11 files changed, 206 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index f75e6b40..4198a142 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,9 @@
-2008-01-07  Thorsten Kukuk <kukuk@thkukuk.de>
+2008-01-08  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* doc/man/Makefile.am: Fix manual page dependencies,
+	add hack for bug in xsl stylestheets.
+
+2008-01-07  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* po/it.po: Fix typos.
 	* po/de.po: Few new translations.
@@ -10,17 +15,22 @@
 	* po/sv.po: Update swedish translation [#1857531].
 	* modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
 	cut & paste error [#1863490].
- 
-2007-12-18  Thorsten Kukuk <kukuk@thkukuk.de>
+
+2008-01-02  Petteri Räty  <betelgeuse@gentoo.org>
+	* modules/pam_limits/limits.conf: document allowed values for
+	nice.
+	* modules/pam_limits/limits.conf.5.xml: Likewise.
+
+2007-12-18  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* README: Document how to run make check with static modules
 	(SF#1822779).
 
-2007-12-18  Peter Breitenlohner <peb@mppmu.mpg.de>
+2007-12-18  Peter Breitenlohner  <peb@mppmu.mpg.de>
 	* README: Document that "make check" requires a file
 	/etc/pam.d/other (SF#1822764).
 
-2007-12-12  Eamon Walsh <ewalsh@tycho.nsa.gov>
+2007-12-12  Eamon Walsh  <ewalsh@tycho.nsa.gov>
 
 	* doc/man/pam_item_types_ext.inc.xml: More appropriate wording
 	for PAM_XDISPLAY doc.
@@ -60,11 +70,11 @@
 	(check_account): Call _pam_parse(). Call pam_modutil_audit_write()
 	and pam_syslog() on login denials.
 
-2007-12-07  Luca Bruno <luca.br@uno.it>
+2007-12-07  Luca Bruno  <luca.br@uno.it>
 
 	* po/it.po: Updated translations.
 
-2007-12-06  Eamon Walsh <ewalsh@tycho.nsa.gov>
+2007-12-06  Eamon Walsh  <ewalsh@tycho.nsa.gov>
 
 	* libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
 	macro.
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 926f1ae5..ca8be05e 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,8 +1,9 @@
 #
-# Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
 #
 
 CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS)
 
 EXTRA_DIST = $(MANS) $(XMLS)
 
@@ -44,6 +45,10 @@ XMLS = pam.3.xml pam.8.xml \
 	pam_misc_setenv.3.xml
 
 if ENABLE_REGENERATE_MAN
+PAM.8: pam.8
+pam.d.5: pam.conf.5
+	test -f pam\\.d.5 && mv pam\\.d.5 pam.d.5
+
 pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
 pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
 pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml
diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf
index d3463638..5d5c3f70 100644
--- a/modules/pam_limits/limits.conf
+++ b/modules/pam_limits/limits.conf
@@ -33,7 +33,7 @@
 #        - locks - max number of file locks the user can hold
 #        - sigpending - max number of pending signals
 #        - msgqueue - max memory used by POSIX message queues (bytes)
-#        - nice - max nice priority allowed to raise to
+#        - nice - max nice priority allowed to raise to values: [-20, 19]
 #        - rtprio - max realtime priority
 #
 #<domain>      <type>  <item>         <value>
diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml
index 8983bee3..fb1fad27 100644
--- a/modules/pam_limits/limits.conf.5.xml
+++ b/modules/pam_limits/limits.conf.5.xml
@@ -214,7 +214,7 @@
             <varlistentry>
               <term><option>nice</option></term>
               <listitem>
-                <para>maximum nice priority allowed to raise to (Linux 2.6.12 and higher)</para>
+                <para>maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19]</para>
               </listitem>
             </varlistentry>
             <varlistentry>
diff --git a/modules/pam_selinux/.cvsignore b/modules/pam_selinux/.cvsignore
index 72174be1..08754fd5 100644
--- a/modules/pam_selinux/.cvsignore
+++ b/modules/pam_selinux/.cvsignore
@@ -9,4 +9,3 @@ Makefile.in
 pam_selinux_check
 README
 pam_selinux.8
-pam_selinux_check.8
diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am
index d11b507c..baf782a8 100644
--- a/modules/pam_selinux/Makefile.am
+++ b/modules/pam_selinux/Makefile.am
@@ -1,8 +1,9 @@
 #
-# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
 #
 
 CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
 
 EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \
 		tst-pam_selinux
diff --git a/modules/pam_selinux/pam_selinux_check.8 b/modules/pam_selinux/pam_selinux_check.8
new file mode 100644
index 00000000..d6fcdff1
--- /dev/null
+++ b/modules/pam_selinux/pam_selinux_check.8
@@ -0,0 +1,35 @@
+.TH pam_selinux_check 8 2002/05/23 "Red Hat Linux" "System Administrator's Manual"
+.SH NAME
+pam_selinux_check \- login program to test pam_selinux.so
+.SH SYNOPSIS
+.B pam_selinux_check [user]
+.br
+
+.SH DESCRIPTION
+With no arguments,
+.B pam_selinux_check
+will prompt for user
+
+.SH OPTIONS
+.IP target_user
+The user to login as.
+
+.SH DIAGNOSTICS
+You must setup a /etc/pam.d/pam_selinux_check file, in order for the check to work.
+
+When checking if a selinux is valid,
+.B pam_selinux_check
+returns an exit code of 0 for success and > 0 on error:
+
+.nf
+1: Authentication failure
+.fi
+
+.SH SEE ALSO
+pam_selinux(8)
+
+.SH BUGS
+Let's hope not, but if you find any, please email the author.  
+
+.SH AUTHOR
+Dan Walsh <dwalsh@redhat.com>
diff --git a/modules/pam_stress/.cvsignore b/modules/pam_stress/.cvsignore
index acf3f3bc..9fb98574 100644
--- a/modules/pam_stress/.cvsignore
+++ b/modules/pam_stress/.cvsignore
@@ -4,4 +4,3 @@
 .libs
 Makefile
 Makefile.in
-README
diff --git a/modules/pam_stress/README b/modules/pam_stress/README
new file mode 100644
index 00000000..e64bf2d3
--- /dev/null
+++ b/modules/pam_stress/README
@@ -0,0 +1,64 @@
+#
+# This describes the behavior of this module with respect to the
+# /etc/pam.conf file.
+#
+# writen by Andrew Morgan <morgan@parc.power.net>
+#
+
+This module recognizes the following arguments.
+
+debug		put lots of information in syslog.
+		*NOTE* this option writes passwords to syslog, so
+		don't use anything sensitive when testing.
+
+no_warn		don't give warnings about things (otherwise warnings are issued
+		via the conversation function)
+
+use_first_pass	don't prompt for a password, for pam_sm_authentication
+		function just use item PAM_AUTHTOK.
+
+try_first_pass	don't prompt for a password unless there has been no
+		previous authentication token (item PAM_AUTHTOK is NULL)
+
+rootok		This is intended for the pam_sm_chauthtok function and
+		it instructs this function to permit root to change
+		the user's password without entering the old password.
+
+The following arguments are acted on by the module. They are intended
+to make the module give the impression of failing as a fully
+functioning module might.
+
+expired 	an argument intended for the account and chauthtok module
+		parts. It instructs the module to act as if the user's
+		password has expired
+
+fail_1		this instructs the module to make its first function fail.
+
+fail_2		this instructs the module to make its second function (if there
+		is one) fail.
+
+		The function break up is indicated in the Module
+		Developers' Guide. Listed here it is:
+
+		service		function 1		function 2
+		-------		----------		----------
+		auth		pam_sm_authenticate	pam_sm_setcred
+		password	pam_sm_chauthtok
+		session		pam_sm_open_session	pam_sm_close_session
+		account		pam_sm_acct_mgmt
+
+prelim		for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK.
+
+required	for pam_sm_chauthtok, means fail if the user hasn't already
+		been authenticated by this module. (See stress_new_pwd data
+		item below.)
+
+#
+# data strings that this module uses are the following:
+#
+
+data name		value(s)	Comments
+---------		--------	--------
+stress_new_pwd		yes		tells pam_sm_chauthtok that
+					pam_sm_acct_mgmt says we need a new
+					password
diff --git a/modules/pam_unix/.cvsignore b/modules/pam_unix/.cvsignore
index 454f7276..905ba473 100644
--- a/modules/pam_unix/.cvsignore
+++ b/modules/pam_unix/.cvsignore
@@ -9,4 +9,3 @@ bigcrypt
 unix_chkpwd
 README
 pam_unix.8
-unix_chkpwd.8
diff --git a/modules/pam_unix/unix_chkpwd.8 b/modules/pam_unix/unix_chkpwd.8
new file mode 100644
index 00000000..02ccfe4a
--- /dev/null
+++ b/modules/pam_unix/unix_chkpwd.8
@@ -0,0 +1,80 @@
+.\" Copyright (C) 2003 International Business Machines Corporation
+.\" This file is distributed according to the GNU General Public License.
+.\" See the file COPYING in the top level source directory for details.
+.\"
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "UNIX_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual"
+.SH NAME
+unix_chkpwd \- helper binary that verifies the password of the current user
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+
+/sbin/unix_chkpwd [\fIusername\fR]
+.sp
+.ad
+.hy
+.SH "DESCRIPTION"
+.PP
+\fBunix_chkpwd\fR is a helper program for the pam_unix module that verifies 
+the password of the current user.  It is not intended to be run directly from 
+the command line and logs a security violation if done so. 
+
+It is typically installed setuid root or setgid shadow.
+
+.SH "OPTIONS"
+.PP
+unix_pwdchk optionally takes the following argument:
+.TP
+\fIusername\fR
+The username of the user whose password you want to check: this must match the current user id.	
+
+.SH "INPUTS"
+.PP
+unix_pwdchk expects the following inputs via stdin:
+.TP
+\fIoption\fR
+Either nullok or nonull, depending on whether the user can have an empty password.
+.TP
+\fIpassword\fR
+The password to verify.
+
+.SH "RETURN CODES"
+.PP
+\fBunix_chkpwd\fR has the following return codes:
+.TP
+1
+unix_chkpwd was inappropriately called from the command line or the password is incorrect.
+
+.TP
+0
+The password is correct.
+
+.SH "HISTORY"
+Written by Andrew Morgan
+
+.SH "SEE ALSO"
+
+.PP
+\fBpam\fR(8)
+
+.SH AUTHOR
+Emily Ratliff.
+