diff options
43 files changed, 1486 insertions, 182 deletions
@@ -1,3 +1,21 @@ +2006-06-19 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/pam.8.xml: Syntax cleanup. + * doc/pam/PAM.8: Regenerated from xml source. + * man/pam_sm_chauthtok.3: New. + * man/pam_sm_chauthtok.3.xml: New. + * man/pam_sm_close_session.3: New. + * man/pam_sm_close_session.3.xml: New. + * man/pam_sm_open_session.3: New. + * man/pam_sm_open_session.3.xml: New. + * man/pam_sm_authenticate.3: New. + * man/pam_sm_authenticate.3.xml: New. + * man/pam_sm_setcred.3: New. + * man/pam_sm_setcred.3.xml: New. + * man/Makefile.am: Add new pam_sm_* manual pages. + + * specs/Makefile.am: Fix rule to generate draft. + 2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally/Makefile.am: Include Make.xml.rules. diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index b7b510ae..3ce244a9 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -17,7 +17,9 @@ man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ pam_open_session.3 \ pam_prompt.3 pam_putenv.3 \ pam_set_data.3 pam_set_item.3 pam_syslog.3 \ - pam_setcred.3 pam_sm_acct_mgmt.3 pam_start.3 pam_strerror.3 \ + pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 \ + pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 \ + pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 \ pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 XMLS = pam.3.xml pam.8.xml \ pam_acct_mgmt.3.xml pam_authenticate.3.xml \ @@ -30,8 +32,10 @@ XMLS = pam.3.xml pam.8.xml \ pam_open_session.3.xml \ pam_prompt.3.xml pam_putenv.3.xml \ pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \ - pam_setcred.3.xml pam_sm_acct_mgmt.3.xml \ - pam_start.3.xml pam_strerror.3.xml \ + pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \ + pam_sm_close_session.3.xml pam_sm_open_session.3.xml \ + pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \ + pam_sm_chauthtok.3.xml \ pam_item_types.inc.xml if ENABLE_REGENERATE_MAN diff --git a/doc/man/PAM.8 b/doc/man/PAM.8 index 6f6dabc5..c693e268 100644 --- a/doc/man/PAM.8 +++ b/doc/man/PAM.8 @@ -1,11 +1,11 @@ .\" Title: pam .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM" "8" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -18,8 +18,9 @@ This manual is intended to offer a quick introduction to \fBLinux\-PAM\fR. For more information the reader is directed to the \fBLinux\-PAM system administrators' guide\fR. .PP + \fBLinux\-PAM\fR -Is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as +is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as \fBlogin\fR(1) and \fBsu\fR(1)) defer to to perform standard authentication tasks. @@ -29,8 +30,10 @@ The principal feature of the PAM approach is that the nature of the authenticati configuration file \fI/etc/pam.conf\fR. Alternatively, the configuration can be set by individual configuration files located in the \fI/etc/pam.d/\fR -directory. -\fIThe presence of this directory will cause \fR\fBLinux\-PAM\fR\fI to ignore\fR +directory. The presence of this directory will cause +\fBLinux\-PAM\fR +to +\fIignore\fR \fI/etc/pam.conf\fR. .PP From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the @@ -71,22 +74,16 @@ group. Some authentication mechanisms lend themselves well to being updated with \fBsession\fR management group is important as it provides both an opening and closing hook for modules to affect the services available to a user. .SH "FILES" -.PP +.TP 3n \fI/etc/pam.conf\fR -\- the configuration file - -\fI/etc/pam.d/\fR -\- the +the configuration file +.TP 3n +\fI/etc/pam.d\fR +the \fBLinux\-PAM\fR configuration directory. Generally, if this directory is present, the \fI/etc/pam.conf\fR file is ignored. - -\fI/lib/libpam.so.X\fR -\- the dynamic library - -\fI/lib/security/*.so\fR -\- the PAMs .SH "ERRORS" .PP Typically errors generated by the @@ -95,16 +92,12 @@ system of libraries, will be written to \fBsyslog\fR(3). .SH "CONFORMING TO" .PP -DCE\-RFC 86.0, October 1995. -Contains additional features, but remains backwardly compatible with this RFC. -.SH "BUGS" -.PP -None known. +DCE\-RFC 86.0, October 1995. Contains additional features, but remains backwardly compatible with this RFC. .SH "SEE ALSO" .PP -The three -\fBLinux\-PAM\fR -Guides, for -\fBsystem administrators\fR, -\fBmodule developers\fR, and -\fBapplication developers\fR. + +\fBpam\fR(3), +\fBpam_authenticate\fR(3), +\fBpam_sm_setcred\fR(3), +\fBpam_strerror\fR(3), +\fBPAM\fR(8) diff --git a/doc/man/pam.3 b/doc/man/pam.3 index 2f87cc21..2f355938 100644 --- a/doc/man/pam.3 +++ b/doc/man/pam.3 @@ -1,11 +1,11 @@ .\" Title: pam .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml index 90edca24..1267f01c 100644 --- a/doc/man/pam.8.xml +++ b/doc/man/pam.8.xml @@ -2,7 +2,7 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam'> +<refentry id='pam8'> <refmeta> <refentrytitle>pam</refentrytitle> @@ -10,46 +10,47 @@ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> </refmeta> - <refnamediv id='pam-name'> + <refnamediv id='pam8-name'> <refname>PAM</refname> <refname>pam</refname> <refpurpose>Pluggable Authentication Modules for Linux</refpurpose> </refnamediv> -<!-- body begins here --> - -<refsect1 id='description'><title>DESCRIPTION</title> -<para>This manual is intended to offer a quick introduction to -<emphasis remap='B'>Linux-PAM</emphasis>. -For more information the reader is directed to the -<emphasis remap='B'>Linux-PAM system administrators' guide</emphasis>.</para> - - -<para><emphasis remap='B'>Linux-PAM</emphasis> -Is a system of libraries that handle the authentication tasks of -applications (services) on the system. The library provides a stable -general interface (Application Programming Interface - API) that -privilege granting programs (such as -<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry> -and -<citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>) -defer to to perform standard authentication tasks.</para> - - -<para>The principal feature of the PAM approach is that the nature of the -authentication is dynamically configurable. In other words, the -system administrator is free to choose how individual -service-providing applications will authenticate users. This dynamic -configuration is set by the contents of the single -<emphasis remap='B'>Linux-PAM</emphasis> -configuration file -<filename>/etc/pam.conf</filename>. -Alternatively, the configuration can be set by individual -configuration files located in the -<filename>/etc/pam.d/</filename> -directory. -<emphasis remap='I'>The presence of this directory will cause </emphasis><emphasis remap='B'>Linux-PAM</emphasis><emphasis remap='I'> to ignore</emphasis> -<filename>/etc/pam.conf</filename><literal>.</literal></para> + <refsect1 id='pam8-description'> + <title>DESCRIPTION</title> + <para> + This manual is intended to offer a quick introduction to + <emphasis remap='B'>Linux-PAM</emphasis>. For more information + the reader is directed to the + <emphasis remap='B'>Linux-PAM system administrators' guide</emphasis>. + </para> + + <para> + <emphasis remap='B'>Linux-PAM</emphasis> is a system of libraries + that handle the authentication tasks of applications (services) on + the system. The library provides a stable general interface + (Application Programming Interface - API) that privilege granting + programs (such as <citerefentry> + <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> + </citerefentry> and <citerefentry> + <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>) defer to to perform standard authentication tasks. + </para> + + <para> + The principal feature of the PAM approach is that the nature of the + authentication is dynamically configurable. In other words, the + system administrator is free to choose how individual + service-providing applications will authenticate users. This dynamic + configuration is set by the contents of the single + <emphasis remap='B'>Linux-PAM</emphasis> configuration file + <filename>/etc/pam.conf</filename>. Alternatively, the configuration + can be set by individual configuration files located in the + <filename>/etc/pam.d/</filename> directory. The presence of this + directory will cause <emphasis remap='B'>Linux-PAM</emphasis> to + <emphasis remap='I'>ignore</emphasis> + <filename>/etc/pam.conf</filename>. + </para> <para>From the point of view of the system administrator, for whom this @@ -70,9 +71,9 @@ that perform the actual authentication tasks.</para> separates the tasks of <emphasis remap='I'>authentication</emphasis> into four independent management groups: -<emphasis remap='B'>account</emphasis> management; -<emphasis remap='B'>auth</emphasis>entication management; -<emphasis remap='B'>password</emphasis> management; +<emphasis remap='B'>account</emphasis> management; +<emphasis remap='B'>auth</emphasis>entication management; +<emphasis remap='B'>password</emphasis> management; and <emphasis remap='B'>session</emphasis> management. (We highlight the abbreviations used for these groups in the @@ -83,12 +84,12 @@ configuration file.)</para> user's request for a restricted service:</para> -<para><emphasis remap='B'>account</emphasis> - +<para><emphasis remap='B'>account</emphasis> - provide account verification types of service: has the user's password expired?; is this user permitted access to the requested service?</para> <!-- .br --> -<para><emphasis remap='B'>auth</emphasis>entication - +<para><emphasis remap='B'>auth</emphasis>entication - authenticate a user and set up user credentials. Typically this is via some challenge-response request that the user must satisfy: if you are who you claim to be please enter your password. Not all authentications @@ -99,7 +100,7 @@ approaches to authentication - such is the flexibility of <emphasis remap='B'>Linux-PAM</emphasis>.</para> <!-- .br --> -<para><emphasis remap='B'>password</emphasis> - +<para><emphasis remap='B'>password</emphasis> - this group's responsibility is the task of updating authentication mechanisms. Typically, such services are strongly coupled to those of the @@ -109,7 +110,7 @@ updated with such a function. Standard UN*X password-based access is the obvious example: please enter a replacement password.</para> <!-- .br --> -<para><emphasis remap='B'>session</emphasis> - +<para><emphasis remap='B'>session</emphasis> - this group of tasks cover things that should be done prior to a service being given and after it is withdrawn. Such tasks include the maintenance of audit trails and the mounting of the user's home @@ -120,52 +121,66 @@ closing hook for modules to affect the services available to a user.</para> </refsect1> -<refsect1 id='files'><title>FILES</title> -<para><filename>/etc/pam.conf</filename> - the configuration file -<!-- .br --> -<filename>/etc/pam.d/</filename> - the -<emphasis remap='B'>Linux-PAM</emphasis> -configuration directory. Generally, if this directory is present, the -<filename>/etc/pam.conf</filename> -file is ignored. -<!-- .br --> -<filename>/lib/libpam.so.X</filename> - the dynamic library -<!-- .br --> -<filename>/lib/security/*.so</filename> - the PAMs</para> - -</refsect1> - -<refsect1 id='errors'><title>ERRORS</title> -<para>Typically errors generated by the -<emphasis remap='B'>Linux-PAM</emphasis> -system of libraries, will be written to -<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> - -</refsect1> - -<refsect1 id='conforming_to'><title>CONFORMING TO</title> -<para>DCE-RFC 86.0, October 1995. -<!-- .br --> -Contains additional features, but remains backwardly compatible with -this RFC.</para> - -</refsect1> - -<refsect1 id='bugs'><title>BUGS</title> - - -<para>None known.</para> - -</refsect1> - -<refsect1 id='see_also'><title>SEE ALSO</title> -<para>The three -<emphasis remap='B'>Linux-PAM</emphasis> -Guides, for -<emphasis remap='B'>system administrators</emphasis>, -<emphasis remap='B'>module developers</emphasis>, -and -<emphasis remap='B'>application developers</emphasis>. </para> -</refsect1> + <refsect1 id='pam8-files'> + <title>FILES</title> + <variablelist> + <varlistentry> + <term><filename>/etc/pam.conf</filename></term> + <listitem> + <para>the configuration file</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/pam.d</filename></term> + <listitem> + <para> + the <emphasis remap='B'>Linux-PAM</emphasis> configuration + directory. Generally, if this directory is present, the + <filename>/etc/pam.conf</filename> file is ignored. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam8-errors'> + <title>ERRORS</title> + <para> + Typically errors generated by the + <emphasis remap='B'>Linux-PAM</emphasis> system of libraries, will + be written to <citerefentry> + <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>. + </para> + </refsect1> + + <refsect1 id='pam8-conforming_to'> + <title>CONFORMING TO</title> + <para> + DCE-RFC 86.0, October 1995. + Contains additional features, but remains backwardly compatible + with this RFC. + </para> + </refsect1> + + <refsect1 id='pam8-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> </refentry> - diff --git a/doc/man/pam.conf.5 b/doc/man/pam.conf.5 index b7308e66..fcedd7d7 100644 --- a/doc/man/pam.conf.5 +++ b/doc/man/pam.conf.5 @@ -1,11 +1,11 @@ .\" Title: pam.conf .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM.CONF" "5" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM.CONF" "5" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_acct_mgmt.3 b/doc/man/pam_acct_mgmt.3 index fd1fa110..e645fc28 100644 --- a/doc/man/pam_acct_mgmt.3 +++ b/doc/man/pam_acct_mgmt.3 @@ -1,11 +1,11 @@ .\" Title: pam_acct_mgmt .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_ACCT_MGMT" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_ACCT_MGMT" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_authenticate.3 b/doc/man/pam_authenticate.3 index e6eb6d94..b0ee29df 100644 --- a/doc/man/pam_authenticate.3 +++ b/doc/man/pam_authenticate.3 @@ -1,11 +1,11 @@ .\" Title: pam_authenticate .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_AUTHENTICATE" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_AUTHENTICATE" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_chauthtok.3 b/doc/man/pam_chauthtok.3 index 2fbd4510..0ae9c1db 100644 --- a/doc/man/pam_chauthtok.3 +++ b/doc/man/pam_chauthtok.3 @@ -1,11 +1,11 @@ .\" Title: pam_chauthtok .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_CHAUTHTOK" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_CHAUTHTOK" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_close_session.3 b/doc/man/pam_close_session.3 index 3c68cc69..3f291ec2 100644 --- a/doc/man/pam_close_session.3 +++ b/doc/man/pam_close_session.3 @@ -1,11 +1,11 @@ .\" Title: pam_close_session .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_CLOSE_SESSION" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_CLOSE_SESSION" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_conv.3 b/doc/man/pam_conv.3 index ef595844..cada5a57 100644 --- a/doc/man/pam_conv.3 +++ b/doc/man/pam_conv.3 @@ -1,11 +1,11 @@ .\" Title: pam_conv .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_CONV" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_CONV" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_end.3 b/doc/man/pam_end.3 index c85b5a41..02665a22 100644 --- a/doc/man/pam_end.3 +++ b/doc/man/pam_end.3 @@ -1,11 +1,11 @@ .\" Title: pam_end .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_END" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_END" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_error.3 b/doc/man/pam_error.3 index 4c3cb755..57e9646b 100644 --- a/doc/man/pam_error.3 +++ b/doc/man/pam_error.3 @@ -1,11 +1,11 @@ .\" Title: pam_error .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_ERROR" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_ERROR" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_fail_delay.3 b/doc/man/pam_fail_delay.3 index df93e1bf..3f874909 100644 --- a/doc/man/pam_fail_delay.3 +++ b/doc/man/pam_fail_delay.3 @@ -1,11 +1,11 @@ .\" Title: pam_fail_delay .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_FAIL_DELAY" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_FAIL_DELAY" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_get_data.3 b/doc/man/pam_get_data.3 index f3266984..a4923678 100644 --- a/doc/man/pam_get_data.3 +++ b/doc/man/pam_get_data.3 @@ -1,11 +1,11 @@ .\" Title: pam_get_data .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_GET_DATA" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_GET_DATA" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3 index 0c4235a8..4601b766 100644 --- a/doc/man/pam_get_item.3 +++ b/doc/man/pam_get_item.3 @@ -1,11 +1,11 @@ .\" Title: pam_get_item .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_GET_ITEM" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_GET_ITEM" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_get_user.3 b/doc/man/pam_get_user.3 index 20d1017d..a412c086 100644 --- a/doc/man/pam_get_user.3 +++ b/doc/man/pam_get_user.3 @@ -1,11 +1,11 @@ .\" Title: pam_get_user .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_GET_USER" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_GET_USER" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_getenv.3 b/doc/man/pam_getenv.3 index e8cb5960..2876b400 100644 --- a/doc/man/pam_getenv.3 +++ b/doc/man/pam_getenv.3 @@ -1,11 +1,11 @@ .\" Title: pam_getenv .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_GETENV" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_GETENV" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_getenvlist.3 b/doc/man/pam_getenvlist.3 index eb832974..172e3f60 100644 --- a/doc/man/pam_getenvlist.3 +++ b/doc/man/pam_getenvlist.3 @@ -1,11 +1,11 @@ .\" Title: pam_getenvlist .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_GETENVLIST" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_GETENVLIST" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_info.3 b/doc/man/pam_info.3 index ca9fc5c8..afd2340c 100644 --- a/doc/man/pam_info.3 +++ b/doc/man/pam_info.3 @@ -1,11 +1,11 @@ .\" Title: pam_info .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_INFO" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_INFO" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_open_session.3 b/doc/man/pam_open_session.3 index 7e124c04..8e521e6d 100644 --- a/doc/man/pam_open_session.3 +++ b/doc/man/pam_open_session.3 @@ -1,11 +1,11 @@ .\" Title: pam_open_session .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_OPEN_SESSION" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_OPEN_SESSION" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_prompt.3 b/doc/man/pam_prompt.3 index 35da4aa1..2adf60aa 100644 --- a/doc/man/pam_prompt.3 +++ b/doc/man/pam_prompt.3 @@ -1,11 +1,11 @@ .\" Title: pam_prompt .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_PROMPT" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_PROMPT" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_putenv.3 b/doc/man/pam_putenv.3 index 618e411a..95fa06a4 100644 --- a/doc/man/pam_putenv.3 +++ b/doc/man/pam_putenv.3 @@ -1,11 +1,11 @@ .\" Title: pam_putenv .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_PUTENV" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_PUTENV" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_set_data.3 b/doc/man/pam_set_data.3 index c7dd1abc..bf25d0a4 100644 --- a/doc/man/pam_set_data.3 +++ b/doc/man/pam_set_data.3 @@ -1,11 +1,11 @@ .\" Title: pam_set_data .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_SET_DATA" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_SET_DATA" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_set_item.3 b/doc/man/pam_set_item.3 index 01b2d7c9..0601dcd6 100644 --- a/doc/man/pam_set_item.3 +++ b/doc/man/pam_set_item.3 @@ -1,11 +1,11 @@ .\" Title: pam_set_item .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_SET_ITEM" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_SET_ITEM" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_setcred.3 b/doc/man/pam_setcred.3 index 4c585f37..b1e54c5d 100644 --- a/doc/man/pam_setcred.3 +++ b/doc/man/pam_setcred.3 @@ -1,11 +1,11 @@ .\" Title: pam_setcred .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_SETCRED" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_SETCRED" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_sm_acct_mgmt.3 b/doc/man/pam_sm_acct_mgmt.3 index 825a6d03..812fb1a5 100644 --- a/doc/man/pam_sm_acct_mgmt.3 +++ b/doc/man/pam_sm_acct_mgmt.3 @@ -1,24 +1,24 @@ .\" Title: pam_sm_acct_mgmt .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_SM_ACCT_MGMT" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_SM_ACCT_MGMT" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .SH "NAME" -pam_sm_acct_mgmt \- PAM service module for account management +pam_sm_acct_mgmt \- PAM service function for account management .SH "SYNOPSIS" .sp -.RS 3n +.ft B .nf #define PAM_SM_ACCOUNT .fi -.RE +.ft .sp .ft B .nf @@ -48,7 +48,7 @@ Return \fBPAM_AUTH_ERR\fR if the database of authentication tokens for this authentication mechanism has a \fINULL\fR -entry for the user +entry for the user. .SH "RETURN VALUES" .TP 3n PAM_ACCT_EXPIRED diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml index ea07ba3d..694c2671 100644 --- a/doc/man/pam_sm_acct_mgmt.3.xml +++ b/doc/man/pam_sm_acct_mgmt.3.xml @@ -10,14 +10,14 @@ <refnamediv id="pam_sm_acct_mgmt-name"> <refname>pam_sm_acct_mgmt</refname> - <refpurpose>PAM service module for account management</refpurpose> + <refpurpose>PAM service function for account management</refpurpose> </refnamediv> <!-- body begins here --> <refsynopsisdiv id='pam_sm_acct_mgmt-synopsis'> - <programlisting>#define PAM_SM_ACCOUNT</programlisting> <funcsynopsis> + <funcsynopsisinfo>#define PAM_SM_ACCOUNT</funcsynopsisinfo> <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> <funcprototype> <funcdef>PAM_EXTERN int <function>pam_sm_acct_mgmt</function></funcdef> @@ -67,7 +67,7 @@ <para> Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the database of authentication tokens for this authentication - mechanism has a <emphasis>NULL</emphasis> entry for the user + mechanism has a <emphasis>NULL</emphasis> entry for the user. </para> </listitem> </varlistentry> diff --git a/doc/man/pam_sm_authenticate.3 b/doc/man/pam_sm_authenticate.3 new file mode 100644 index 00000000..38cecec7 --- /dev/null +++ b/doc/man/pam_sm_authenticate.3 @@ -0,0 +1,80 @@ +.\" Title: pam_sm_authenticate +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Date: 06/19/2006 +.\" Manual: Linux\-PAM Manual +.\" Source: Linux\-PAM Manual +.\" +.TH "PAM_SM_AUTHENTICATE" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_sm_authenticate \- PAM service function for user authentication +.SH "SYNOPSIS" +.sp +.ft B +.nf +#define PAM_SM_AUTH +.fi +.ft +.sp +.ft B +.nf +#include <security/pam_modules.h> +.fi +.ft +.HP 35 +.BI "PAM_EXTERN int pam_sm_authenticate(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_sm_authenticate\fR +function is the service module's implementation of the +\fBpam_authenticate\fR(3) +interface. +.PP +This function performs the task of authenticating the user. +.PP +Valid flags, which may be logically OR'd with +\fIPAM_SILENT\fR, are: +.TP 3n +PAM_SILENT +Do not emit any messages. +.TP 3n +PAM_DISALLOW_NULL_AUTHTOK +Return +\fBPAM_AUTH_ERR\fR +if the database of authentication tokens for this authentication mechanism has a +\fINULL\fR +entry for the user. Without this flag, such a +\fINULL\fR +token will lead to a success without the user being prompted. +.SH "RETURN VALUES" +.TP 3n +PAM_AUTH_ERR +Authentication failure. +.TP 3n +PAM_CRED_INSUFFICIENT +For some reason the application does not have sufficient credentials to authenticate the user. +.TP 3n +PAM_AUTHINFO_UNAVAIL +The modules were not able to access the authentication information. This might be due to a network or hardware failure etc. +.TP 3n +PAM_SUCCESS +The authentication token was successfully updated. +.TP 3n +PAM_USER_UNKNOWN +The supplied username is not known to the authentication service. +.TP 3n +PAM_MAXTRIES +One or more of the authentication modules has reached its limit of tries authenticating the user. Do not try again. +.SH "SEE ALSO" +.PP + +\fBpam\fR(3), +\fBpam_authenticate\fR(3), +\fBpam_sm_setcred\fR(3), +\fBpam_strerror\fR(3), +\fBPAM\fR(8) diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml new file mode 100644 index 00000000..ca74c315 --- /dev/null +++ b/doc/man/pam_sm_authenticate.3.xml @@ -0,0 +1,152 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_authenticate'> + <refmeta> + <refentrytitle>pam_sm_authenticate</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_authenticate-name"> + <refname>pam_sm_authenticate</refname> + <refpurpose>PAM service function for user authentication</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv id='pam_sm_authenticate-synopsis'> + <funcsynopsis> + <funcsynopsisinfo>#define PAM_SM_AUTH</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>PAM_EXTERN int <function>pam_sm_authenticate</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_authenticate-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_authenticate</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function performs the task of authenticating the user. + </para> + <para> + Valid flags, which may be logically OR'd with + <emphasis>PAM_SILENT</emphasis>, are: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_DISALLOW_NULL_AUTHTOK</term> + <listitem> + <para> + Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the + database of authentication tokens for this authentication + mechanism has a <emphasis>NULL</emphasis> entry for the user. + Without this flag, such a <emphasis>NULL</emphasis> token + will lead to a success without the user being prompted. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_sm_authenticate-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_AUTH_ERR</term> + <listitem> + <para> + Authentication failure. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_INSUFFICIENT</term> + <listitem> + <para> + For some reason the application does not have sufficient + credentials to authenticate the user. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHINFO_UNAVAIL</term> + <listitem> + <para> + The modules were not able to access the authentication + information. This might be due to a network or hardware + failure etc. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The authentication token was successfully updated. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + The supplied username is not known to the authentication + service. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_MAXTRIES</term> + <listitem> + <para> + One or more of the authentication modules has reached its + limit of tries authenticating the user. Do not try again. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_sm_authenticate-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> diff --git a/doc/man/pam_sm_chauthtok.3 b/doc/man/pam_sm_chauthtok.3 new file mode 100644 index 00000000..2ba49920 --- /dev/null +++ b/doc/man/pam_sm_chauthtok.3 @@ -0,0 +1,97 @@ +.\" Title: pam_sm_chauthtok +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Date: 06/19/2006 +.\" Manual: Linux\-PAM Manual +.\" Source: Linux\-PAM Manual +.\" +.TH "PAM_SM_CHAUTHTOK" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_sm_chauthtok \- PAM service function for account management +.SH "SYNOPSIS" +.sp +.ft B +.nf +#define PAM_SM_PASSWORD +.fi +.ft +.sp +.ft B +.nf +#include <security/pam_modules.h> +.fi +.ft +.HP 32 +.BI "PAM_EXTERN int pam_sm_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_sm_chauthtok\fR +function is the service module's implementation of the +\fBpam_chauthtok\fR(3) +interface. +.PP +This function is used to (re\-)set the authentication token of the user. +.PP +Valid flags, which may be logically OR'd with +\fIPAM_SILENT\fR, are: +.TP 3n +PAM_SILENT +Do not emit any messages. +.TP 3n +PAM_CHANGE_EXPIRED_AUTHTOK +This argument indicates to the module that the users authentication token (password) should only be changed if it has expired. This flag is optional and +\fImust\fR +be combined with one of the following two flags. Note, however, the following two options are +\fImutually exclusive\fR. +.TP 3n +PAM_PRELIM_CHECK +This indicates that the modules are being probed as to their ready status for altering the user's authentication token. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag. If a module cannot establish it is ready to update the user's authentication token it should return +\fBPAM_TRY_AGAIN\fR, this information will be passed back to the application. +.TP 3n +PAM_UPDATE_AUTHTOK +This informs the module that this is the call it should change the authorization tokens. If the flag is logically OR'd with +\fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired. +.PP +The PAM library calls this function twice in succession. The first time with +\fBPAM_PRELIM_CHECK\fR +and then, if the module does not return +\fBPAM_TRY_AGAIN\fR, subsequently with +\fBPAM_UPDATE_AUTHTOK\fR. It is only on the second call that the authorization token is (possibly) changed. +.SH "RETURN VALUES" +.TP 3n +PAM_AUTHTOK_ERR +The module was unable to obtain the new authentication token. +.TP 3n +PAM_AUTHTOK_RECOVERY_ERR +The module was unable to obtain the old authentication token. +.TP 3n +PAM_AUTHTOK_LOCK_BUSY +Cannot change the authentication token since it is currently locked. +.TP 3n +PAM_AUTHTOK_DISABLE_AGING +Authentication token aging has been disabled. +.TP 3n +PAM_PERM_DENIED +Permission denied. +.TP 3n +PAM_TRY_AGAIN +Preliminary check was unsuccessful. Signals an immediate return to the application is desired. +.TP 3n +PAM_SUCCESS +The authentication token was successfully updated. +.TP 3n +PAM_USER_UNKNOWN +User unknown to password service. +.SH "SEE ALSO" +.PP + +\fBpam\fR(3), +\fBpam_chauthtok\fR(3), +\fBpam_sm_chauthtok\fR(3), +\fBpam_strerror\fR(3), +\fBPAM\fR(8) diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml new file mode 100644 index 00000000..4d2bd3fe --- /dev/null +++ b/doc/man/pam_sm_chauthtok.3.xml @@ -0,0 +1,200 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_chauthtok'> + <refmeta> + <refentrytitle>pam_sm_chauthtok</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_chauthtok-name"> + <refname>pam_sm_chauthtok</refname> + <refpurpose>PAM service function for account management</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv id='pam_sm_chauthtok-synopsis'> + <funcsynopsis> + <funcsynopsisinfo>#define PAM_SM_PASSWORD</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>PAM_EXTERN int <function>pam_sm_chauthtok</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_chauthtok-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_chauthtok</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function is used to (re-)set the authentication token of the user. + </para> + <para> + Valid flags, which may be logically OR'd with + <emphasis>PAM_SILENT</emphasis>, are: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CHANGE_EXPIRED_AUTHTOK</term> + <listitem> + <para> + This argument indicates to the module that the users + authentication token (password) should only be changed if + it has expired. This flag is optional and + <emphasis>must</emphasis> be combined with one of the + following two flags. Note, however, the following two options + are <emphasis>mutually exclusive</emphasis>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_PRELIM_CHECK</term> + <listitem> + <para> + This indicates that the modules are being probed as to + their ready status for altering the user's authentication + token. If the module requires access to another system over + some network it should attempt to verify it can connect to + this system on receiving this flag. If a module cannot establish + it is ready to update the user's authentication token it should + return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this + information will be passed back to the application. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_UPDATE_AUTHTOK</term> + <listitem> + <para> + This informs the module that this is the call it should change + the authorization tokens. If the flag is logically OR'd with + <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the + token is only changed if it has actually expired. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + The PAM library calls this function twice in succession. The first + time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then, + if the module does not return + <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with + <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on + the second call that the authorization token is (possibly) changed. + </para> + </refsect1> + + <refsect1 id="pam_sm_chauthtok-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_AUTHTOK_ERR</term> + <listitem> + <para> + The module was unable to obtain the new authentication token. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_RECOVERY_ERR</term> + <listitem> + <para> + The module was unable to obtain the old authentication token. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_LOCK_BUSY</term> + <listitem> + <para> + Cannot change the authentication token since it is currently + locked. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_DISABLE_AGING</term> + <listitem> + <para> + Authentication token aging has been disabled. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_PERM_DENIED</term> + <listitem> + <para> + Permission denied. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_TRY_AGAIN</term> + <listitem> + <para> + Preliminary check was unsuccessful. Signals an immediate + return to the application is desired. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The authentication token was successfully updated. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User unknown to password service. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_sm_chauthtok-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> diff --git a/doc/man/pam_sm_chauthtok.3.xml~ b/doc/man/pam_sm_chauthtok.3.xml~ new file mode 100644 index 00000000..694c2671 --- /dev/null +++ b/doc/man/pam_sm_chauthtok.3.xml~ @@ -0,0 +1,155 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_acct_mgmt'> + <refmeta> + <refentrytitle>pam_sm_acct_mgmt</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_acct_mgmt-name"> + <refname>pam_sm_acct_mgmt</refname> + <refpurpose>PAM service function for account management</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv id='pam_sm_acct_mgmt-synopsis'> + <funcsynopsis> + <funcsynopsisinfo>#define PAM_SM_ACCOUNT</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>PAM_EXTERN int <function>pam_sm_acct_mgmt</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_acct_mgmt-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_acct_mgmt</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function performs the task of establishing whether the user is + permitted to gain access at this time. It should be understood that + the user has previously been validated by an authentication + module. This function checks for other things. Such things might be: + the time of day or the date, the terminal line, remote hostname, etc. + This function may also determine things like the expiration on + passwords, and respond that the user change it before continuing. + </para> + <para> + Valid flags, which may be logically OR'd with + <emphasis>PAM_SILENT</emphasis>, are: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_DISALLOW_NULL_AUTHTOK</term> + <listitem> + <para> + Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the + database of authentication tokens for this authentication + mechanism has a <emphasis>NULL</emphasis> entry for the user. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_sm_acct_mgmt-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_ACCT_EXPIRED</term> + <listitem> + <para> + User account has expired. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTH_ERR</term> + <listitem> + <para> + Authentication failure. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_NEW_AUTHTOK_REQD</term> + <listitem> + <para> + The user's authentication token has expired. Before calling + this function again the application will arrange for a new + one to be given. This will likely result in a call to + <function>pam_sm_chauthtok()</function>. + + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_PERM_DENIED</term> + <listitem> + <para> + Permission denied. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The authentication token was successfully updated. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User unknown to password service. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_sm_acct_mgmt-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> diff --git a/doc/man/pam_sm_close_session.3 b/doc/man/pam_sm_close_session.3 new file mode 100644 index 00000000..27fc4d35 --- /dev/null +++ b/doc/man/pam_sm_close_session.3 @@ -0,0 +1,58 @@ +.\" Title: pam_sm_close_session +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Date: 06/19/2006 +.\" Manual: Linux\-PAM Manual +.\" Source: Linux\-PAM Manual +.\" +.TH "PAM_SM_CLOSE_SESSION" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_sm_close_session \- PAM service function for session management +.SH "SYNOPSIS" +.sp +.ft B +.nf +#define PAM_SM_SESSION +.fi +.ft +.sp +.ft B +.nf +#include <security/pam_modules.h> +.fi +.ft +.HP 36 +.BI "PAM_EXTERN int pam_sm_close_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_sm_close_session\fR +function is the service module's implementation of the +\fBpam_close_session\fR(3) +interface. +.PP +This function is called to terminate a session. The only valid value for +\fIflags\fR +is zero or: +.TP 3n +PAM_SILENT +Do not emit any messages. +.SH "RETURN VALUES" +.TP 3n +PAM_SESSION_ERR +Cannot make/remove an entry for the specified session. +.TP 3n +PAM_SUCCESS +The session was successfully terminated. +.SH "SEE ALSO" +.PP + +\fBpam\fR(3), +\fBpam_close_session\fR(3), +\fBpam_sm_close_session\fR(3), +\fBpam_strerror\fR(3), +\fBPAM\fR(8) diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml new file mode 100644 index 00000000..b63549f6 --- /dev/null +++ b/doc/man/pam_sm_close_session.3.xml @@ -0,0 +1,100 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-close.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_close_session'> + <refmeta> + <refentrytitle>pam_sm_close_session</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_close_session-name"> + <refname>pam_sm_close_session</refname> + <refpurpose>PAM service function for session management</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv id='pam_sm_close_session-synopsis'> + <funcsynopsis> + <funcsynopsisinfo>#define PAM_SM_SESSION</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>PAM_EXTERN int <function>pam_sm_close_session</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_close_session-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_close_session</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function is called to terminate a session. The only valid + value for <varname role='parameter'>flags</varname> is zero or: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_sm_close_session-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_SESSION_ERR</term> + <listitem> + <para> + Cannot make/remove an entry for the specified session. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The session was successfully terminated. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_sm_close_session-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_close_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> diff --git a/doc/man/pam_sm_open_session.3 b/doc/man/pam_sm_open_session.3 new file mode 100644 index 00000000..e319062a --- /dev/null +++ b/doc/man/pam_sm_open_session.3 @@ -0,0 +1,58 @@ +.\" Title: pam_sm_open_session +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Date: 06/19/2006 +.\" Manual: Linux\-PAM Manual +.\" Source: Linux\-PAM Manual +.\" +.TH "PAM_SM_OPEN_SESSION" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_sm_open_session \- PAM service function for session management +.SH "SYNOPSIS" +.sp +.ft B +.nf +#define PAM_SM_SESSION +.fi +.ft +.sp +.ft B +.nf +#include <security/pam_modules.h> +.fi +.ft +.HP 35 +.BI "PAM_EXTERN int pam_sm_open_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_sm_open_session\fR +function is the service module's implementation of the +\fBpam_open_session\fR(3) +interface. +.PP +This function is called to commence a session. The only valid value for +\fIflags\fR +is zero or: +.TP 3n +PAM_SILENT +Do not emit any messages. +.SH "RETURN VALUES" +.TP 3n +PAM_SESSION_ERR +Cannot make/remove an entry for the specified session. +.TP 3n +PAM_SUCCESS +The session was successfully started. +.SH "SEE ALSO" +.PP + +\fBpam\fR(3), +\fBpam_open_session\fR(3), +\fBpam_sm_close_session\fR(3), +\fBpam_strerror\fR(3), +\fBPAM\fR(8) diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml new file mode 100644 index 00000000..1fa129b7 --- /dev/null +++ b/doc/man/pam_sm_open_session.3.xml @@ -0,0 +1,100 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_open_session'> + <refmeta> + <refentrytitle>pam_sm_open_session</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_open_session-name"> + <refname>pam_sm_open_session</refname> + <refpurpose>PAM service function for session management</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv id='pam_sm_open_session-synopsis'> + <funcsynopsis> + <funcsynopsisinfo>#define PAM_SM_SESSION</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>PAM_EXTERN int <function>pam_sm_open_session</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_open_session-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_open_session</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function is called to commence a session. The only valid + value for <varname role='parameter'>flags</varname> is zero or: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_sm_open_session-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_SESSION_ERR</term> + <listitem> + <para> + Cannot make/remove an entry for the specified session. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The session was successfully started. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_sm_open_session-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_close_session</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> diff --git a/doc/man/pam_sm_setcred.3 b/doc/man/pam_sm_setcred.3 new file mode 100644 index 00000000..c399d64d --- /dev/null +++ b/doc/man/pam_sm_setcred.3 @@ -0,0 +1,95 @@ +.\" Title: pam_sm_setcred +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Date: 06/19/2006 +.\" Manual: Linux\-PAM Manual +.\" Source: Linux\-PAM Manual +.\" +.TH "PAM_SM_SETCRED" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_sm_setcred \- PAM service function to alter credentials +.SH "SYNOPSIS" +.sp +.ft B +.nf +#define PAM_SM_AUTH +.fi +.ft +.sp +.ft B +.nf +#include <security/pam_modules.h> +.fi +.ft +.HP 30 +.BI "PAM_EXTERN int pam_sm_setcred(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_sm_setcred\fR +function is the service module's implementation of the +\fBpam_setcred\fR(3) +interface. +.PP +This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme. Generally, an authentication module may have access to more information about a user than their authentication token. This function is used to make such information available to the application. It should only be called +\fIafter\fR +the user has been authenticated but before a session has been established. +.PP +Valid flags, which may be logically OR'd with +\fIPAM_SILENT\fR, are: +.TP 3n +PAM_SILENT +Do not emit any messages. +.TP 3n +PAM_DELETE_CRED +Delete the credentials associated with the authentication service. +.TP 3n +PAM_REINITIALIZE_CRED +Reinitialize the user credentials. +.TP 3n +PAM_REFRESH_CRED +Extend the lifetime of the user credentials. +.PP +The way the +\fBauth\fR +stack is navigated in order to evaluate the +\fBpam_setcred\fR() function call, independent of the +\fBpam_sm_setcred\fR() return codes, is exactly the same way that it was navigated when evaluating the +\fBpam_authenticate\fR() library call. Typically, if a stack entry was ignored in evaluating +\fBpam_authenticate\fR(), it will be ignored when libpam evaluates the +\fBpam_setcred\fR() function call. Otherwise, the return codes from each module specific +\fBpam_sm_setcred\fR() call are treated as +\fBrequired\fR. +.SH "RETURN VALUES" +.TP 3n +PAM_CRED_UNAVAIL +This module cannot retrieve the user's credentials. +.TP 3n +PAM_CRED_EXPIRED +The user's credentials have expired. +.TP 3n +PAM_CRED_ERR +This module was unable to set the credentials of the user. +.TP 3n +PAM_SUCCESS +The user credential was successfully set. +.TP 3n +PAM_USER_UNKNOWN +The user is not known to this authentication module. +.PP +These, non\-\fIPAM_SUCCESS\fR, return values will typically lead to the credential stack +\fIfailing\fR. The first such error will dominate in the return value of +\fBpam_setcred\fR(). +.SH "SEE ALSO" +.PP + +\fBpam\fR(3), +\fBpam_authenticate\fR(3), +\fBpam_setcred\fR(3), +\fBpam_sm_authenticate\fR(3), +\fBpam_strerror\fR(3), +\fBPAM\fR(8) diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml new file mode 100644 index 00000000..10e2edbb --- /dev/null +++ b/doc/man/pam_sm_setcred.3.xml @@ -0,0 +1,179 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> +<refentry id='pam_sm_setcred'> + <refmeta> + <refentrytitle>pam_sm_setcred</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_sm_setcred-name"> + <refname>pam_sm_setcred</refname> + <refpurpose>PAM service function to alter credentials</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv id='pam_sm_setcred-synopsis'> + <funcsynopsis> + <funcsynopsisinfo>#define PAM_SM_AUTH</funcsynopsisinfo> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>PAM_EXTERN int <function>pam_sm_setcred</function></funcdef> + <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>int <parameter>flags</parameter></paramdef> + <paramdef>int <parameter>argc</parameter></paramdef> + <paramdef>const char **<parameter>argv</parameter></paramdef> + </funcprototype> + </funcsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_sm_setcred-description'> + <title>DESCRIPTION</title> + <para> + The <function>pam_sm_setcred</function> function is the service + module's implementation of the + <citerefentry> + <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> interface. + </para> + <para> + This function performs the task of altering the credentials of the + user with respect to the corresponding authorization + scheme. Generally, an authentication module may have access to more + information about a user than their authentication token. This + function is used to make such information available to the + application. It should only be called <emphasis>after</emphasis> the + user has been authenticated but before a session has been established. + </para> + <para> + Valid flags, which may be logically OR'd with + <emphasis>PAM_SILENT</emphasis>, are: + </para> + <variablelist> + <varlistentry> + <term>PAM_SILENT</term> + <listitem> + <para> + Do not emit any messages. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_DELETE_CRED</term> + <listitem> + <para> + Delete the credentials associated with the authentication service. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_REINITIALIZE_CRED</term> + <listitem> + <para> + Reinitialize the user credentials. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_REFRESH_CRED</term> + <listitem> + <para> + Extend the lifetime of the user credentials. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + The way the <emphasis remap='B'>auth</emphasis> stack is + navigated in order to evaluate the <function>pam_setcred</function>() + function call, independent of the <function>pam_sm_setcred</function>() + return codes, is exactly the same way that it was navigated when + evaluating the <function>pam_authenticate</function>() library + call. Typically, if a stack entry was ignored in evaluating + <function>pam_authenticate</function>(), it will be ignored when + libpam evaluates the <function>pam_setcred</function>() function + call. Otherwise, the return codes from each module specific + <function>pam_sm_setcred</function>() call are treated as + <emphasis remap='B'>required</emphasis>. + </para> + </refsect1> + + <refsect1 id="pam_sm_setcred-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_CRED_UNAVAIL</term> + <listitem> + <para> + This module cannot retrieve the user's credentials. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_EXPIRED</term> + <listitem> + <para> + The user's credentials have expired. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_ERR</term> + <listitem> + <para> + This module was unable to set the credentials of the user. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The user credential was successfully set. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + The user is not known to this authentication module. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + These, non-<emphasis>PAM_SUCCESS</emphasis>, return values will + typically lead to the credential stack <emphasis>failing</emphasis>. + The first such error will dominate in the return value of + <function>pam_setcred</function>(). + </para> + </refsect1> + + <refsect1 id='pam_sm_setcred-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> diff --git a/doc/man/pam_start.3 b/doc/man/pam_start.3 index 61c36548..74c47076 100644 --- a/doc/man/pam_start.3 +++ b/doc/man/pam_start.3 @@ -1,11 +1,11 @@ .\" Title: pam_start .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_START" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_START" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_strerror.3 b/doc/man/pam_strerror.3 index 95c9adff..3935097f 100644 --- a/doc/man/pam_strerror.3 +++ b/doc/man/pam_strerror.3 @@ -1,11 +1,11 @@ .\" Title: pam_strerror .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_STRERROR" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_STRERROR" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/man/pam_syslog.3 b/doc/man/pam_syslog.3 index 6d9ea560..2365bb8a 100644 --- a/doc/man/pam_syslog.3 +++ b/doc/man/pam_syslog.3 @@ -1,11 +1,11 @@ .\" Title: pam_syslog .\" Author: .\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> -.\" Date: 06/02/2006 +.\" Date: 06/19/2006 .\" Manual: Linux\-PAM Manual .\" Source: Linux\-PAM Manual .\" -.TH "PAM_SYSLOG" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_SYSLOG" "3" "06/19/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am index e3e3f3f9..53641678 100644 --- a/doc/specs/Makefile.am +++ b/doc/specs/Makefile.am @@ -6,10 +6,10 @@ CLEANFILES = draft-morgan-pam-current.txt *~ EXTRA_DIST = draft-morgan-pam.raw std-agent-id.raw rfc86.0.txt -all: spec +all: draft-morgan-pam-current.txt test -f rfc86.0.txt || cp -p $(srcdir)/rfc86.0.txt . -spec: padout draft-morgan-pam.raw +draft-morgan-pam-current.txt: padout draft-morgan-pam.raw ./padout < $(srcdir)/draft-morgan-pam.raw > draft-morgan-pam-current.txt noinst_PROGRAMS = padout |