diff options
Diffstat (limited to 'Linux-PAM/modules/pam_keyinit/pam_keyinit.8.xml')
-rw-r--r-- | Linux-PAM/modules/pam_keyinit/pam_keyinit.8.xml | 241 |
1 files changed, 0 insertions, 241 deletions
diff --git a/Linux-PAM/modules/pam_keyinit/pam_keyinit.8.xml b/Linux-PAM/modules/pam_keyinit/pam_keyinit.8.xml deleted file mode 100644 index c7dddf54..00000000 --- a/Linux-PAM/modules/pam_keyinit/pam_keyinit.8.xml +++ /dev/null @@ -1,241 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_keyinit"> - - <refmeta> - <refentrytitle>pam_keyinit</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_keyinit-name"> - <refname>pam_keyinit</refname> - <refpurpose>Kernel session keyring initialiser module</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_keyinit-cmdsynopsis"> - <command>pam_keyinit.so</command> - <arg choice="opt"> - debug - </arg> - <arg choice="opt"> - force - </arg> - <arg choice="opt"> - revoke - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_keyinit-description"> - <title>DESCRIPTION</title> - <para> - The pam_keyinit PAM module ensures that the invoking process has a - session keyring other than the user default session keyring. - </para> - <para> - The session component of the module checks to see if the process's - session keyring is the user default, and, if it is, creates a new - anonymous session keyring with which to replace it. - </para> - <para> - If a new session keyring is created, it will install a link to the user - common keyring in the session keyring so that keys common to the user - will be automatically accessible through it. - </para> - <para> - The session keyring of the invoking process will thenceforth be inherited - by all its children unless they override it. - </para> - <para> - This module is intended primarily for use by login processes. Be aware - that after the session keyring has been replaced, the old session keyring - and the keys it contains will no longer be accessible. - </para> - <para> - This module should not, generally, be invoked by programs like - <emphasis remap='B'>su</emphasis>, since it is usually desirable for the - key set to percolate through to the alternate context. The keys have - their own permissions system to manage this. - </para> - <para> - This module should be included as early as possible in a PAM - configuration, so that other PAM modules can attach tokens to the - keyring. - </para> - <para> - The keyutils package is used to manipulate keys more directly. This - can be obtained from: - </para> - <para> - <ulink url="http://people.redhat.com/~dhowells/keyutils/"> - Keyutils - </ulink> - </para> - </refsect1> - - <refsect1 id="pam_keyinit-options"> - <title>OPTIONS</title> - <variablelist> - <varlistentry> - <term> - <option>debug</option> - </term> - <listitem> - <para> - Log debug information with <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>force</option> - </term> - <listitem> - <para> - Causes the session keyring of the invoking process to be replaced - unconditionally. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>revoke</option> - </term> - <listitem> - <para> - Causes the session keyring of the invoking process to be revoked - when the invoking process exits if the session keyring was created - for this process in the first place. - </para> - </listitem> - </varlistentry> - - </variablelist> - </refsect1> - - <refsect1 id="pam_keyinit-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - Only the <emphasis remap='B'>session</emphasis> service is supported. - </para> - </refsect1> - - <refsect1 id='pam_keyinit-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - This module will usually return this value - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - Authentication failure. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_IGNORE</term> - <listitem> - <para> - The return value should be ignored by PAM dispatch. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_SERVICE_ERR</term> - <listitem> - <para> - Cannot determine the user name. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_SESSION_ERR</term> - <listitem> - <para> - This module will return this value if its arguments are invalid or - if a system error such as ENOMEM occurs. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User not known. - </para> - </listitem> - </varlistentry> - - </variablelist> - </refsect1> - - <refsect1 id='pam_keyinit-examples'> - <title>EXAMPLES</title> - <para> - Add this line to your login entries to start each login session with its - own session keyring: - <programlisting> -session required pam_keyinit.so - </programlisting> - </para> - <para> - This will prevent keys from one session leaking into another session for - the same user. - </para> - </refsect1> - - <refsect1 id='pam_keyinit-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - <citerefentry> - <refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_keyinit-author'> - <title>AUTHOR</title> - <para> - pam_keyinit was written by David Howells, <dhowells@redhat.com>. - </para> - </refsect1> - -</refentry> |