--r--doc/man/Makefile.am7
-rw-r--r--modules/pam_limits/limits.conf2
-rw-r--r--modules/pam_limits/limits.conf.5.xml2
-rw-r--r--modules/pam_selinux/.cvsignore1
-rw-r--r--modules/pam_selinux/Makefile.am3
-rw-r--r--modules/pam_selinux/pam_selinux_check.835
-rw-r--r--modules/pam_stress/.cvsignore1
-rw-r--r--modules/pam_stress/README64
-rw-r--r--modules/pam_unix/.cvsignore1
-rw-r--r--modules/pam_unix/unix_chkpwd.880
11 files changed, 206 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index f75e6b40..4198a142 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,9 @@
-2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
+2008-01-08 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * doc/man/Makefile.am: Fix manual page dependencies,
+ add hack for bug in xsl stylestheets.
+
+2008-01-07 Thorsten Kukuk <kukuk@thkukuk.de>
* po/it.po: Fix typos.
* po/de.po: Few new translations.
@@ -10,17 +15,22 @@
* po/sv.po: Update swedish translation [#1857531].
* modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
cut & paste error [#1863490].
-
-2007-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
+
+2008-01-02 Petteri R├Ąty <betelgeuse@gentoo.org>
+ * modules/pam_limits/limits.conf: document allowed values for
+ nice.
+ * modules/pam_limits/limits.conf.5.xml: Likewise.
+
+2007-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
* README: Document how to run make check with static modules
(SF#1822779).
-2007-12-18 Peter Breitenlohner <peb@mppmu.mpg.de>
+2007-12-18 Peter Breitenlohner <peb@mppmu.mpg.de>
* README: Document that "make check" requires a file
/etc/pam.d/other (SF#1822764).
-2007-12-12 Eamon Walsh <ewalsh@tycho.nsa.gov>
+2007-12-12 Eamon Walsh <ewalsh@tycho.nsa.gov>
* doc/man/pam_item_types_ext.inc.xml: More appropriate wording
for PAM_XDISPLAY doc.
@@ -60,11 +70,11 @@
(check_account): Call _pam_parse(). Call pam_modutil_audit_write()
and pam_syslog() on login denials.
-2007-12-07 Luca Bruno <luca.br@uno.it>
+2007-12-07 Luca Bruno <luca.br@uno.it>
* po/it.po: Updated translations.
-2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
+2007-12-06 Eamon Walsh <ewalsh@tycho.nsa.gov>
* libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
macro.
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 926f1ae5..ca8be05e 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,8 +1,9 @@
#
-# Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
#
CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS)
EXTRA_DIST = $(MANS) $(XMLS)
@@ -44,6 +45,10 @@ XMLS = pam.3.xml pam.8.xml \
pam_misc_setenv.3.xml
if ENABLE_REGENERATE_MAN
+PAM.8: pam.8
+pam.d.5: pam.conf.5
+ test -f pam\\.d.5 && mv pam\\.d.5 pam.d.5
+
pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml
diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf
index d3463638..5d5c3f70 100644
--- a/modules/pam_limits/limits.conf
+++ b/modules/pam_limits/limits.conf
@@ -33,7 +33,7 @@
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
-# - nice - max nice priority allowed to raise to
+# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml
index 8983bee3..fb1fad27 100644
--- a/modules/pam_limits/limits.conf.5.xml
+++ b/modules/pam_limits/limits.conf.5.xml
@@ -214,7 +214,7 @@
<varlistentry>
<term><option>nice</option></term>
<listitem>
- <para>maximum nice priority allowed to raise to (Linux 2.6.12 and higher)</para>
+ <para>maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19]</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/modules/pam_selinux/.cvsignore b/modules/pam_selinux/.cvsignore
index 72174be1..08754fd5 100644
--- a/modules/pam_selinux/.cvsignore
+++ b/modules/pam_selinux/.cvsignore
@@ -9,4 +9,3 @@ Makefile.in
pam_selinux_check
README
pam_selinux.8
-pam_selinux_check.8
diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am
index d11b507c..baf782a8 100644
--- a/modules/pam_selinux/Makefile.am
+++ b/modules/pam_selinux/Makefile.am
@@ -1,8 +1,9 @@
#
-# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
#
CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \
tst-pam_selinux
diff --git a/modules/pam_selinux/pam_selinux_check.8 b/modules/pam_selinux/pam_selinux_check.8
new file mode 100644
index 00000000..d6fcdff1
--- /dev/null
+++ b/modules/pam_selinux/pam_selinux_check.8
@@ -0,0 +1,35 @@
+.TH pam_selinux_check 8 2002/05/23 "Red Hat Linux" "System Administrator's Manual"
+.SH NAME
+pam_selinux_check \- login program to test pam_selinux.so
+.SH SYNOPSIS
+.B pam_selinux_check [user]
+.br
+
+.SH DESCRIPTION
+With no arguments,
+.B pam_selinux_check
+will prompt for user
+
+.SH OPTIONS
+.IP target_user
+The user to login as.
+
+.SH DIAGNOSTICS
+You must setup a /etc/pam.d/pam_selinux_check file, in order for the check to work.
+
+When checking if a selinux is valid,
+.B pam_selinux_check
+returns an exit code of 0 for success and > 0 on error:
+
+.nf
+1: Authentication failure
+.fi
+
+.SH SEE ALSO
+pam_selinux(8)
+
+.SH BUGS
+Let's hope not, but if you find any, please email the author.
+
+.SH AUTHOR
+Dan Walsh <dwalsh@redhat.com>
diff --git a/modules/pam_stress/.cvsignore b/modules/pam_stress/.cvsignore
index acf3f3bc..9fb98574 100644
--- a/modules/pam_stress/.cvsignore
+++ b/modules/pam_stress/.cvsignore
@@ -4,4 +4,3 @@
.libs
Makefile
Makefile.in
-README
diff --git a/modules/pam_stress/README b/modules/pam_stress/README
new file mode 100644
index 00000000..e64bf2d3
--- /dev/null
+++ b/modules/pam_stress/README
@@ -0,0 +1,64 @@
+#
+# This describes the behavior of this module with respect to the
+# /etc/pam.conf file.
+#
+# writen by Andrew Morgan <morgan@parc.power.net>
+#
+
+This module recognizes the following arguments.
+
+debug put lots of information in syslog.
+ *NOTE* this option writes passwords to syslog, so
+ don't use anything sensitive when testing.
+
+no_warn don't give warnings about things (otherwise warnings are issued
+ via the conversation function)
+
+use_first_pass don't prompt for a password, for pam_sm_authentication
+ function just use item PAM_AUTHTOK.
+
+try_first_pass don't prompt for a password unless there has been no
+ previous authentication token (item PAM_AUTHTOK is NULL)
+
+rootok This is intended for the pam_sm_chauthtok function and
+ it instructs this function to permit root to change
+ the user's password without entering the old password.
+
+The following arguments are acted on by the module. They are intended
+to make the module give the impression of failing as a fully
+functioning module might.
+
+expired an argument intended for the account and chauthtok module
+ parts. It instructs the module to act as if the user's
+ password has expired
+
+fail_1 this instructs the module to make its first function fail.
+
+fail_2 this instructs the module to make its second function (if there
+ is one) fail.
+
+ The function break up is indicated in the Module
+ Developers' Guide. Listed here it is:
+
+ service function 1 function 2
+ ------- ---------- ----------
+ auth pam_sm_authenticate pam_sm_setcred
+ password pam_sm_chauthtok
+ session pam_sm_open_session pam_sm_close_session
+ account pam_sm_acct_mgmt
+
+prelim for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK.
+
+required for pam_sm_chauthtok, means fail if the user hasn't already
+ been authenticated by this module. (See stress_new_pwd data
+ item below.)
+
+#
+# data strings that this module uses are the following:
+#
+
+data name value(s) Comments
+--------- -------- --------
+stress_new_pwd yes tells pam_sm_chauthtok that
+ pam_sm_acct_mgmt says we need a new
+ password
diff --git a/modules/pam_unix/.cvsignore b/modules/pam_unix/.cvsignore
index 454f7276..905ba473 100644
--- a/modules/pam_unix/.cvsignore
+++ b/modules/pam_unix/.cvsignore
@@ -9,4 +9,3 @@ bigcrypt
unix_chkpwd
README
pam_unix.8
-unix_chkpwd.8
diff --git a/modules/pam_unix/unix_chkpwd.8 b/modules/pam_unix/unix_chkpwd.8
new file mode 100644
index 00000000..02ccfe4a
--- /dev/null
+++ b/modules/pam_unix/unix_chkpwd.8
@@ -0,0 +1,80 @@
+.\" Copyright (C) 2003 International Business Machines Corporation
+.\" This file is distributed according to the GNU General Public License.
+.\" See the file COPYING in the top level source directory for details.
+.\"
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "UNIX_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual"
+.SH NAME
+unix_chkpwd \- helper binary that verifies the password of the current user
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+
+/sbin/unix_chkpwd [\fIusername\fR]
+.sp
+.ad
+.hy
+.SH "DESCRIPTION"
+.PP
+\fBunix_chkpwd\fR is a helper program for the pam_unix module that verifies
+the password of the current user. It is not intended to be run directly from
+the command line and logs a security violation if done so.
+
+It is typically installed setuid root or setgid shadow.
+
+.SH "OPTIONS"
+.PP
+unix_pwdchk optionally takes the following argument:
+.TP
+\fIusername\fR
+The username of the user whose password you want to check: this must match the current user id.
+
+.SH "INPUTS"
+.PP
+unix_pwdchk expects the following inputs via stdin:
+.TP
+\fIoption\fR
+Either nullok or nonull, depending on whether the user can have an empty password.
+.TP
+\fIpassword\fR
+The password to verify.
+
+.SH "RETURN CODES"
+.PP
+\fBunix_chkpwd\fR has the following return codes:
+.TP
+1
+unix_chkpwd was inappropriately called from the command line or the password is incorrect.
+
+.TP
+0
+The password is correct.
+
+.SH "HISTORY"
+Written by Andrew Morgan
+
+.SH "SEE ALSO"
+
+.PP
+\fBpam\fR(8)
+
+.SH AUTHOR
+Emily Ratliff.
+