summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/patches-applied/007_modules_pam_unix502
-rw-r--r--debian/patches-applied/008_modules_pam_limits_chroot344
-rw-r--r--debian/patches-applied/027_pam_limits_better_init_allow_explicit_root44
-rw-r--r--debian/patches-applied/031_pam_include26
-rw-r--r--debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL37
-rw-r--r--debian/patches-applied/036_pam_wheel_getlogin_considered_harmful334
-rw-r--r--debian/patches-applied/040_pam_limits_log_failure23
-rw-r--r--debian/patches-applied/054_pam_security_abstract_securetty_handling2
-rw-r--r--debian/patches-applied/055_pam_unix_nullok_secure34
-rw-r--r--debian/patches-applied/PAM-manpage-section18783
-rw-r--r--debian/patches-applied/autoconf.patch20302
11 files changed, 33256 insertions, 7175 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix
index ba41e5bf..3a8446c7 100644
--- a/debian/patches-applied/007_modules_pam_unix
+++ b/debian/patches-applied/007_modules_pam_unix
@@ -12,7 +12,7 @@ Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
/*
How it works:
Gets in username (has to be done) from the calling program
-@@ -431,7 +434,8 @@
+@@ -430,7 +433,8 @@
static int _pam_unix_approve_pass(pam_handle_t * pamh
,unsigned int ctrl
,const char *pass_old
@@ -22,7 +22,7 @@ Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
{
const void *user;
const char *remark = NULL;
-@@ -462,7 +466,7 @@
+@@ -461,7 +465,7 @@
}
}
if (off(UNIX__IAMROOT, ctrl)) {
@@ -31,7 +31,7 @@ Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
remark = _("You must choose a longer password");
D(("length check [%s]", remark));
if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
-@@ -474,6 +478,11 @@
+@@ -473,6 +477,11 @@
return retval;
}
}
@@ -43,7 +43,7 @@ Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
}
if (remark) {
_make_remark(pamh, ctrl, PAM_ERROR_MSG, remark);
-@@ -490,6 +499,7 @@
+@@ -489,6 +498,7 @@
int retval;
int remember = -1;
int rounds = -1;
@@ -51,7 +51,7 @@ Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
/* <DO NOT free() THESE> */
const char *user;
-@@ -498,7 +508,8 @@
+@@ -497,7 +507,8 @@
D(("called."));
@@ -61,17 +61,17 @@ Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
/*
* First get the name of a user
-@@ -698,7 +709,8 @@
+@@ -697,7 +708,8 @@
if (*(const char *)pass_new == '\0') { /* "\0" password = NULL */
pass_new = NULL;
}
- retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);
+ retval = _pam_unix_approve_pass(pamh, ctrl, pass_old,
+ pass_new, pass_min_len);
- }
-
- if (retval != PAM_SUCCESS) {
-@@ -727,7 +739,8 @@
+
+ if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) {
+ pam_set_item(pamh, PAM_AUTHTOK, NULL);
+@@ -730,7 +742,8 @@
return retval;
}
@@ -85,7 +85,7 @@ Index: pam.deb/modules/pam_unix/pam_unix_acct.c
===================================================================
--- pam.deb.orig/modules/pam_unix/pam_unix_acct.c
+++ pam.deb/modules/pam_unix/pam_unix_acct.c
-@@ -184,7 +184,7 @@
+@@ -191,7 +191,7 @@
D(("called."));
@@ -125,7 +125,7 @@ Index: pam.deb/modules/pam_unix/support.c
break;
}
}
-@@ -100,15 +102,17 @@
+@@ -100,15 +102,16 @@
ctrl &= unix_args[j].mask; /* for turning things off */
ctrl |= unix_args[j].flag; /* for turning things on */
@@ -137,6 +137,7 @@ Index: pam.deb/modules/pam_unix/support.c
- if (*remember > 400)
- *remember = 400;
- }
+- }
+ /* special cases */
+ if (remember != NULL && j == UNIX_REMEMBER_PASSWD) {
+ *remember = strtol(*argv + 9, NULL, 10);
@@ -146,12 +147,11 @@ Index: pam.deb/modules/pam_unix/support.c
+ *remember = 400;
+ } else if (pass_min_len && j == UNIX_MIN_PASS_LEN) {
+ *pass_min_len = atoi(*argv + 4);
- }
-+
- if (rounds != NULL) {
- if (j == UNIX_ALGO_ROUNDS) {
- *rounds = strtol(*argv + 7, NULL, 10);
-@@ -124,6 +128,11 @@
++ }
+ if (rounds != NULL && j == UNIX_ALGO_ROUNDS)
+ *rounds = strtol(*argv + 7, NULL, 10);
+ }
+@@ -116,6 +119,11 @@
++argv; /* step to next argument */
}
@@ -167,20 +167,19 @@ Index: pam.deb/modules/pam_unix/support.h
===================================================================
--- pam.deb.orig/modules/pam_unix/support.h
+++ pam.deb/modules/pam_unix/support.h
-@@ -88,8 +88,11 @@
- #define UNIX_SHA512_PASS 24 /* new password hashes will use SHA512 */
+@@ -89,41 +89,47 @@
#define UNIX_ALGO_ROUNDS 25 /* optional number of rounds for new
password hash algorithms */
-+#define UNIX_MAX_PASS_LEN 26 /* internal, for compatibility only */
-+#define UNIX_MIN_PASS_LEN 27 /* Min length for password */
-+#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */
+ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */
++#define UNIX_MAX_PASS_LEN 27 /* internal, for compatibility only */
++#define UNIX_MIN_PASS_LEN 28 /* min length for password */
++#define UNIX_OBSCURE_CHECKS 29 /* enable obscure checks on passwords */
/* -------------- */
--#define UNIX_CTRLS_ 26 /* number of ctrl arguments defined */
-+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */
-
+-#define UNIX_CTRLS_ 27 /* number of ctrl arguments defined */
++#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */
static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
-@@ -97,32 +100,35 @@
+ {
/* symbol token name ctrl mask ctrl *
* ----------------------- ------------------- --------------------- -------- */
@@ -197,19 +196,20 @@ Index: pam.deb/modules/pam_unix/support.h
-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000},
-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000},
-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000},
--/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0400000), 020000},
+-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000},
-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0},
-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000},
-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000},
-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000},
--/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(020000), 0400000},
+-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000},
-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000},
-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000},
-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000},
-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000},
--/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(040420000), 020000000},
--/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(020420000), 040000000},
+-/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000},
+-/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000},
-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000},
+-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000},
+/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1},
+/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2},
+/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4},
@@ -223,26 +223,27 @@ Index: pam.deb/modules/pam_unix/support.h
+/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400},
+/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800},
+/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000},
-+/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0xC22000), 0x2000},
++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000},
+/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0},
+/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000},
+/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000},
+/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000},
-+/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0xC22000), 0x20000},
++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000},
+/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000},
+/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000},
+/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000},
+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000},
-+/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0xC22000), 0x400000},
-+/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0xC22000), 0x800000},
++/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000},
++/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000},
+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000},
++/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000},
+/* UNIX_MAX_PASS_LEN */ {"max=", _ALL_ON_, 0},
-+/* UNIX_MIN_PASS_LEN */ {"min=", _ALL_ON_, 0x2000000},
-+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x4000000},
++/* UNIX_MIN_PASS_LEN */ {"min=", _ALL_ON_, 0x4000000},
++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
-@@ -139,7 +145,7 @@
+@@ -141,7 +147,7 @@
extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl
,int type, const char *text);
extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int *rounds,
@@ -255,7 +256,7 @@ Index: pam.deb/modules/pam_unix/pam_unix.8.xml
===================================================================
--- pam.deb.orig/modules/pam_unix/pam_unix.8.xml
+++ pam.deb/modules/pam_unix/pam_unix.8.xml
-@@ -306,6 +306,90 @@
+@@ -326,6 +326,90 @@
</para>
</listitem>
</varlistentry>
@@ -601,7 +602,7 @@ Index: pam.deb/modules/pam_unix/passverify.c
===================================================================
--- pam.deb.orig/modules/pam_unix/passverify.c
+++ pam.deb/modules/pam_unix/passverify.c
-@@ -261,7 +261,9 @@
+@@ -240,7 +240,9 @@
*daysleft = -1;
curdays = (long int)(time(NULL) / (60 * 60 * 24));
D(("today is %d, last change %d", curdays, spent->sp_lstchg));
@@ -612,7 +613,7 @@ Index: pam.deb/modules/pam_unix/passverify.c
D(("account expired"));
return PAM_ACCT_EXPIRED;
}
-@@ -279,17 +281,23 @@
+@@ -258,17 +260,23 @@
if ((curdays - spent->sp_lstchg > spent->sp_max)
&& (curdays - spent->sp_lstchg > spent->sp_inact)
&& (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact)
@@ -643,190 +644,201 @@ Index: pam.deb/modules/pam_unix/pam_unix.8
===================================================================
--- pam.deb.orig/modules/pam_unix/pam_unix.8
+++ pam.deb/modules/pam_unix/pam_unix.8
-@@ -1,85 +1,85 @@
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_unix
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 08/21/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_UNIX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_UNIX" "8" "08/21/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_unix - Module for traditional password authentication
-+pam_unix \- Module for traditional password authentication
- .SH "SYNOPSIS"
- .HP 12
--\fBpam_unix\.so\fR [\.\.\.]
-+\fBpam_unix\&.so\fR [\&.\&.\&.]
+-.TH "PAM_UNIX" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_UNIX" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_unix \- Module for traditional password authentication
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_unix\&.so\fR\ 'u
+ \fBpam_unix\&.so\fR [\&.\&.\&.]
+-.fam
.SH "DESCRIPTION"
.PP
--This is the standard Unix authentication module\. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\.
-+This is the standard Unix authentication module\&. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&.
- .PP
- The account component performs the task of establishing the status of the user\'s account and password based on the following
- \fIshadow\fR
--elements: expire, last_change, max_change, min_change, warn_change\. In the case of the latter, it may offer advice to the user on changing their password or, through the
-+elements: expire, last_change, max_change, min_change, warn_change\&. In the case of the latter, it may offer advice to the user on changing their password or, through the
- \fBPAM_AUTHTOKEN_REQD\fR
--return, delay giving service to the user until they have established a new password\. The entries listed above are documented in the
-+return, delay giving service to the user until they have established a new password\&. The entries listed above are documented in the
- \fBshadow\fR(5)
--manual page\. Should the user\'s record not contain one or more of these entries, the corresponding
-+manual page\&. Should the user\'s record not contain one or more of these entries, the corresponding
- \fIshadow\fR
--check is not performed\.
-+check is not performed\&.
- .PP
--The authentication component performs the task of checking the users credentials (password)\. The default action of this module is to not permit the user access to a service if their official password is blank\.
-+The authentication component performs the task of checking the users credentials (password)\&. The default action of this module is to not permit the user access to a service if their official password is blank\&.
- .PP
- A helper binary,
--\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\. This binary is very simple and will only check the password of the user invoking it\. It is called transparently on behalf of the user by the authenticating component of this module\. In this way it is possible for applications like
-+\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like
- \fBxlock\fR(1)
--to work without being setuid\-root\. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was
--\fBfork()\fRd\. The
-+to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was
-+\fBfork()\fRd\&. The
- \fBnoreap\fR
--module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\.
-+module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&.
- .PP
--The password component of this module performs the task of updating the user\'s password\.
-+The password component of this module performs the task of updating the user\'s password\&.
- .PP
--The session component of this module logs when a user logins or leave the system\.
-+The session component of this module logs when a user logins or leave the system\&.
- .PP
--Remaining arguments, supported by others functions of this module, are silently ignored\. Other arguments are logged as errors through
--\fBsyslog\fR(3)\.
-+Remaining arguments, supported by others functions of this module, are silently ignored\&. Other arguments are logged as errors through
-+\fBsyslog\fR(3)\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
- Turns on debugging via
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
- .RE
- .PP
- \fBaudit\fR
- .RS 4
--A little more extreme than debug\.
-+A little more extreme than debug\&.
- .RE
- .PP
- \fBnullok\fR
- .RS 4
--The default action of this module is to not permit the user access to a service if their official password is blank\. The
-+The default action of this module is to not permit the user access to a service if their official password is blank\&. The
- \fBnullok\fR
--argument overrides this default\.
-+argument overrides this default\&.
- .RE
- .PP
- \fBtry_first_pass\fR
- .RS 4
--Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\.
-+Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\&.
- .RE
- .PP
- \fBuse_first_pass\fR
- .RS 4
- The argument
- \fBuse_first_pass\fR
--forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\.
-+forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\&.
- .RE
- .PP
- \fBnodelay\fR
- .RS 4
--This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail\. The default action is for the module to request a delay\-on\-failure of the order of two second\.
-+This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail\&. The default action is for the module to request a delay\-on\-failure of the order of two second\&.
- .RE
- .PP
- \fBuse_authtok\fR
-@@ -88,17 +88,17 @@
- \fBpassword\fR
- module (this is used in the example of the stacking of the
- \fBpam_cracklib\fR
--module documented above)\.
-+module documented above)\&.
- .RE
- .PP
- \fBnot_set_pass\fR
- .RS 4
--This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\.
-+This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\&.
- .RE
- .PP
- \fBnis\fR
- .RS 4
--NIS RPC is used for setting new passwords\.
-+NIS RPC is used for setting new passwords\&.
- .RE
- .PP
- \fBremember=\fR\fB\fIn\fR\fR
-@@ -107,73 +107,111 @@
+ This is the standard Unix authentication module\&. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&.
+@@ -264,7 +114,7 @@
+ The last
\fIn\fR
passwords for each user are saved in
- \fI/etc/security/opasswd\fR
--in order to force password change history and keep the user from alternating between the same password too frequently\.
-+in order to force password change history and keep the user from alternating between the same password too frequently\&.
- .RE
- .PP
- \fBshadow\fR
- .RS 4
--Try to maintain a shadow based system\.
-+Try to maintain a shadow based system\&.
- .RE
- .PP
- \fBmd5\fR
- .RS 4
--When a user changes their password next, encrypt it with the MD5 algorithm\.
-+When a user changes their password next, encrypt it with the MD5 algorithm\&.
- .RE
- .PP
- \fBbigcrypt\fR
- .RS 4
--When a user changes their password next, encrypt it with the DEC C2 algorithm\.
-+When a user changes their password next, encrypt it with the DEC C2 algorithm\&.
- .RE
- .PP
- \fBsha256\fR
- .RS 4
--When a user changes their password next, encrypt it with the SHA256 algorithm\. If the SHA256 algorithm is not known to the libcrypt, fall back to MD5\.
-+When a user changes their password next, encrypt it with the SHA256 algorithm\&. If the SHA256 algorithm is not known to the libcrypt, fall back to MD5\&.
+-\FC/etc/security/opasswd\F[]
++/etc/security/opasswd
+ in order to force password change history and keep the user from alternating between the same password too frequently\&.
.RE
.PP
- \fBsha512\fR
- .RS 4
--When a user changes their password next, encrypt it with the SHA512 algorithm\. If the SHA512 algorithm is not known to the libcrypt, fall back to MD5\.
-+When a user changes their password next, encrypt it with the SHA512 algorithm\&. If the SHA512 algorithm is not known to the libcrypt, fall back to MD5\&.
- .RE
- .PP
- \fBrounds=\fR\fB\fIn\fR\fR
- .RS 4
- Set the optional number of rounds of the SHA256 and SHA512 password hashing algorithms to
--\fIn\fR\.
-+\fIn\fR\&.
+@@ -315,6 +165,44 @@
+ Ignore errors reading shadow information for users in the account management module\&.
.RE
.PP
- \fBbroken_shadow\fR
- .RS 4
--Ignore errors reading shadow inforation for users in the account management module\.
-+Ignore errors reading shadow inforation for users in the account management module\&.
-+.RE
-+.PP
+\fBmin=\fR\fB\fIn\fR\fR
+.RS 4
+Set a minimum password length of
@@ -863,51 +875,45 @@ Index: pam.deb/modules/pam_unix/pam_unix.8
+Is the new password a rotated version of the old password? (E\&.g\&., "billy" and "illyb")
+.RE
+.sp
- .RE
- .PP
++.RE
++.PP
Invalid arguments are logged with
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
- .SH "MODULE SERVICES PROVIDED"
- .PP
--All service are supported\.
-+All service are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_IGNORE
- .RS 4
--Ignore this module\.
-+Ignore this module\&.
- .RE
+ \fBsyslog\fR(3)\&.
+ .SH "MODULE TYPES PROVIDED"
+@@ -333,21 +221,13 @@
.SH "EXAMPLES"
.PP
An example usage for
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
would be:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
# Authenticate the user
--auth required pam_unix\.so
-+auth required pam_unix\&.so
+ auth required pam_unix\&.so
# Ensure users account and password are still active
--account required pam_unix\.so
-+account required pam_unix\&.so
- # Change the users password, but at first check the strength
- # with pam_cracklib(8)
--password required pam_cracklib\.so retry=3 minlen=6 difok=3
--password required pam_unix\.so use_authtok nullok md5
--session required pam_unix\.so
-+password required pam_cracklib\&.so retry=3 minlen=6 difok=3
-+password required pam_unix\&.so use_authtok nullok md5
-+session required pam_unix\&.so
+@@ -358,13 +238,7 @@
+ password required pam_unix\&.so use_authtok nullok md5
+ session required pam_unix\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -186,4 +224,4 @@
- \fBpam\fR(8)
- .SH "AUTHOR"
- .PP
--pam_unix was written by various people\.
-+pam_unix was written by various people\&.
+ .\}
diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot
index 23f6c9d4..d791567c 100644
--- a/debian/patches-applied/008_modules_pam_limits_chroot
+++ b/debian/patches-applied/008_modules_pam_limits_chroot
@@ -18,7 +18,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
#define LIMIT_SOFT 1
#define LIMIT_HARD 2
-@@ -250,6 +252,8 @@
+@@ -317,6 +319,8 @@
pl->login_limit = -2;
pl->login_limit_def = LIMITS_DEF_NONE;
@@ -27,7 +27,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
return retval;
}
-@@ -320,6 +324,8 @@
+@@ -387,6 +391,8 @@
pl->flag_numsyslogins = 1;
} else if (strcmp(lim_item, "priority") == 0) {
limit_item = LIMIT_PRI;
@@ -36,7 +36,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
} else {
pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item);
return;
-@@ -357,9 +363,9 @@
+@@ -424,9 +430,9 @@
pam_syslog(pamh, LOG_DEBUG,
"wrong limit value '%s' for limit type '%s'",
lim_value, lim_type);
@@ -48,8 +48,8 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
#ifdef __USE_FILE_OFFSET64
rlimit_value = strtoull (lim_value, &endptr, 10);
#else
-@@ -420,7 +426,9 @@
- break;
+@@ -487,7 +493,9 @@
+ #endif
}
- if ( (limit_item != LIMIT_LOGIN)
@@ -59,7 +59,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
&& (limit_item != LIMIT_NUMSYSLOGINS)
&& (limit_item != LIMIT_PRI) ) {
if (limit_type & LIMIT_SOFT) {
-@@ -615,6 +623,13 @@
+@@ -689,6 +697,13 @@
retval |= LOGIN_ERR;
}
@@ -94,155 +94,229 @@ Index: pam.deb/modules/pam_limits/limits.conf.5
===================================================================
--- pam.deb.orig/modules/pam_limits/limits.conf.5
+++ pam.deb/modules/pam_limits/limits.conf.5
-@@ -1,17 +1,17 @@
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: limits.conf
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "LIMITS\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "LIMITS\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--limits.conf - configuration file for the pam_limits module
-+limits.conf \- configuration file for the pam_limits module
+-.TH "LIMITS\&.CONF" "5" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "LIMITS\&.CONF" "5" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,7 +18,7 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ limits.conf \- configuration file for the pam_limits module
.SH "DESCRIPTION"
.PP
- The syntax of the lines is as follows:
-@@ -34,19 +34,19 @@
+@@ -360,6 +212,11 @@
.RS 4
- \h'-04'\(bu\h'+03'a groupname, with
- \fB@group\fR
--syntax\. This should not be confused with netgroups\.
-+syntax\&. This should not be confused with netgroups\&.
+ maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher)
.RE
- .sp
- .RS 4
- \h'-04'\(bu\h'+03'the wildcard
--\fB*\fR, for default entry\.
-+\fB*\fR, for default entry\&.
- .RE
- .sp
- .RS 4
- \h'-04'\(bu\h'+03'the wildcard
- \fB%\fR, for maxlogins limit only, can also be used with
- \fI%group\fR
--syntax\.
-+syntax\&.
- .RE
- .RE
- .PP
-@@ -57,18 +57,18 @@
- .RS 4
- for enforcing
- \fBhard\fR
--resource limits\. These limits are set by the superuser and enforced by the Kernel\. The user cannot raise his requirement of system resources above such values\.
-+resource limits\&. These limits are set by the superuser and enforced by the Kernel\&. The user cannot raise his requirement of system resources above such values\&.
- .RE
- .PP
- \fBsoft\fR
- .RS 4
- for enforcing
- \fBsoft\fR
--resource limits\. These limits are ones that the user can move up or down within the permitted range by any pre\-existing
-+resource limits\&. These limits are ones that the user can move up or down within the permitted range by any pre\-existing
- \fBhard\fR
--limits\. The values specified with this token can be thought of as
-+limits\&. The values specified with this token can be thought of as
- \fIdefault\fR
--values, for normal system usage\.
-+values, for normal system usage\&.
- .RE
- .PP
- \fB\-\fR
-@@ -77,9 +77,9 @@
- \fBsoft\fR
- and
- \fBhard\fR
--resource limits together\.
-+resource limits together\&.
- .sp
--Note, if you specify a type of \'\-\' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\. \.
-+Note, if you specify a type of \'\-\' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\&. \&.
- .RE
- .RE
- .PP
-@@ -154,47 +154,52 @@
- .PP
- \fBlocks\fR
- .RS 4
--maximum locked files (Linux 2\.4 and higher)
-+maximum locked files (Linux 2\&.4 and higher)
- .RE
- .PP
- \fBsigpending\fR
- .RS 4
--maximum number of pending signals (Linux 2\.6 and higher)
-+maximum number of pending signals (Linux 2\&.6 and higher)
- .RE
- .PP
- \fBmsqqueue\fR
- .RS 4
--maximum memory used by POSIX message queues (bytes) (Linux 2\.6 and higher)
-+maximum memory used by POSIX message queues (bytes) (Linux 2\&.6 and higher)
- .RE
- .PP
- \fBnice\fR
- .RS 4
--maximum nice priority allowed to raise to (Linux 2\.6\.12 and higher) values: [\-20,19]
-+maximum nice priority allowed to raise to (Linux 2\&.6\&.12 and higher) values: [\-20,19]
- .RE
- .PP
- \fBrtprio\fR
- .RS 4
--maximum realtime priority allowed for non\-privileged processes (Linux 2\.6\.12 and higher)
-+maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher)
-+.RE
+.PP
+\fBchroot\fR
+.RS 4
+the directory to chroot the user to
- .RE
++.RE
.RE
.PP
- In general, individual limits have priority over group limits, so if you impose no limits for
- \fIadmin\fR
--group, but one of the members in this group have a limits line, the user will have its limits set according to this line\.
-+group, but one of the members in this group have a limits line, the user will have its limits set according to this line\&.
- .PP
- Also, please note that all limit settings are set
--\fIper login\fR\. They are not global, nor are they permanent; existing only for the duration of the session\.
-+\fIper login\fR\&. They are not global, nor are they permanent; existing only for the duration of the session\&.
- .PP
- In the
- \fIlimits\fR
--configuration file, the \'\fB#\fR\' character introduces a comment \- after which the rest of the line is ignored\.
-+configuration file, the \'\fB#\fR\' character introduces a comment \- after which the rest of the line is ignored\&.
- .PP
- The pam_limits module does its best to report configuration problems found in its configuration file via
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
+ All items support the values
+@@ -392,20 +249,12 @@
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
--\fI/etc/security/limits\.conf\fR\.
-+\fI/etc/security/limits\&.conf\fR\&.
+-\FC/etc/security/limits\&.conf\F[]\&.
++/etc/security/limits\&.conf\&.
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-@@ -216,4 +221,4 @@
- \fBpam\fR(8)
- .SH "AUTHOR"
- .PP
--pam_limits was initially written by Cristian Gafton <gafton@redhat\.com>
-+pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com>
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ * soft core 0
+ * hard rss 10000
+ @student hard nproc 20
+@@ -414,13 +263,7 @@
+ ftp hard nproc 0
+ @student \- maxlogins 4
+
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
+ .fi
+-.fam
+-.ps +1
+ .if n \{\
+ .RE
+ .\}
Index: pam.deb/modules/pam_limits/limits.conf
===================================================================
--- pam.deb.orig/modules/pam_limits/limits.conf
diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
index 157e4514..1d5086a8 100644
--- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
+++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
@@ -5,7 +5,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
--- pam.deb.orig/modules/pam_limits/pam_limits.c
+++ pam.deb/modules/pam_limits/pam_limits.c
@@ -45,6 +45,10 @@
- #include <libaudit.h>
+ #include <libaudit.h>
#endif
+#ifndef MLOCK_LIMIT
@@ -23,7 +23,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
int login_limit; /* the max logins limit */
int login_limit_def; /* which entry set the login limit */
int flag_numsyslogins; /* whether to limit logins only for a
-@@ -228,9 +233,18 @@
+@@ -295,9 +300,18 @@
{
int i;
int retval = PAM_SUCCESS;
@@ -42,7 +42,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
for(i = 0; i < RLIM_NLIMITS; i++) {
int r = getrlimit(i, &pl->limits[i].limit);
if (r == -1) {
-@@ -240,8 +254,56 @@
+@@ -307,8 +321,56 @@
}
} else {
pl->limits[i].supported = 1;
@@ -101,7 +101,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
}
}
-@@ -524,7 +586,7 @@
+@@ -591,7 +653,7 @@
if (strcmp(uname, domain) == 0) /* this user have a limit */
process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl);
@@ -110,7 +110,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG,
"checking if %s is in group %s",
-@@ -533,7 +595,7 @@
+@@ -600,7 +662,7 @@
if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1))
process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl,
pl);
@@ -119,7 +119,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG,
"checking if %s is in group %s",
-@@ -547,7 +609,7 @@
+@@ -614,7 +676,7 @@
process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl,
pl);
}
@@ -128,7 +128,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl,
pl);
} else if (i == 2 && ltype[0] == '-') { /* Probably a no-limit line */
-@@ -582,6 +644,12 @@
+@@ -649,6 +711,12 @@
int status;
int retval = LIMITED_OK;
@@ -139,9 +139,9 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
+ }
+
for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) {
- if (!pl->limits[i].supported) {
- /* skip it if its not known to the system */
-@@ -675,6 +743,8 @@
+ int res;
+
+@@ -749,6 +817,8 @@
return PAM_ABORT;
}
@@ -188,7 +188,7 @@ Index: pam.deb/modules/pam_limits/limits.conf.5.xml
</listitem>
</varlistentry>
-@@ -266,6 +271,7 @@
+@@ -278,6 +283,7 @@
</para>
<programlisting>
* soft core 0
@@ -200,25 +200,11 @@ Index: pam.deb/modules/pam_limits/limits.conf.5
===================================================================
--- pam.deb.orig/modules/pam_limits/limits.conf.5
+++ pam.deb/modules/pam_limits/limits.conf.5
-@@ -1,11 +1,11 @@
- .\" Title: limits.conf
- .\" Author:
- .\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
--.\" Date: 07/27/2008
-+.\" Date: 11/09/2008
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM Manual
- .\"
--.TH "LIMITS\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "LIMITS\&.CONF" "5" "11/09/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
-@@ -48,6 +48,11 @@
+@@ -84,6 +84,11 @@
\fI%group\fR
syntax\&.
.RE
-+.IP "" 4
++.RS 4
+
+\fBNOTE:\fR
+group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username
@@ -226,8 +212,8 @@ Index: pam.deb/modules/pam_limits/limits.conf.5
.RE
.PP
\fB<type>\fR
-@@ -204,6 +209,7 @@
- .RS 4
+@@ -256,6 +261,7 @@
+ .\}
.nf
* soft core 0
+root hard core 100000
diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include
index 32cb0168..23962ad1 100644
--- a/debian/patches-applied/031_pam_include
+++ b/debian/patches-applied/031_pam_include
@@ -8,18 +8,18 @@ Index: pam.deb/libpam/pam_handlers.c
===================================================================
--- pam.deb.orig/libpam/pam_handlers.c
+++ pam.deb/libpam/pam_handlers.c
-@@ -117,6 +117,10 @@
- module_type = PAM_T_ACCT;
- } else if (!strcasecmp("password", tok)) {
- module_type = PAM_T_PASS;
-+ } else if (!strcasecmp("@include", tok)) {
-+ pam_include = 1;
-+ module_type = requested_module_type;
-+ goto parsing_done;
- } else {
- /* Illegal module type */
- D(("_pam_init_handlers: bad module type: %s", tok));
-@@ -186,8 +190,10 @@
+@@ -122,6 +122,10 @@
+ module_type = PAM_T_ACCT;
+ } else if (!strcasecmp("password", tok)) {
+ module_type = PAM_T_PASS;
++ } else if (!strcasecmp("@include", tok)) {
++ pam_include = 1;
++ module_type = requested_module_type;
++ goto parsing_done;
+ } else {
+ /* Illegal module type */
+ D(("_pam_init_handlers: bad module type: %s", tok));
+@@ -192,8 +196,10 @@
_pam_set_default_control(actions, _PAM_ACTION_BAD);
}
@@ -30,7 +30,7 @@ Index: pam.deb/libpam/pam_handlers.c
if (substack) {
res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other,
stack_level, module_type, actions, tok,
-@@ -198,13 +204,35 @@
+@@ -204,13 +210,35 @@
return PAM_ABORT;
}
}
diff --git a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL
index 267cf427..58fab0ee 100644
--- a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL
+++ b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL
@@ -1,33 +1,22 @@
-setrlimit will sometimes return EPERM for example if youp try to
-increase the number of open files too much. This is not something we
-want to consider fatal. This also happens if you use non-root and
-try to decrease a limit. Running PAM as non-root is not so great.
+setrlimit will sometimes return EPERM for example if you try to increase the
+number of open files too much. This is not something we want to consider
+fatal. This also happens if you use non-root and try to decrease a limit.
+Running PAM as non-root is not so great.
Authors: ?
Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net>
-Index: debian-pkg-pam/modules/pam_limits/pam_limits.c
+Index: pam.deb/modules/pam_limits/pam_limits.c
===================================================================
---- debian-pkg-pam.orig/modules/pam_limits/pam_limits.c 2009-04-17 12:47:04.000000000 -0700
-+++ debian-pkg-pam/modules/pam_limits/pam_limits.c 2009-04-17 12:47:06.000000000 -0700
-@@ -651,6 +651,7 @@
- }
-
- for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) {
-+ int retval;
- if (!pl->limits[i].supported) {
- /* skip it if its not known to the system */
- continue;
-@@ -662,7 +663,10 @@
- }
- if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max)
- pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max;
-- status |= setrlimit(i, &pl->limits[i].limit);
-+ retval = setrlimit(i, &pl->limits[i].limit);
-+ if (retval == -1 && errno==EPERM)
+--- pam.deb.orig/modules/pam_limits/pam_limits.c
++++ pam.deb/modules/pam_limits/pam_limits.c
+@@ -735,6 +735,8 @@
+ if (res != 0)
+ pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m",
+ rlimit2str(i));
++ if (res == -1 && errno == EPERM)
+ continue;
-+ status |= retval;
+ status |= res;
}
- if (status) {
diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
index 50f62cee..20f408a3 100644
--- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
+++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
@@ -105,156 +105,228 @@ Index: pam.deb/modules/pam_wheel/pam_wheel.8
===================================================================
--- pam.deb.orig/modules/pam_wheel/pam_wheel.8
+++ pam.deb/modules/pam_wheel/pam_wheel.8
-@@ -1,64 +1,59 @@
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_wheel
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_WHEEL" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_wheel - Only permit root access to members of group wheel
-+pam_wheel \- Only permit root access to members of group wheel
- .SH "SYNOPSIS"
- .HP 13
--\fBpam_wheel\.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
+-.TH "PAM_WHEEL" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_WHEEL" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_wheel \- Only permit root access to members of group wheel
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_wheel\&.so\fR\ 'u
+-\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
+-.fam
+\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust]
.SH "DESCRIPTION"
.PP
The pam_wheel PAM module is used to enforce the so\-called
- \fIwheel\fR
--group\. By default it permits root access to the system if the applicant user is a member of the
-+group\&. By default it permits root access to the system if the applicant user is a member of the
- \fIwheel\fR
--group\. If no group with this name exist, the module is using the group with the group\-ID
--\fB0\fR\.
-+group\&. If no group with this name exist, the module is using the group with the group\-ID
-+\fB0\fR\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
- \fBdeny\fR
- .RS 4
- Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the
- \fBgroup\fR
--option), deny access\. Conversely, if the user is not in the group, return PAM_IGNORE (unless
-+option), deny access\&. Conversely, if the user is not in the group, return PAM_IGNORE (unless
- \fBtrust\fR
--was also specified, in which case we return PAM_SUCCESS)\.
-+was also specified, in which case we return PAM_SUCCESS)\&.
- .RE
- .PP
- \fBgroup=\fR\fB\fIname\fR\fR
- .RS 4
- Instead of checking the wheel or GID 0 groups, use the
- \fB\fIname\fR\fR
--group to perform the authentication\.
-+group to perform the authentication\&.
- .RE
- .PP
- \fBroot_only\fR
+@@ -213,11 +63,6 @@
.RS 4
--The check for wheel membership is done only\.
-+The check for wheel membership is done only\&.
+ The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&.
.RE
- .PP
- \fBtrust\fR
- .RS 4
--The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\.
--.RE
-.PP
-\fBuse_uid\fR
-.RS 4
--The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\.
-+The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -66,52 +61,52 @@
- \fBauth\fR
- and
- \fBaccount\fR
--services are supported\.
-+services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_AUTH_ERR
- .RS 4
--Authentication failure\.
-+Authentication failure\&.
- .RE
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
--The return value should be ignored by PAM dispatch\.
-+The return value should be ignored by PAM dispatch\&.
- .RE
- .PP
- PAM_PERM_DENY
- .RS 4
--Permission denied\.
-+Permission denied\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Cannot determine the user name\.
-+Cannot determine the user name\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--Success\.
-+Success\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
- .SH "EXAMPLES"
+-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&.
+-.RE
+ .SH "MODULE TYPES PROVIDED"
.PP
--The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\.
-+The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\&.
- .sp
+ The
+@@ -268,26 +113,12 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--su auth sufficient pam_rootok\.so
--su auth required pam_wheel\.so
--su auth required pam_unix\.so
-+su auth sufficient pam_rootok\&.so
-+su auth required pam_wheel\&.so
-+su auth required pam_unix\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ su auth sufficient pam_rootok\&.so
+ su auth required pam_wheel\&.so
+ su auth required pam_unix\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -124,4 +119,4 @@
- \fBpam\fR(8)
- .SH "AUTHOR"
- .PP
--pam_wheel was written by Cristian Gafton <gafton@redhat\.com>\.
-+pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&.
+ .\}
Index: pam.deb/modules/pam_wheel/README
===================================================================
--- pam.deb.orig/modules/pam_wheel/README
diff --git a/debian/patches-applied/040_pam_limits_log_failure b/debian/patches-applied/040_pam_limits_log_failure
index 0daf4f7e..f80273e7 100644
--- a/debian/patches-applied/040_pam_limits_log_failure
+++ b/debian/patches-applied/040_pam_limits_log_failure
@@ -7,27 +7,30 @@ Authors: Sam Hartman <hartmans@debian.org>
Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net>
-Index: debian-pkg-pam/modules/pam_limits/pam_limits.c
+Index: pam.deb/modules/pam_limits/pam_limits.c
===================================================================
---- debian-pkg-pam.orig/modules/pam_limits/pam_limits.c 2009-04-17 12:47:06.000000000 -0700
-+++ debian-pkg-pam/modules/pam_limits/pam_limits.c 2009-04-17 12:47:13.000000000 -0700
-@@ -664,6 +664,19 @@
+--- pam.deb.orig/modules/pam_limits/pam_limits.c
++++ pam.deb/modules/pam_limits/pam_limits.c
+@@ -732,9 +732,19 @@
if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max)
pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max;
- retval = setrlimit(i, &pl->limits[i].limit);
-+ if (retval != 0 && (i != RLIMIT_NOFILE
+ res = setrlimit(i, &pl->limits[i].limit);
+- if (res != 0)
+- pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m",
+- rlimit2str(i));
++ if (res != 0 && (i != RLIMIT_NOFILE
+ || pl->limits[i].limit.rlim_cur != RLIM_INFINITY))
+ {
+ int save_errno = errno;
+ pam_syslog(pamh, LOG_DEBUG,
-+ "setrlimit limit #%d to soft=%d, hard=%d failed:"
-+ " %m; uid=%lu,euid=%lu", i,
++ "Could not set limit for '%s' to soft=%d, hard=%d:"
++ " %m; uid=%lu,euid=%lu", rlimit2str(i),
+ pl->limits[i].limit.rlim_cur,
+ pl->limits[i].limit.rlim_max,
+ (unsigned long) getuid(),
+ (unsigned long) geteuid());
+ errno = save_errno;
+ }
- if (retval == -1 && errno==EPERM)
+ if (res == -1 && errno == EPERM)
continue;
- status |= retval;
+ status |= res;
diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling
index 76318c43..d5048cb2 100644
--- a/debian/patches-applied/054_pam_security_abstract_securetty_handling
+++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling
@@ -88,7 +88,7 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c
-
- retval = PAM_AUTH_ERR;
- } else {
-- if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) {
+- if (ctrl & PAM_DEBUG_ARG) {
- pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",
- username, uttyname);
- }
diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure
index 18f9f95b..1fd1bf12 100644
--- a/debian/patches-applied/055_pam_unix_nullok_secure
+++ b/debian/patches-applied/055_pam_unix_nullok_secure
@@ -39,7 +39,7 @@ Index: pam.deb/modules/pam_unix/support.c
}
}
-@@ -430,6 +437,7 @@
+@@ -443,6 +450,7 @@
child = fork();
if (child == 0) {
int i=0;
@@ -47,7 +47,7 @@ Index: pam.deb/modules/pam_unix/support.c
struct rlimit rlim;
static char *envp[] = { NULL };
char *args[] = { NULL, NULL, NULL, NULL };
-@@ -457,7 +465,18 @@
+@@ -470,7 +478,18 @@
/* exec binary helper */
args[0] = strdup(CHKPWD_HELPER);
args[1] = x_strdup(user);
@@ -67,7 +67,7 @@ Index: pam.deb/modules/pam_unix/support.c
args[2]=strdup("nullok");
} else {
args[2]=strdup("nonull");
-@@ -527,6 +546,17 @@
+@@ -551,6 +570,17 @@
if (on(UNIX__NONULL, ctrl))
return 0; /* will fail but don't let on yet */
@@ -85,7 +85,7 @@ Index: pam.deb/modules/pam_unix/support.c
/* UNIX passwords area */
retval = get_pwd_hash(pamh, name, &pwd, &salt);
-@@ -613,7 +643,8 @@
+@@ -637,7 +667,8 @@
}
}
} else {
@@ -99,17 +99,17 @@ Index: pam.deb/modules/pam_unix/support.h
===================================================================
--- pam.deb.orig/modules/pam_unix/support.h
+++ pam.deb/modules/pam_unix/support.h
-@@ -91,8 +91,9 @@
- #define UNIX_MAX_PASS_LEN 26 /* internal, for compatibility only */
- #define UNIX_MIN_PASS_LEN 27 /* Min length for password */
- #define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */
-+#define UNIX_NULLOK_SECURE 29 /* NULL passwords allowed only on secure ttys */
+@@ -92,8 +92,9 @@
+ #define UNIX_MAX_PASS_LEN 27 /* internal, for compatibility only */
+ #define UNIX_MIN_PASS_LEN 28 /* min length for password */
+ #define UNIX_OBSCURE_CHECKS 29 /* enable obscure checks on passwords */
++#define UNIX_NULLOK_SECURE 30 /* NULL passwords allowed only on secure ttys */
/* -------------- */
--#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */
-+#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */
-
+-#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */
++#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */
static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
+ {
@@ -109,7 +110,7 @@
/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40},
/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80},
@@ -119,15 +119,15 @@ Index: pam.deb/modules/pam_unix/support.h
/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400},
/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800},
/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000},
-@@ -129,6 +130,7 @@
+@@ -130,6 +131,7 @@
/* UNIX_MAX_PASS_LEN */ {"max=", _ALL_ON_, 0},
- /* UNIX_MIN_PASS_LEN */ {"min=", _ALL_ON_, 0x2000000},
- /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x4000000},
-+/* UNIX__NULLOK */ {"nullok_secure", _ALL_ON_^(0x200), 0x8000000},
+ /* UNIX_MIN_PASS_LEN */ {"min=", _ALL_ON_, 0x4000000},
+ /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000},
++/* UNIX__NULLOK */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
-@@ -163,6 +165,9 @@
+@@ -165,6 +167,9 @@
,const char *data_name
,const void **pass);
diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section
index aad83822..a602614d 100644
--- a/debian/patches-applied/PAM-manpage-section
+++ b/debian/patches-applied/PAM-manpage-section
@@ -5,36 +5,240 @@ Authors: Steve Langasek <vorlon@debian.org>
Upstream status: maybe provide a backwards-compatibility link first?
-Index: debian-pkg-pam/doc/man/PAM.8
+Index: pam.deb/doc/man/PAM.8
===================================================================
---- debian-pkg-pam.orig/doc/man/PAM.8 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/PAM.8 2009-04-17 12:47:20.000000000 -0700
-@@ -5,7 +5,7 @@
+--- pam.deb.orig/doc/man/PAM.8
++++ pam.deb/doc/man/PAM.8
+@@ -1,161 +1,13 @@
++'\" t
+ .\" Title: pam
+ .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM" "7" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
-@@ -104,4 +104,4 @@
+-.TH "PAM" "8" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM" "7" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,7 +18,7 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ PAM, pam \- Pluggable Authentication Modules for Linux
+ .SH "DESCRIPTION"
+ .PP
+@@ -184,13 +36,13 @@
+ The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single
+ \fBLinux\-PAM\fR
+ configuration file
+-\FC/etc/pam\&.conf\F[]\&. Alternatively, the configuration can be set by individual configuration files located in the
+-\FC/etc/pam\&.d/\F[]
++/etc/pam\&.conf\&. Alternatively, the configuration can be set by individual configuration files located in the
++/etc/pam\&.d/
+ directory\&. The presence of this directory will cause
+ \fBLinux\-PAM\fR
+ to
+ \fIignore\fR
+-\FC/etc/pam\&.conf\F[]\&.
++/etc/pam\&.conf\&.
+ .PP
+ From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the
+ \fBLinux\-PAM\fR
+@@ -231,17 +83,17 @@
+ management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&.
+ .SH "FILES"
+ .PP
+-\FC/etc/pam\&.conf\F[]
++/etc/pam\&.conf
+ .RS 4
+ the configuration file
+ .RE
+ .PP
+-\FC/etc/pam\&.d\F[]
++/etc/pam\&.d
+ .RS 4
+ the
+ \fBLinux\-PAM\fR
+ configuration directory\&. Generally, if this directory is present, the
+-\FC/etc/pam\&.conf\F[]
++/etc/pam\&.conf
+ file is ignored\&.
+ .RE
+ .SH "ERRORS"
+@@ -260,4 +112,4 @@
\fBpam_authenticate\fR(3),
\fBpam_sm_setcred\fR(3),
\fBpam_strerror\fR(3),
-\fBPAM\fR(8)
+\fBPAM\fR(7)
-Index: debian-pkg-pam/doc/man/pam.8
+Index: pam.deb/doc/man/pam.8
===================================================================
---- debian-pkg-pam.orig/doc/man/pam.8 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam.8 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/doc/man/pam.8
++++ pam.deb/doc/man/pam.8
@@ -1 +1 @@
-.so man8/PAM.8
+.so man7/PAM.7
-Index: debian-pkg-pam/doc/man/pam.8.xml
+Index: pam.deb/doc/man/pam.8.xml
===================================================================
---- debian-pkg-pam.orig/doc/man/pam.8.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/doc/man/pam.8.xml
++++ pam.deb/doc/man/pam.8.xml
@@ -6,7 +6,7 @@
<refmeta>
@@ -53,209 +257,221 @@ Index: debian-pkg-pam/doc/man/pam.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_access/access.conf.5
+Index: pam.deb/modules/pam_access/access.conf.5
===================================================================
---- debian-pkg-pam.orig/modules/pam_access/access.conf.5 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_access/access.conf.5 2009-04-17 12:47:20.000000000 -0700
-@@ -1,32 +1,32 @@
+--- pam.deb.orig/modules/pam_access/access.conf.5
++++ pam.deb/modules/pam_access/access.conf.5
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: access.conf
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHORS" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "ACCESS\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "ACCESS\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--access.conf - the login access control table file
-+access.conf \- the login access control table file
+-.TH "ACCESS\&.CONF" "5" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "ACCESS\&.CONF" "5" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,19 +18,19 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ access.conf \- the login access control table file
.SH "DESCRIPTION"
.PP
The
--\fI/etc/security/access\.conf\fR
-+\fI/etc/security/access\&.conf\fR
+-\FC/etc/security/access\&.conf\F[]
++/etc/security/access\&.conf
file specifies (\fIuser/group\fR,
\fIhost\fR), (\fIuser/group\fR,
\fInetwork/netmask\fR) or (\fIuser/group\fR,
--\fItty\fR) combinations for which a login will be either accepted or refused\.
-+\fItty\fR) combinations for which a login will be either accepted or refused\&.
+ \fItty\fR) combinations for which a login will be either accepted or refused\&.
.PP
When someone logs in, the file
--\fIaccess\.conf\fR
-+\fIaccess\&.conf\fR
+-\FCaccess\&.conf\F[]
++access\&.conf
is scanned for the first entry that matches the (\fIuser/group\fR,
\fIhost\fR) or (\fIuser/group\fR,
\fInetwork/netmask\fR) combination, or, in case of non\-networked logins, the first entry that matches the (\fIuser/group\fR,
--\fItty\fR) combination\. The permissions field of that table entry determines whether the login will be accepted or refused\.
-+\fItty\fR) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&.
- .PP
- Each line of the login access control table has three fields separated by a ":" character (colon):
- .PP
-@@ -35,92 +35,92 @@
- .PP
- The first field, the
- \fIpermission\fR
--field, can be either a "\fI+\fR" character (plus) for access granted or a "\fI\-\fR" character (minus) for access denied\.
-+field, can be either a "\fI+\fR" character (plus) for access granted or a "\fI\-\fR" character (minus) for access denied\&.
- .PP
- The second field, the
- \fIusers\fR/\fIgroup\fR
- field, should be a list of one or more login names, group names, or
- \fIALL\fR
--(which always matches)\. To differentiate user entries from group entries, group entries should be written with brackets, e\.g\.
--\fI(group)\fR\.
-+(which always matches)\&. To differentiate user entries from group entries, group entries should be written with brackets, e\&.g\&.
-+\fI(group)\fR\&.
- .PP
- The third field, the
- \fIorigins\fR
--field, should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\."), host addresses, internet network numbers (end with "\."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also),
-+field, should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also),
- \fIALL\fR
- (which always matches) or
- \fILOCAL\fR
--(which matches any string that does not contain a "\." character)\. If supported by the system you can use
-+(which matches any string that does not contain a "\&." character)\&. If supported by the system you can use
- \fI@netgroupname\fR
--in host or user patterns\.
-+in host or user patterns\&.
- .PP
- The
- \fIEXCEPT\fR
--operator makes it possible to write very compact rules\.
-+operator makes it possible to write very compact rules\&.
- .PP
- If the
- \fBnodefgroup\fR
--is not set, the group file is searched when a name does not match that of the logged\-in user\. Only groups are matched in which users are explicitly listed\. However the PAM module does not look at the primary group id of a user\.
-+is not set, the group file is searched when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed\&. However the PAM module does not look at the primary group id of a user\&.
- .PP
--The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\.
-+The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\&.
+@@ -228,7 +80,7 @@
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
--\fI/etc/security/access\.conf\fR\.
-+\fI/etc/security/access\&.conf\fR\&.
+-\FC/etc/security/access\&.conf\F[]\&.
++/etc/security/access\&.conf\&.
.PP
User
\fIroot\fR
- should be allowed to get access via
- \fIcron\fR, X11 terminal
- \fI:0\fR,
--\fItty1\fR, \.\.\.,
-+\fItty1\fR, \&.\&.\&.,
- \fItty5\fR,
--\fItty6\fR\.
-+\fItty6\fR\&.
- .PP
- + : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6
- .PP
- User
- \fIroot\fR
--should be allowed to get access from hosts which own the IPv4 addresses\. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too\.
-+should be allowed to get access from hosts which own the IPv4 addresses\&. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too\&.
- .PP
--+ : root : 192\.168\.200\.1 192\.168\.200\.4 192\.168\.200\.9
-++ : root : 192\&.168\&.200\&.1 192\&.168\&.200\&.4 192\&.168\&.200\&.9
- .PP
--+ : root : 127\.0\.0\.1
-++ : root : 127\&.0\&.0\&.1
- .PP
+@@ -252,9 +104,9 @@
User
\fIroot\fR
should get access from network
--192\.168\.201\.
--where the term will be evaluated by string matching\. But it might be better to use network/netmask instead\. The same meaning of
--192\.168\.201\.
+-\FC192\&.168\&.201\&.\F[]
+192\&.168\&.201\&.
-+where the term will be evaluated by string matching\&. But it might be better to use network/netmask instead\&. The same meaning of
+ where the term will be evaluated by string matching\&. But it might be better to use network/netmask instead\&. The same meaning of
+-\FC192\&.168\&.201\&.\F[]
+192\&.168\&.201\&.
is
--\fI192\.168\.201\.0/24\fR
-+\fI192\&.168\&.201\&.0/24\fR
+ \fI192\&.168\&.201\&.0/24\fR
or
--\fI192\.168\.201\.0/255\.255\.255\.0\fR\.
-+\fI192\&.168\&.201\&.0/255\&.255\&.255\&.0\fR\&.
- .PP
--+ : root : 192\.168\.201\.
-++ : root : 192\&.168\&.201\&.
- .PP
- User
- \fIroot\fR
- should be able to have access from hosts
--\fIfoo1\.bar\.org\fR
-+\fIfoo1\&.bar\&.org\fR
- and
--\fIfoo2\.bar\.org\fR
--(uses string matching also)\.
-+\fIfoo2\&.bar\&.org\fR
-+(uses string matching also)\&.
- .PP
--+ : root : foo1\.bar\.org foo2\.bar\.org
-++ : root : foo1\&.bar\&.org foo2\&.bar\&.org
- .PP
- User
- \fIroot\fR
- should be able to have access from domain
--\fIfoo\.bar\.org\fR
--(uses string matching also)\.
-+\fIfoo\&.bar\&.org\fR
-+(uses string matching also)\&.
- .PP
--+ : root : \.foo\.bar\.org
-++ : root : \&.foo\&.bar\&.org
- .PP
- User
- \fIroot\fR
--should be denied to get access from all other sources\.
-+should be denied to get access from all other sources\&.
- .PP
- \- : root : ALL
- .PP
-@@ -128,7 +128,7 @@
- \fIfoo\fR
- and members of netgroup
- \fIadmins\fR
--should be allowed to get access from all sources\. This will only work if netgroup service is available\.
-+should be allowed to get access from all sources\&. This will only work if netgroup service is available\&.
- .PP
- + : @admins foo : ALL
- .PP
-@@ -136,21 +136,21 @@
- \fIjohn\fR
- and
- \fIfoo\fR
--should get access from IPv6 host address\.
-+should get access from IPv6 host address\&.
- .PP
- + : john foo : 2001:4ca0:0:101::1
- .PP
- User
- \fIjohn\fR
--should get access from IPv6 net/mask\.
-+should get access from IPv6 net/mask\&.
- .PP
- + : john : 2001:4ca0:0:101::/64
- .PP
--Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\.
-+Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\&.
- .PP
- \-:ALL EXCEPT (wheel) shutdown sync:LOCAL
- .PP
--All other users should be denied to get access from all sources\.
-+All other users should be denied to get access from all sources\&.
- .PP
- \- : ALL : ALL
- .SH "SEE ALSO"
-@@ -158,13 +158,13 @@
+@@ -320,7 +172,7 @@
\fBpam_access\fR(8),
\fBpam.d\fR(5),
@@ -264,19 +480,11 @@ Index: debian-pkg-pam/modules/pam_access/access.conf.5
.SH "AUTHORS"
.PP
Original
- \fBlogin.access\fR(5)
- manual was provided by Guido van Rooij which was renamed to
- \fBaccess.conf\fR(5)
--to reflect relation to default config file\.
-+to reflect relation to default config file\&.
- .PP
--Network address / netmask description and example text was introduced by Mike Becher <mike\.becher@lrz\-muenchen\.de>\.
-+Network address / netmask description and example text was introduced by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&.
-Index: debian-pkg-pam/modules/pam_access/access.conf.5.xml
+Index: pam.deb/modules/pam_access/access.conf.5.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_access/access.conf.5.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_access/access.conf.5.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -183,7 +183,7 @@
+--- pam.deb.orig/modules/pam_access/access.conf.5.xml
++++ pam.deb/modules/pam_access/access.conf.5.xml
+@@ -186,7 +186,7 @@
<para>
<citerefentry><refentrytitle>pam_access</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@@ -285,77 +493,308 @@ Index: debian-pkg-pam/modules/pam_access/access.conf.5.xml
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_env/pam_env.conf.5
+Index: pam.deb/modules/pam_env/pam_env.conf.5
===================================================================
---- debian-pkg-pam.orig/modules/pam_env/pam_env.conf.5 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_env/pam_env.conf.5 2009-04-17 12:47:20.000000000 -0700
-@@ -1,37 +1,37 @@
+--- pam.deb.orig/modules/pam_env/pam_env.conf.5
++++ pam.deb/modules/pam_env/pam_env.conf.5
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_env.conf
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_ENV\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_ENV\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_env.conf - the environment variables config file
-+pam_env.conf \- the environment variables config file
+-.TH "PAM_ENV\&.CONF" "5" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_ENV\&.CONF" "5" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,12 +18,12 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_env.conf \- the environment variables config file
.SH "DESCRIPTION"
.PP
The
--\fI/etc/security/pam_env\.conf\fR
-+\fI/etc/security/pam_env\&.conf\fR
+-\FC/etc/security/pam_env\&.conf\F[]
++/etc/security/pam_env\&.conf
file specifies the environment variables to be set, unset or modified by
--\fBpam_env\fR(8)\. When someone logs in, this file is read and the environment variables are set according\.
-+\fBpam_env\fR(8)\&. When someone logs in, this file is read and the environment variables are set according\&.
- .PP
--Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\. OVERRIDE is not used, "" is assumed and no override will be done\.
-+Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\&. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\&. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\&. OVERRIDE is not used, "" is assumed and no override will be done\&.
+ \fBpam_env\fR(8)\&. When someone logs in, this file is read and the environment variables are set according\&.
.PP
-
- \fIVARIABLE\fR
- [\fIDEFAULT=[value]\fR] [\fIOVERRIDE=[value]\fR]
- .PP
--(Possibly non\-existent) environment variables may be used in values using the ${string} syntax and (possibly non\-existent) PAM_ITEMs may be used in values using the @{string} syntax\. Both the $ and @ characters can be backslash escaped to be used as literal values values can be delimited with "", escaped " not supported\. Note that many environment variables that you would like to use may not be set by the time the module is called\. For example, HOME is used below several times, but many PAM applications don\'t make it available by the time you need it\.
-+(Possibly non\-existent) environment variables may be used in values using the ${string} syntax and (possibly non\-existent) PAM_ITEMs may be used in values using the @{string} syntax\&. Both the $ and @ characters can be backslash escaped to be used as literal values values can be delimited with "", escaped " not supported\&. Note that many environment variables that you would like to use may not be set by the time the module is called\&. For example, HOME is used below several times, but many PAM applications don\'t make it available by the time you need it\&.
- .PP
--The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\.
-+The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\&.
+@@ -187,31 +39,17 @@
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
--\fI/etc/security/pam_env\.conf\fR\.
-+\fI/etc/security/pam_env\&.conf\fR\&.
+-\FC/etc/security/pam_env\&.conf\F[]\&.
++/etc/security/pam_env\&.conf\&.
.PP
Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather than not being set at all
.sp
-@@ -46,7 +46,7 @@
- .sp
+ .if n \{\
+ .RS 4
+ .\}
+-.fam C
+-.ps -1
+ .nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
+ .fi
+-.fam
+-.ps +1
+ .if n \{\
+ .RE
+ .\}
+@@ -221,24 +59,10 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-- DISPLAY DEFAULT=${REMOTEHOST}:0\.0 OVERRIDE=${DISPLAY}
-+ DISPLAY DEFAULT=${REMOTEHOST}:0\&.0 OVERRIDE=${DISPLAY}
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ DISPLAY DEFAULT=${REMOTEHOST}:0\&.0 OVERRIDE=${DISPLAY}
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -65,7 +65,7 @@
+ .\}
+@@ -248,15 +72,7 @@
+ .if n \{\
+ .RS 4
+ .\}
+-.fam C
+-.ps -1
+ .nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ PAGER DEFAULT=less
+ MANPAGER DEFAULT=less
+ LESS DEFAULT="M q e h15 z23 b80"
+@@ -264,13 +80,7 @@
+ PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\e
+ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .PP
--Silly examples of escaped variables, just to show how they work\.
-+Silly examples of escaped variables, just to show how they work\&.
- .sp
+ .\}
+@@ -280,27 +90,13 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-@@ -81,7 +81,7 @@
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ DOLLAR DEFAULT=\e$
+ DOLLARDOLLAR DEFAULT= OVERRIDE=\e$${DOLLAR}
+ DOLLARPLUS DEFAULT=\e${REMOTEHOST}${REMOTEHOST}
+ ATSIGN DEFAULT="" OVERRIDE=\e@
+
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
+ .fi
+-.fam
+-.ps +1
+ .if n \{\
+ .RE
+ .\}
+@@ -309,7 +105,7 @@
\fBpam_env\fR(8),
\fBpam.d\fR(5),
@@ -363,12 +802,11 @@ Index: debian-pkg-pam/modules/pam_env/pam_env.conf.5
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_env was written by Dave Kinchlea <kinch@kinch\.ark\.com>\.
-+pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&.
-Index: debian-pkg-pam/modules/pam_env/pam_env.conf.5.xml
+ pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&.
+Index: pam.deb/modules/pam_env/pam_env.conf.5.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_env/pam_env.conf.5.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_env/pam_env.conf.5.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_env/pam_env.conf.5.xml
++++ pam.deb/modules/pam_env/pam_env.conf.5.xml
@@ -110,7 +110,7 @@
<para>
<citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
@@ -378,95 +816,244 @@ Index: debian-pkg-pam/modules/pam_env/pam_env.conf.5.xml
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_group/group.conf.5
+Index: pam.deb/modules/pam_group/group.conf.5
===================================================================
---- debian-pkg-pam.orig/modules/pam_group/group.conf.5 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_group/group.conf.5 2009-04-17 12:47:20.000000000 -0700
-@@ -1,24 +1,24 @@
+--- pam.deb.orig/modules/pam_group/group.conf.5
++++ pam.deb/modules/pam_group/group.conf.5
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: group.conf
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "GROUP\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "GROUP\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--group.conf - configuration file for the pam_group module
-+group.conf \- configuration file for the pam_group module
+-.TH "GROUP\&.CONF" "5" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "GROUP\&.CONF" "5" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,14 +18,14 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ group.conf \- configuration file for the pam_group module
.SH "DESCRIPTION"
.PP
--The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\. Such memberships are based on the service they are applying for\.
-+The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\&. Such memberships are based on the service they are applying for\&.
+ The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\&. Such memberships are based on the service they are applying for\&.
.PP
For this module to function correctly there must be a correctly formatted
--\fI/etc/security/group\.conf\fR
--file present\. White spaces are ignored and lines maybe extended with \'\e\' (escaped newlines)\. Text following a \'#\' is ignored to the end of the line\.
-+\fI/etc/security/group\&.conf\fR
-+file present\&. White spaces are ignored and lines maybe extended with \'\e\' (escaped newlines)\&. Text following a \'#\' is ignored to the end of the line\&.
+-\FC/etc/security/group\&.conf\F[]
++/etc/security/group\&.conf
+ file present\&. White spaces are ignored and lines maybe extended with \'\e\' (escaped newlines)\&. Text following a \'#\' is ignored to the end of the line\&.
.PP
The syntax of the lines is as follows:
- .PP
-@@ -27,33 +27,33 @@
- .PP
- The first field, the
- \fIservices\fR
--field, is a logic list of PAM service names that the rule applies to\.
-+field, is a logic list of PAM service names that the rule applies to\&.
- .PP
- The second field, the
- \fItty\fR
--field, is a logic list of terminal names that this rule applies to\.
-+field, is a logic list of terminal names that this rule applies to\&.
- .PP
- The third field, the
- \fIusers\fR
--field, is a logic list of users or a netgroup of users to whom this rule applies\.
-+field, is a logic list of users or a netgroup of users to whom this rule applies\&.
- .PP
--For these items the simple wildcard \'*\' may be used only once\. With netgroups no wildcards or logic operators are allowed\.
-+For these items the simple wildcard \'*\' may be used only once\&. With netgroups no wildcards or logic operators are allowed\&.
- .PP
- The
- \fItimes\fR
--field is used to indicate "when" these groups are to be given to the user\. The format here is a logic list of day/time\-range entries\. The days are specified by a sequence of two character entries, MoTuSa for example is Monday Tuesday and Saturday\. Note that repeated days are unset MoMo = no day, and MoWk = all weekdays bar Monday\. The two character combinations accepted are Mo Tu We Th Fr Sa Su Wk Wd Al, the last two being week\-end days and all 7 days of the week respectively\. As a final example, AlFr means all days except Friday\.
-+field is used to indicate "when" these groups are to be given to the user\&. The format here is a logic list of day/time\-range entries\&. The days are specified by a sequence of two character entries, MoTuSa for example is Monday Tuesday and Saturday\&. Note that repeated days are unset MoMo = no day, and MoWk = all weekdays bar Monday\&. The two character combinations accepted are Mo Tu We Th Fr Sa Su Wk Wd Al, the last two being week\-end days and all 7 days of the week respectively\&. As a final example, AlFr means all days except Friday\&.
- .PP
--Each day/time\-range can be prefixed with a \'!\' to indicate "anything but"\. The time\-range part is two 24\-hour times HHMM, separated by a hyphen, indicating the start and finish time (if the finish time is smaller than the start time it is deemed to apply on the following day)\.
-+Each day/time\-range can be prefixed with a \'!\' to indicate "anything but"\&. The time\-range part is two 24\-hour times HHMM, separated by a hyphen, indicating the start and finish time (if the finish time is smaller than the start time it is deemed to apply on the following day)\&.
- .PP
- The
- \fIgroups\fR
--field is a comma or space separated list of groups that the user inherits membership of\. These groups are added if the previous fields are satisfied by the user\'s request\.
-+field is a comma or space separated list of groups that the user inherits membership of\&. These groups are added if the previous fields are satisfied by the user\'s request\&.
- .PP
--For a rule to be active, ALL of service+ttys+users must be satisfied by the applying process\.
-+For a rule to be active, ALL of service+ttys+users must be satisfied by the applying process\&.
+@@ -209,22 +61,16 @@
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
--\fI/etc/security/group\.conf\fR\.
-+\fI/etc/security/group\&.conf\fR\&.
+-\FC/etc/security/group\&.conf\F[]\&.
++/etc/security/group\&.conf\&.
.PP
Running \'xsh\' on tty* (any ttyXXX device), the user \'us\' is given access to the floppy (through membership of the floppy group)
.sp
-@@ -63,7 +63,7 @@
+ .if n \{\
+ .RS 4
+ .\}
+-.fam C
+-.ps -1
+ .nf
+-.BB lightgray
+ xsh;tty*&!ttyp*;us;Al0000\-2400;floppy
+-.EB lightgray
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .PP
--Running \'xsh\' on tty* (any ttyXXX device), the user \'sword\' is given access to games (through membership of the floppy group) after work hours\.
-+Running \'xsh\' on tty* (any ttyXXX device), the user \'sword\' is given access to games (through membership of the floppy group) after work hours\&.
- .sp
+ .\}
+@@ -234,25 +80,11 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-@@ -77,7 +77,7 @@
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ xsh; tty* ;sword;!Wk0900\-1800;games, sound
+ xsh; tty* ;*;Al0900\-1800;floppy
+
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
+ .fi
+-.fam
+-.ps +1
+ .if n \{\
+ .RE
+ .\}
+@@ -261,7 +93,7 @@
\fBpam_group\fR(8),
\fBpam.d\fR(5),
@@ -474,12 +1061,11 @@ Index: debian-pkg-pam/modules/pam_group/group.conf.5
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_group was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_group/group.conf.5.xml
+ pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_group/group.conf.5.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_group/group.conf.5.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_group/group.conf.5.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_group/group.conf.5.xml
++++ pam.deb/modules/pam_group/group.conf.5.xml
@@ -118,7 +118,7 @@
<para>
<citerefentry><refentrytitle>pam_group</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
@@ -489,212 +1075,284 @@ Index: debian-pkg-pam/modules/pam_group/group.conf.5.xml
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_limits/limits.conf.5
+Index: pam.deb/modules/pam_limits/limits.conf.5
===================================================================
---- debian-pkg-pam.orig/modules/pam_limits/limits.conf.5 2009-04-17 12:47:04.000000000 -0700
-+++ debian-pkg-pam/modules/pam_limits/limits.conf.5 2009-04-17 12:47:20.000000000 -0700
-@@ -224,7 +224,7 @@
+--- pam.deb.orig/modules/pam_limits/limits.conf.5
++++ pam.deb/modules/pam_limits/limits.conf.5
+@@ -278,7 +278,7 @@
\fBpam_limits\fR(8),
\fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
+-\fBpam\fR(8),
++\fBpam\fR(7),
+ \fBgetrlimit\fR(2)
+ \fBgetrlimit\fR(3p)
.SH "AUTHOR"
- .PP
- pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com>
-Index: debian-pkg-pam/modules/pam_limits/limits.conf.5.xml
+Index: pam.deb/modules/pam_limits/limits.conf.5.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_limits/limits.conf.5.xml 2009-04-17 12:47:04.000000000 -0700
-+++ debian-pkg-pam/modules/pam_limits/limits.conf.5.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -286,7 +286,7 @@
+--- pam.deb.orig/modules/pam_limits/limits.conf.5.xml
++++ pam.deb/modules/pam_limits/limits.conf.5.xml
+@@ -298,7 +298,7 @@
<para>
<citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>3p</manvolnum></citerefentry>
</para>
- </refsect1>
-
-Index: debian-pkg-pam/modules/pam_namespace/namespace.conf.5
+Index: pam.deb/modules/pam_namespace/namespace.conf.5
===================================================================
---- debian-pkg-pam.orig/modules/pam_namespace/namespace.conf.5 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/modules/pam_namespace/namespace.conf.5 2009-04-17 12:47:20.000000000 -0700
-@@ -1,40 +1,40 @@
+--- pam.deb.orig/modules/pam_namespace/namespace.conf.5
++++ pam.deb/modules/pam_namespace/namespace.conf.5
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: namespace.conf
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHORS" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "NAMESPACE\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "NAMESPACE\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--namespace.conf - the namespace configuration file
-+namespace.conf \- the namespace configuration file
+-.TH "NAMESPACE\&.CONF" "5" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "NAMESPACE\&.CONF" "5" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,22 +18,22 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ namespace.conf \- the namespace configuration file
.SH "DESCRIPTION"
.PP
The
--\fIpam_namespace\.so\fR
--module allows setup of private namespaces with polyinstantiated directories\. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\. If an executable script
--\fI/etc/security/namespace\.init\fR
--exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path and the instance directory path as its arguments\.
-+\fIpam_namespace\&.so\fR
-+module allows setup of private namespaces with polyinstantiated directories\&. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\&. If an executable script
-+\fI/etc/security/namespace\&.init\fR
-+exists, it is used to initialize the namespace every time a new instance directory is setup\&. The script receives the polyinstantiated directory path and the instance directory path as its arguments\&.
+ \fIpam_namespace\&.so\fR
+ module allows setup of private namespaces with polyinstantiated directories\&. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\&. If an executable script
+-\FC/etc/security/namespace\&.init\F[]
++/etc/security/namespace\&.init
+ exists, it is used to initialize the namespace every time an instance directory is set up and mounted\&. The script receives the polyinstantiated directory path and the instance directory path as its arguments\&.
.PP
The
--\fI/etc/security/namespace\.conf\fR
--file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\.
-+\fI/etc/security/namespace\&.conf\fR
-+file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\&.
+-\FC/etc/security/namespace\&.conf\F[]
++/etc/security/namespace\&.conf
+ file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\&.
.PP
When someone logs in, the file
--\fInamespace\.conf\fR
--is scanned\. Comments are marked by
-+\fInamespace\&.conf\fR
-+is scanned\&. Comments are marked by
+-\FCnamespace\&.conf\F[]
++namespace\&.conf
+ is scanned\&. Comments are marked by
\fI#\fR
--characters\. Each non comment line represents one polyinstantiated directory\. The fields are separated by spaces but can be quoted by
-+characters\&. Each non comment line represents one polyinstantiated directory\&. The fields are separated by spaces but can be quoted by
- \fI"\fR
- characters also escape sequences
- \fI\eb\fR,
- \fI\en\fR, and
- \fI\et\fR
--are recognized\. The fields are as follows:
-+are recognized\&. The fields are as follows:
- .PP
- \fIpolydir\fR
- \fIinstance_prefix\fR
-@@ -42,98 +42,98 @@
- \fIlist_of_uids\fR
- .PP
- The first field,
--\fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\. The special string
-+\fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\&. The special string
- \fI$HOME\fR
- is replaced with the user\'s home directory, and
- \fI$USER\fR
--with the username\. This field cannot be blank\.
-+with the username\&. This field cannot be blank\&.
- .PP
- The second field,
- \fIinstance_prefix\fR
--is the string prefix used to build the pathname for the instantiation of <polydir>\. Depending on the polyinstantiation
-+is the string prefix used to build the pathname for the instantiation of <polydir>\&. Depending on the polyinstantiation
- \fImethod\fR
--it is then appended with "instance differentiation string" to generate the final instance directory path\. This directory is created if it did not exist already, and is then bind mounted on the <polydir> to provide an instance of <polydir> based on the <method> column\. The special string
-+it is then appended with "instance differentiation string" to generate the final instance directory path\&. This directory is created if it did not exist already, and is then bind mounted on the <polydir> to provide an instance of <polydir> based on the <method> column\&. The special string
- \fI$HOME\fR
- is replaced with the user\'s home directory, and
- \fI$USER\fR
--with the username\. This field cannot be blank\.
-+with the username\&. This field cannot be blank\&.
- .PP
- The third field,
--\fImethod\fR, is the method used for polyinstantiation\. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user\'s session is closed\. Methods "context" and "level" are only available with SELinux\. This field cannot be blank\.
-+\fImethod\fR, is the method used for polyinstantiation\&. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user\'s session is closed\&. Methods "context" and "level" are only available with SELinux\&. This field cannot be blank\&.
- .PP
- The fourth field,
--\fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed\. If left blank, polyinstantiation will be performed for all users\. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list\.
-+\fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed\&. If left blank, polyinstantiation will be performed for all users\&. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list\&.
- .PP
- The
- \fImethod\fR
- field can contain also following optional flags separated by
- \fI:\fR
--characters\.
-+characters\&.
- .PP
- \fIcreate\fR=\fImode\fR,\fIowner\fR,\fIgroup\fR
--\- create the polyinstantiated directory\. The mode, owner and group parameters are optional\. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user\.
-+\- create the polyinstantiated directory\&. The mode, owner and group parameters are optional\&. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user\&.
+ characters\&. Each non comment line represents one polyinstantiated directory\&. The fields are separated by spaces but can be quoted by
+@@ -231,7 +83,7 @@
.PP
\fIiscript\fR=\fIpath\fR
--\- path to the instance directory init script\. The base directory for relative paths is
--\fI/etc/security/namespace\.d\fR\.
-+\- path to the instance directory init script\&. The base directory for relative paths is
-+\fI/etc/security/namespace\&.d\fR\&.
+ \- path to the instance directory init script\&. The base directory for relative paths is
+-\FC/etc/security/namespace\&.d\F[]\&.
++/etc/security/namespace\&.d\&.
.PP
\fInoinit\fR
--\- instance directory init script will not be executed\.
-+\- instance directory init script will not be executed\&.
- .PP
- \fIshared\fR
--\- the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users\.
-+\- the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users\&.
- .PP
--The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000\. The requirement that the instance parent be of mode 0000 can be overridden with the command line option
-+The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000\&. The requirement that the instance parent be of mode 0000 can be overridden with the command line option
+ \- instance directory init script will not be executed\&.
+@@ -243,7 +95,7 @@
\fIignore_instance_parent_mode\fR
.PP
--In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon\. This context must be set by the calling application or
--\fIpam_selinux\.so\fR
--module\. If this context is not set the polyinstatiation will be based just on user name\.
-+In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon\&. This context must be set by the calling application or
-+\fIpam_selinux\&.so\fR
-+module\&. If this context is not set the polyinstatiation will be based just on user name\&.
- .PP
--The "instance differentiation string" is <user name> for "user" method and <user name>_<raw directory context> for "context" and "level" methods\. If the whole string is too long the end of it is replaced with md5sum of itself\. Also when command line option
-+The "instance differentiation string" is <user name> for "user" method and <user name>_<raw directory context> for "context" and "level" methods\&. If the whole string is too long the end of it is replaced with md5sum of itself\&. Also when command line option
- \fIgen_hash\fR
--is used the whole string is replaced with md5sum of itself\.
-+is used the whole string is replaced with md5sum of itself\&.
+ In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon\&. This context must be set by the calling application or
+-\FCpam_selinux\&.so\F[]
++pam_selinux\&.so
+ module\&. If this context is not set the polyinstatiation will be based just on user name\&.
+ .PP
+ The "instance differentiation string" is <user name> for "user" method and <user name>_<raw directory context> for "context" and "level" methods\&. If the whole string is too long the end of it is replaced with md5sum of itself\&. Also when command line option
+@@ -252,20 +104,12 @@
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
--\fI/etc/security/namespace\.conf\fR\.
-+\fI/etc/security/namespace\&.conf\fR\&.
+-\FC/etc/security/namespace\&.conf\F[]\&.
++/etc/security/namespace\&.conf\&.
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
# The following three lines will polyinstantiate /tmp,
-- # /var/tmp and user\'s home directories\. /tmp and /var/tmp
-+ # /var/tmp and user\'s home directories\&. /tmp and /var/tmp
+ # /var/tmp and user\'s home directories\&. /tmp and /var/tmp
# will be polyinstantiated based on the security level
- # as well as user name, whereas home directory will be
-- # polyinstantiated based on the full security context and user name\.
-+ # polyinstantiated based on the full security context and user name\&.
- # Polyinstantiation will not be performed for user root
- # and adm for directories /tmp and /var/tmp, whereas home
-- # directories will be polyinstantiated for all users\.
-+ # directories will be polyinstantiated for all users\&.
- #
- # Note that instance directories do not have to reside inside
-- # the polyinstantiated directory\. In the examples below,
-+ # the polyinstantiated directory\&. In the examples below,
- # instances of /tmp will be created in /tmp\-inst directory,
- # where as instances of /var/tmp and users home directories
- # will reside within the directories that are being
-- # polyinstantiated\.
-+ # polyinstantiated\&.
- #
- /tmp /tmp\-inst/ level root,adm
+@@ -286,13 +130,7 @@
/var/tmp /var/tmp/tmp\-inst/ level root,adm
-- $HOME $HOME/$USER\.inst/inst\- context
-+ $HOME $HOME/$USER\&.inst/inst\- context
+ $HOME $HOME/$USER\&.inst/inst\- context
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .PP
--For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam\.d/<service> as the last line for session group:
-+For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/<service> as the last line for session group:
- .PP
--session required pam_namespace\.so [arguments]
-+session required pam_namespace\&.so [arguments]
- .PP
--This module also depends on pam_selinux\.so setting the context\.
-+This module also depends on pam_selinux\&.so setting the context\&.
- .SH "SEE ALSO"
- .PP
+ .\}
+@@ -307,7 +145,7 @@
\fBpam_namespace\fR(8),
\fBpam.d\fR(5),
@@ -702,12 +1360,11 @@ Index: debian-pkg-pam/modules/pam_namespace/namespace.conf.5
+\fBpam\fR(7)
.SH "AUTHORS"
.PP
--The namespace\.conf manual page was written by Janak Desai <janak@us\.ibm\.com>\. More features added by Tomas Mraz <tmraz@redhat\.com>\.
-+The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&. More features added by Tomas Mraz <tmraz@redhat\&.com>\&.
-Index: debian-pkg-pam/modules/pam_namespace/namespace.conf.5.xml
+ The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&. More features added by Tomas Mraz <tmraz@redhat\&.com>\&.
+Index: pam.deb/modules/pam_namespace/namespace.conf.5.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_namespace/namespace.conf.5.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/modules/pam_namespace/namespace.conf.5.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_namespace/namespace.conf.5.xml
++++ pam.deb/modules/pam_namespace/namespace.conf.5.xml
@@ -196,7 +196,7 @@
<para>
<citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
@@ -717,101 +1374,246 @@ Index: debian-pkg-pam/modules/pam_namespace/namespace.conf.5.xml
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_time/time.conf.5
+Index: pam.deb/modules/pam_time/time.conf.5
===================================================================
---- debian-pkg-pam.orig/modules/pam_time/time.conf.5 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_time/time.conf.5 2009-04-17 12:47:20.000000000 -0700
-@@ -1,62 +1,62 @@
+--- pam.deb.orig/modules/pam_time/time.conf.5
++++ pam.deb/modules/pam_time/time.conf.5
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: time.conf
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "TIME\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "TIME\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--time.conf - configuration file for the pam_time module
-+time.conf \- configuration file for the pam_time module
+-.TH "TIME\&.CONF" "5" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "TIME\&.CONF" "5" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,14 +18,14 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ time.conf \- configuration file for the pam_time module
.SH "DESCRIPTION"
.PP
--The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\.
-+The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\&. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\&.
+ The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\&. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\&.
.PP
For this module to function correctly there must be a correctly formatted
--\fI/etc/security/time\.conf\fR
--file present\. White spaces are ignored and lines maybe extended with \'\e\' (escaped newlines)\. Text following a \'#\' is ignored to the end of the line\.
-+\fI/etc/security/time\&.conf\fR
-+file present\&. White spaces are ignored and lines maybe extended with \'\e\' (escaped newlines)\&. Text following a \'#\' is ignored to the end of the line\&.
+-\FC/etc/security/time\&.conf\F[]
++/etc/security/time\&.conf
+ file present\&. White spaces are ignored and lines maybe extended with \'\e\' (escaped newlines)\&. Text following a \'#\' is ignored to the end of the line\&.
.PP
The syntax of the lines is as follows:
- .PP
-
- \fIservices\fR;\fIttys\fR;\fIusers\fR;\fItimes\fR
- .PP
--In words, each rule occupies a line, terminated with a newline or the beginning of a comment; a \'\fB#\fR\'\. It contains four fields separated with semicolons, \'\fB;\fR\'\.
-+In words, each rule occupies a line, terminated with a newline or the beginning of a comment; a \'\fB#\fR\'\&. It contains four fields separated with semicolons, \'\fB;\fR\'\&.
- .PP
- The first field, the
- \fIservices\fR
--field, is a logic list of PAM service names that the rule applies to\.
-+field, is a logic list of PAM service names that the rule applies to\&.
- .PP
- The second field, the
- \fItty\fR
--field, is a logic list of terminal names that this rule applies to\.
-+field, is a logic list of terminal names that this rule applies to\&.
- .PP
- The third field, the
- \fIusers\fR
--field, is a logic list of users or a netgroup of users to whom this rule applies\.
-+field, is a logic list of users or a netgroup of users to whom this rule applies\&.
- .PP
--For these items the simple wildcard \'*\' may be used only once\. With netgroups no wildcards or logic operators are allowed\.
-+For these items the simple wildcard \'*\' may be used only once\&. With netgroups no wildcards or logic operators are allowed\&.
- .PP
- The
- \fItimes\fR
--field is used to indicate the times at which this rule applies\. The format here is a logic list of day/time\-range entries\. The days are specified by a sequence of two character entries, MoTuSa for example is Monday Tuesday and Saturday\. Note that repeated days are unset MoMo = no day, and MoWk = all weekdays bar Monday\. The two character combinations accepted are Mo Tu We Th Fr Sa Su Wk Wd Al, the last two being week\-end days and all 7 days of the week respectively\. As a final example, AlFr means all days except Friday\.
-+field is used to indicate the times at which this rule applies\&. The format here is a logic list of day/time\-range entries\&. The days are specified by a sequence of two character entries, MoTuSa for example is Monday Tuesday and Saturday\&. Note that repeated days are unset MoMo = no day, and MoWk = all weekdays bar Monday\&. The two character combinations accepted are Mo Tu We Th Fr Sa Su Wk Wd Al, the last two being week\-end days and all 7 days of the week respectively\&. As a final example, AlFr means all days except Friday\&.
- .PP
--Each day/time\-range can be prefixed with a \'!\' to indicate "anything but"\. The time\-range part is two 24\-hour times HHMM, separated by a hyphen, indicating the start and finish time (if the finish time is smaller than the start time it is deemed to apply on the following day)\.
-+Each day/time\-range can be prefixed with a \'!\' to indicate "anything but"\&. The time\-range part is two 24\-hour times HHMM, separated by a hyphen, indicating the start and finish time (if the finish time is smaller than the start time it is deemed to apply on the following day)\&.
- .PP
--For a rule to be active, ALL of service+ttys+users must be satisfied by the applying process\.
-+For a rule to be active, ALL of service+ttys+users must be satisfied by the applying process\&.
- .PP
--Note, currently there is no daemon enforcing the end of a session\. This needs to be remedied\.
-+Note, currently there is no daemon enforcing the end of a session\&. This needs to be remedied\&.
- .PP
- Poorly formatted rules are logged as errors using
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
+@@ -212,7 +64,7 @@
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
--\fI/etc/security/time\.conf\fR\.
-+\fI/etc/security/time\&.conf\fR\&.
+-\FC/etc/security/time\&.conf\F[]\&.
++/etc/security/time\&.conf\&.
.PP
All users except for
\fIroot\fR
-@@ -69,7 +69,7 @@
+@@ -221,24 +73,10 @@
+ .if n \{\
+ .RS 4
+ .\}
+-.fam C
+-.ps -1
+ .nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ login ; tty* & !ttyp* ; !root ; !Al0000\-2400
+
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .PP
--Games (configured to use PAM) are only to be accessed out of working hours\. This rule does not apply to the user
-+Games (configured to use PAM) are only to be accessed out of working hours\&. This rule does not apply to the user
- \fIwaster\fR:
- .sp
+ .\}
+@@ -249,17 +87,11 @@
+ .if n \{\
.RS 4
-@@ -85,7 +85,7 @@
+ .\}
+-.fam C
+-.ps -1
+ .nf
+-.BB lightgray
+
+ games ; * ; !waster ; Wd0000\-2400 | Wk1800\-0800
+
+-.EB lightgray
+ .fi
+-.fam
+-.ps +1
+ .if n \{\
+ .RE
+ .\}
+@@ -269,7 +101,7 @@
\fBpam_time\fR(8),
\fBpam.d\fR(5),
@@ -819,12 +1621,11 @@ Index: debian-pkg-pam/modules/pam_time/time.conf.5
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_time was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_time/time.conf.5.xml
+ pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_time/time.conf.5.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_time/time.conf.5.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_time/time.conf.5.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_time/time.conf.5.xml
++++ pam.deb/modules/pam_time/time.conf.5.xml
@@ -130,7 +130,7 @@
<para>
<citerefentry><refentrytitle>pam_time</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
@@ -834,157 +1635,232 @@ Index: debian-pkg-pam/modules/pam_time/time.conf.5.xml
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_access/pam_access.8
+Index: pam.deb/modules/pam_access/pam_access.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_access/pam_access.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_access/pam_access.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,103 +1,103 @@
+--- pam.deb.orig/modules/pam_access/pam_access.8
++++ pam.deb/modules/pam_access/pam_access.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_access
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHORS" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_ACCESS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ACCESS" "8" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_access - PAM module for logdaemon style login access control
-+pam_access \- PAM module for logdaemon style login access control
- .SH "SYNOPSIS"
- .HP 14
--\fBpam_access\.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR]
-+\fBpam_access\&.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR]
+-.TH "PAM_ACCESS" "8" "06/16/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_ACCESS" "8" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,19 +18,17 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_access \- PAM module for logdaemon style login access control
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_access\&.so\fR\ 'u
+ \fBpam_access\&.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_access PAM module is mainly for access management\. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\.
-+The pam_access PAM module is mainly for access management\&. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\&.
+ The pam_access PAM module is mainly for access management\&. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\&.
.PP
By default rules for access management are taken from config file
--\fI/etc/security/access\.conf\fR
--if you don\'t specify another file\.
-+\fI/etc/security/access\&.conf\fR
-+if you don\'t specify another file\&.
+-\FC/etc/security/access\&.conf\F[]
++/etc/security/access\&.conf
+ if you don\'t specify another file\&.
.PP
--If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\.
-+If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\&.
- .SH "OPTIONS"
- .PP
--\fBaccessfile=\fR\fB\fI/path/to/access\.conf\fR\fR
-+\fBaccessfile=\fR\fB\fI/path/to/access\&.conf\fR\fR
+ If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\&.
+@@ -187,7 +37,7 @@
+ \fBaccessfile=\fR\fB\fI/path/to/access\&.conf\fR\fR
.RS 4
Indicate an alternative
--\fIaccess\.conf\fR
--style configuration file to override the default\. This can be useful when different services need different access lists\.
-+\fIaccess\&.conf\fR
-+style configuration file to override the default\&. This can be useful when different services need different access lists\&.
+-\FCaccess\&.conf\F[]
++access\&.conf
+ style configuration file to override the default\&. This can be useful when different services need different access lists\&.
.RE
.PP
- \fBdebug\fR
- .RS 4
- A lot of debug informations are printed with
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
- .RE
- .PP
- \fBnoaudit\fR
- .RS 4
--Do not report logins from disallowed hosts and ttys to the audit subsystem\.
-+Do not report logins from disallowed hosts and ttys to the audit subsystem\&.
- .RE
- .PP
- \fBfieldsep=\fR\fB\fIseparators\fR\fR
- .RS 4
--This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\. For example:
-+This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\&. For example:
- \fBfieldsep=|\fR
--will cause the default `:\' character to be treated as part of a field value and `|\' becomes the field separator\. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the
-+will cause the default `:\' character to be treated as part of a field value and `|\' becomes the field separator\&. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the
- \fBPAM_TTY\fR
--item is likely to be of the form "hostname:0" which includes a `:\' character in its value\. But you should not need this\.
-+item is likely to be of the form "hostname:0" which includes a `:\' character in its value\&. But you should not need this\&.
- .RE
- .PP
- \fBlistsep=\fR\fB\fIseparators\fR\fR
- .RS 4
--This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\. For example:
-+This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\&. For example:
- \fBlistsep=,\fR
--will cause the default ` \' (space) and `\et\' (tab) characters to be treated as part of a list element value and `,\' becomes the only list element separator\. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\.
-+will cause the default ` \' (space) and `\et\' (tab) characters to be treated as part of a list element value and `,\' becomes the only list element separator\&. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\&.
- .RE
- .PP
- \fBnodefgroup\fR
- .RS 4
--The group database will not be used for tokens not identified as account name\.
-+The group database will not be used for tokens not identified as account name\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
--All services are supported\.
-+All services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
- .RS 4
--Access was granted\.
-+Access was granted\&.
- .RE
- .PP
- PAM_PERM_DENIED
- .RS 4
--Access was not granted\.
-+Access was not granted\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
-
- \fBpam_setcred\fR
--was called which does nothing\.
-+was called which does nothing\&.
- .RE
- .PP
- PAM_ABORT
- .RS 4
--Not all relevant data or options could be gotten\.
-+Not all relevant data or options could be gotten\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--The user is not known to the system\.
-+The user is not known to the system\&.
+@@ -259,7 +109,7 @@
.RE
.SH "FILES"
.PP
--\fI/etc/security/access\.conf\fR
-+\fI/etc/security/access\&.conf\fR
+-\FC/etc/security/access\&.conf\F[]
++/etc/security/access\&.conf
.RS 4
Default configuration file
.RE
-@@ -106,7 +106,7 @@
+@@ -268,7 +118,7 @@
\fBaccess.conf\fR(5),
- \fBpam.d\fR(8),
--\fBpam\fR(8)\.
+ \fBpam.d\fR(5),
+-\fBpam\fR(8)\&.
+\fBpam\fR(7)\&.
.SH "AUTHORS"
.PP
--The logdaemon style login access control scheme was designed and implemented by Wietse Venema\. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\.dnttm\.ru>\. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\.becher@lrz\-muenchen\.de>\.
-+The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&.
-Index: debian-pkg-pam/modules/pam_access/pam_access.8.xml
+ The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&.
+Index: pam.deb/modules/pam_access/pam_access.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_access/pam_access.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_access/pam_access.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -234,7 +234,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_access/pam_access.8.xml
++++ pam.deb/modules/pam_access/pam_access.8.xml
+@@ -237,7 +237,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -992,375 +1868,302 @@ Index: debian-pkg-pam/modules/pam_access/pam_access.8.xml
</citerefentry>.
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_cracklib/pam_cracklib.8
+Index: pam.deb/modules/pam_cracklib/pam_cracklib.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_cracklib/pam_cracklib.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_cracklib/pam_cracklib.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,33 +1,33 @@
+--- pam.deb.orig/modules/pam_cracklib/pam_cracklib.8
++++ pam.deb/modules/pam_cracklib/pam_cracklib.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_cracklib
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_CRACKLIB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_CRACKLIB" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_cracklib - PAM module to check the password against dictionary words
-+pam_cracklib \- PAM module to check the password against dictionary words
- .SH "SYNOPSIS"
- .HP 16
--\fBpam_cracklib\.so\fR [\fI\.\.\.\fR]
-+\fBpam_cracklib\&.so\fR [\fI\&.\&.\&.\fR]
+-.TH "PAM_CRACKLIB" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_CRACKLIB" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_cracklib \- PAM module to check the password against dictionary words
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_cracklib\&.so\fR\ 'u
+ \fBpam_cracklib\&.so\fR [\fI\&.\&.\&.\fR]
+-.fam
.SH "DESCRIPTION"
.PP
This module can be plugged into the
- \fIpassword\fR
--stack of a given application to provide some plug\-in strength\-checking for passwords\.
-+stack of a given application to provide some plug\-in strength\-checking for passwords\&.
- .PP
--The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\.
-+The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\&.
- .PP
--The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\.
-+The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\&. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\&.
- .PP
- The strength checks works in the following manner: at first the
- \fBCracklib\fR
--routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\. These checks are:
-+routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\&. These checks are:
- .PP
- Palindrome
- .RS 4
-@@ -43,15 +43,15 @@
- .RS 4
- Is the new password too much like the old one? This is primarily controlled by one argument,
- \fBdifok\fR
--which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller\.
-+which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller\&.
- .sp
- To avoid the lockup associated with trying to change a long and complicated password,
- \fBdifignore\fR
--is available\. This argument can be used to specify the minimum length a new password needs to be before the
-+is available\&. This argument can be used to specify the minimum length a new password needs to be before the
- \fBdifok\fR
--value is ignored\. The default value for
-+value is ignored\&. The default value for
- \fBdifignore\fR
--is 23\.
-+is 23\&.
- .RE
- .PP
- Simple
-@@ -61,7 +61,7 @@
- \fBdcredit\fR,
- \fBucredit\fR,
- \fBlcredit\fR, and
--\fBocredit\fR\. See the section on the arguments for the details of how these work and there defaults\.
-+\fBocredit\fR\&. See the section on the arguments for the details of how these work and there defaults\&.
- .RE
- .PP
- Rotated
-@@ -72,10 +72,10 @@
- Already used
- .RS 4
- Was the password used in the past? Previously used passwords are to be found in
--\fI/etc/security/opasswd\fR\.
-+\fI/etc/security/opasswd\fR\&.
- .RE
- .PP
--This module with no arguments will work well for standard unix password encryption\. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\.\.\. In addition, the default action is to allow passwords as small as 5 characters in length\. For a md5 systems it can be a good idea to increase the required minimum size of a password\. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\.
-+This module with no arguments will work well for standard unix password encryption\&. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\&. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\&. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\&.\&.\&. In addition, the default action is to allow passwords as small as 5 characters in length\&. For a md5 systems it can be a good idea to increase the required minimum size of a password\&. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\&.
- .SH "OPTIONS"
- .PP
- .PP
-@@ -83,21 +83,21 @@
- .RS 4
- This option makes the module write information to
- \fBsyslog\fR(3)
--indicating the behavior of the module (this option does not write password information to the log file)\.
-+indicating the behavior of the module (this option does not write password information to the log file)\&.
- .RE
- .PP
- \fBtype=\fR\fB\fIXXX\fR\fR
- .RS 4
--The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\. The default word
-+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The default word
- \fIUNIX\fR
--can be replaced with this option\.
-+can be replaced with this option\&.
- .RE
- .PP
- \fBretry=\fR\fB\fIN\fR\fR
- .RS 4
- Prompt user at most
- \fIN\fR
--times before returning with error\. The default is
-+times before returning with error\&. The default is
- \fI1\fR
- .RE
- .PP
-@@ -105,98 +105,98 @@
- .RS 4
- This argument will change the default of
- \fI5\fR
--for the number of characters in the new password that must not be present in the old password\. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway\.
-+for the number of characters in the new password that must not be present in the old password\&. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway\&.
- .RE
- .PP
- \fBdifignore=\fR\fB\fIN\fR\fR
- .RS 4
--How many characters should the password have before difok will be ignored\. The default is
--\fI23\fR\.
-+How many characters should the password have before difok will be ignored\&. The default is
-+\fI23\fR\&.
- .RE
- .PP
- \fBminlen=\fR\fB\fIN\fR\fR
- .RS 4
--The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR,
-+The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\&. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR,
- \fIupper\fR,
- \fIlower\fR
- and
--\fIdigit\fR)\. The default for this parameter is
-+\fIdigit\fR)\&. The default for this parameter is
- \fI9\fR
--which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\. Note that there is a pair of length limits in
-+which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\&. Note that there is a pair of length limits in
- \fICracklib\fR
- itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to
--\fBminlen\fR\. If you want to allow passwords as short as 5 characters you should not use this module\.
-+\fBminlen\fR\&. If you want to allow passwords as short as 5 characters you should not use this module\&.
- .RE
- .PP
- \fBdcredit=\fR\fB\fIN\fR\fR
- .RS 4
--(N >= 0) This is the maximum credit for having digits in the new password\. If you have less than or
-+(N >= 0) This is the maximum credit for having digits in the new password\&. If you have less than or
- \fIN\fR
- digits, each digit will count +1 towards meeting the current
- \fBminlen\fR
--value\. The default for
-+value\&. The default for
- \fBdcredit\fR
- is 1 which is the recommended value for
- \fBminlen\fR
--less than 10\.
-+less than 10\&.
- .sp
--(N < 0) This is the minimum number of digits that must be met for a new password\.
-+(N < 0) This is the minimum number of digits that must be met for a new password\&.
- .RE
- .PP
- \fBucredit=\fR\fB\fIN\fR\fR
- .RS 4
--(N >= 0) This is the maximum credit for having upper case letters in the new password\. If you have less than or
-+(N >= 0) This is the maximum credit for having upper case letters in the new password\&. If you have less than or
- \fIN\fR
- upper case letters each letter will count +1 towards meeting the current
- \fBminlen\fR
--value\. The default for
-+value\&. The default for
- \fBucredit\fR
- is
- \fI1\fR
- which is the recommended value for
- \fBminlen\fR
--less than 10\.
-+less than 10\&.
- .sp
--(N > 0) This is the minimum number of upper case letters that must be met for a new password\.
-+(N > 0) This is the minimum number of upper case letters that must be met for a new password\&.
- .RE
- .PP
- \fBlcredit=\fR\fB\fIN\fR\fR
- .RS 4
--(N >= 0) This is the maximum credit for having lower case letters in the new password\. If you have less than or
-+(N >= 0) This is the maximum credit for having lower case letters in the new password\&. If you have less than or
- \fIN\fR
- lower case letters, each letter will count +1 towards meeting the current
- \fBminlen\fR
--value\. The default for
-+value\&. The default for
- \fBlcredit\fR
- is 1 which is the recommended value for
- \fBminlen\fR
--less than 10\.
-+less than 10\&.
- .sp
--(N < 0) This is the minimum number of lower case letters that must be met for a new password\.
-+(N < 0) This is the minimum number of lower case letters that must be met for a new password\&.
- .RE
- .PP
- \fBocredit=\fR\fB\fIN\fR\fR
- .RS 4
--(N >= 0) This is the maximum credit for having other characters in the new password\. If you have less than or
-+(N >= 0) This is the maximum credit for having other characters in the new password\&. If you have less than or
- \fIN\fR
- other characters, each character will count +1 towards meeting the current
- \fBminlen\fR
--value\. The default for
-+value\&. The default for
- \fBocredit\fR
- is 1 which is the recommended value for
- \fBminlen\fR
--less than 10\.
-+less than 10\&.
- .sp
--(N < 0) This is the minimum number of other characters that must be met for a new password\.
-+(N < 0) This is the minimum number of other characters that must be met for a new password\&.
- .RE
- .PP
- \fBminclass=\fR\fB\fIN\fR\fR
- .RS 4
--The minimum number of required classes of characters for the new password\. The default number is zero\. The four classes are digits, upper and lower letters and other characters\. The difference to the
-+The minimum number of required classes of characters for the new password\&. The default number is zero\&. The four classes are digits, upper and lower letters and other characters\&. The difference to the
- \fBcredit\fR
--check is that a specific class if of characters is not required\. Instead
-+check is that a specific class if of characters is not required\&. Instead
- \fIN\fR
--out of four of the classes are required\.
-+out of four of the classes are required\&.
- .RE
- .PP
- \fBuse_authtok\fR
-@@ -205,41 +205,41 @@
- \fIforce\fR
- the module to not prompt the user for a new password but use the one provided by the previously stacked
- \fIpassword\fR
--module\.
-+module\&.
- .RE
- .PP
- \fBdictpath=\fR\fB\fI/path/to/dict\fR\fR
- .RS 4
--Path to the cracklib dictionaries\.
-+Path to the cracklib dictionaries\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only he
- \fBpassword\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_SUCCESS
- .RS 4
--The new password passes all checks\.
-+The new password passes all checks\&.
- .RE
- .PP
- PAM_AUTHTOK_ERR
- .RS 4
--No new password was entered, the username could not be determined or the new password fails the strength checks\.
-+No new password was entered, the username could not be determined or the new password fails the strength checks\&.
- .RE
- .PP
- PAM_AUTHTOK_RECOVERY_ERR
- .RS 4
--The old password was not supplied by a previous stacked module or got not requested from the user\. The first error can happen if
-+The old password was not supplied by a previous stacked module or got not requested from the user\&. The first error can happen if
- \fBuse_authtok\fR
--is specified\.
-+is specified\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--A internal error occured\.
-+A internal error occured\&.
- .RE
- .SH "EXAMPLES"
- .PP
-@@ -249,34 +249,34 @@
+@@ -421,15 +271,7 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
#
--# These lines stack two password type modules\. In this example the
--# user is given 3 opportunities to enter a strong password\. The
-+# These lines stack two password type modules\&. In this example the
-+# user is given 3 opportunities to enter a strong password\&. The
- # "use_authtok" argument ensures that the pam_unix module does not
- # prompt for a password, but instead uses the one provided by
--# pam_cracklib\.
-+# pam_cracklib\&.
- #
--passwd password required pam_cracklib\.so retry=3
--passwd password required pam_unix\.so use_authtok
-+passwd password required pam_cracklib\&.so retry=3
-+passwd password required pam_unix\&.so use_authtok
+ # These lines stack two password type modules\&. In this example the
+ # user is given 3 opportunities to enter a strong password\&. The
+@@ -440,33 +282,19 @@
+ passwd password required pam_cracklib\&.so retry=3
+ passwd password required pam_unix\&.so use_authtok
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
+ .\}
.PP
Another example (in the
--\fI/etc/pam\.d/passwd\fR
-+\fI/etc/pam\&.d/passwd\fR
+-\FC/etc/pam\&.d/passwd\F[]
++/etc/pam\&.d/passwd
format) is for the case that you want to use md5 password encryption:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--#%PAM\-1\.0
-+#%PAM\-1\&.0
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ #%PAM\-1\&.0
#
# These lines allow a md5 systems to support passwords of at least 14
- # bytes with extra credit of 2 for digits and 2 for others the new
- # password must have at least three bytes that are not present in the
- # old password
- #
--password required pam_cracklib\.so \e
-+password required pam_cracklib\&.so \e
+@@ -478,13 +306,7 @@
difok=3 minlen=15 dcredit= 2 ocredit=2
--password required pam_unix\.so use_authtok nullok md5
-+password required pam_unix\&.so use_authtok nullok md5
+ password required pam_unix\&.so use_authtok nullok md5
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -285,15 +285,15 @@
- .sp
+ .\}
+@@ -494,15 +316,7 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--#%PAM\-1\.0
-+#%PAM\-1\&.0
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ #%PAM\-1\&.0
#
# These lines require the user to select a password with a minimum
- # length of 8 and with at least 1 digit number, 1 upper case letter,
- # and 1 other character
- #
--password required pam_cracklib\.so \e
-+password required pam_cracklib\&.so \e
+@@ -513,13 +327,7 @@
dcredit=\-1 ucredit=\-1 ocredit=\-1 lcredit=0 minlen=8
--password required pam_unix\.so use_authtok nullok md5
-+password required pam_unix\&.so use_authtok nullok md5
+ password required pam_unix\&.so use_authtok nullok md5
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -303,7 +303,7 @@
+ .\}
+@@ -529,7 +337,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_cracklib was written by Cristian Gafton <gafton@redhat\.com>
-+pam_cracklib was written by Cristian Gafton <gafton@redhat\&.com>
-Index: debian-pkg-pam/modules/pam_cracklib/pam_cracklib.8.xml
+ pam_cracklib was written by Cristian Gafton <gafton@redhat\&.com>
+Index: pam.deb/modules/pam_cracklib/pam_cracklib.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_cracklib/pam_cracklib.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_cracklib/pam_cracklib.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -498,7 +498,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_cracklib/pam_cracklib.8.xml
++++ pam.deb/modules/pam_cracklib/pam_cracklib.8.xml
+@@ -532,7 +532,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -1368,157 +2171,237 @@ Index: debian-pkg-pam/modules/pam_cracklib/pam_cracklib.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_debug/pam_debug.8
+Index: pam.deb/modules/pam_debug/pam_debug.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_debug/pam_debug.8 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/modules/pam_debug/pam_debug.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,23 +1,23 @@
+--- pam.deb.orig/modules/pam_debug/pam_debug.8
++++ pam.deb/modules/pam_debug/pam_debug.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_debug
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_DEBUG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_DEBUG" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_debug - PAM module to debug the PAM stack
-+pam_debug \- PAM module to debug the PAM stack
- .SH "SYNOPSIS"
- .HP 13
--\fBpam_debug\.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR]
-+\fBpam_debug\&.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR]
+-.TH "PAM_DEBUG" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_DEBUG" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_debug \- PAM module to debug the PAM stack
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_debug\&.so\fR\ 'u
+ \fBpam_debug\&.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\. This module returns what its module arguments tell it to return\.
-+The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\&. This module returns what its module arguments tell it to return\&.
- .SH "OPTIONS"
- .PP
- \fBauth=\fR\fB\fIvalue\fR\fR
-@@ -25,7 +25,7 @@
- The
- \fBpam_sm_authenticate\fR(3)
- function will return
--\fIvalue\fR\.
-+\fIvalue\fR\&.
- .RE
- .PP
- \fBcred=\fR\fB\fIvalue\fR\fR
-@@ -33,7 +33,7 @@
- The
- \fBpam_sm_setcred\fR(3)
- function will return
--\fIvalue\fR\.
-+\fIvalue\fR\&.
- .RE
- .PP
- \fBacct=\fR\fB\fIvalue\fR\fR
-@@ -41,7 +41,7 @@
- The
- \fBpam_sm_acct_mgmt\fR(3)
- function will return
--\fIvalue\fR\.
-+\fIvalue\fR\&.
- .RE
- .PP
- \fBprechauthtok=\fR\fB\fIvalue\fR\fR
-@@ -52,7 +52,7 @@
- \fIvalue\fR
- if the
- \fIPAM_PRELIM_CHECK\fR
--flag is set\.
-+flag is set\&.
- .RE
- .PP
- \fBchauthtok=\fR\fB\fIvalue\fR\fR
-@@ -65,7 +65,7 @@
- \fIPAM_PRELIM_CHECK\fR
- flag is
- \fBnot\fR
--set\.
-+set\&.
- .RE
- .PP
- \fBopen_session=\fR\fB\fIvalue\fR\fR
-@@ -73,7 +73,7 @@
- The
- \fBpam_sm_open_session\fR(3)
- function will return
--\fIvalue\fR\.
-+\fIvalue\fR\&.
- .RE
- .PP
- \fBclose_session=\fR\fB\fIvalue\fR\fR
-@@ -81,12 +81,12 @@
- The
- \fBpam_sm_close_session\fR(3)
- function will return
--\fIvalue\fR\.
-+\fIvalue\fR\&.
- .RE
- .PP
- Where
- \fIvalue\fR
--can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\.
-+can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\&.
- .SH "MODULE SERVICES PROVIDED"
- .PP
- The services
-@@ -95,23 +95,23 @@
- \fBpassword\fR
- and
- \fBsession\fR
--are supported\.
-+are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
- .RS 4
--Default return code if no other value was specified, else specified return value\.
-+Default return code if no other value was specified, else specified return value\&.
- .RE
- .SH "EXAMPLES"
- .sp
+ The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\&. This module returns what its module arguments tell it to return\&.
+@@ -263,15 +113,7 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth requisite pam_permit\.so
--auth [success=2 default=ok] pam_debug\.so auth=perm_denied cred=success
--auth [default=reset] pam_debug\.so auth=success cred=perm_denied
--auth [success=done default=die] pam_debug\.so
--auth optional pam_debug\.so auth=perm_denied cred=perm_denied
--auth sufficient pam_debug\.so auth=success cred=success
-+auth requisite pam_permit\&.so
-+auth [success=2 default=ok] pam_debug\&.so auth=perm_denied cred=success
-+auth [default=reset] pam_debug\&.so auth=success cred=perm_denied
-+auth [success=done default=die] pam_debug\&.so
-+auth optional pam_debug\&.so auth=perm_denied cred=perm_denied
-+auth sufficient pam_debug\&.so auth=success cred=success
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth requisite pam_permit\&.so
+ auth [success=2 default=ok] pam_debug\&.so auth=perm_denied cred=success
+ auth [default=reset] pam_debug\&.so auth=success cred=perm_denied
+@@ -279,13 +121,7 @@
+ auth optional pam_debug\&.so auth=perm_denied cred=perm_denied
+ auth sufficient pam_debug\&.so auth=success cred=success
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -120,7 +120,7 @@
+ .\}
+@@ -294,7 +130,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_debug was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_debug was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_debug/pam_debug.8.xml
+ pam_debug was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_debug/pam_debug.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_debug/pam_debug.8.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/modules/pam_debug/pam_debug.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_debug/pam_debug.8.xml
++++ pam.deb/modules/pam_debug/pam_debug.8.xml
@@ -216,7 +216,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -1526,124 +2409,237 @@ Index: debian-pkg-pam/modules/pam_debug/pam_debug.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_deny/pam_deny.8
+Index: pam.deb/modules/pam_deny/pam_deny.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_deny/pam_deny.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_deny/pam_deny.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,73 +1,73 @@
+--- pam.deb.orig/modules/pam_deny/pam_deny.8
++++ pam.deb/modules/pam_deny/pam_deny.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_deny
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_DENY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_DENY" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_deny - The locking-out PAM module
-+pam_deny \- The locking-out PAM module
- .SH "SYNOPSIS"
- .HP 12
--\fBpam_deny\.so\fR
-+\fBpam_deny\&.so\fR
+-.TH "PAM_DENY" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_DENY" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_deny \- The locking\-out PAM module
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_deny\&.so\fR\ 'u
+ \fBpam_deny\&.so\fR
+-.fam
.SH "DESCRIPTION"
.PP
--This module can be used to deny access\. It always indicates a failure to the application through the PAM framework\. It might be suitable for using for default (the
--\fIOTHER\fR) entries\.
-+This module can be used to deny access\&. It always indicates a failure to the application through the PAM framework\&. It might be suitable for using for default (the
-+\fIOTHER\fR) entries\&.
- .SH "OPTIONS"
- .PP
--This module does not recognise any options\.
-+This module does not recognise any options\&.
- .SH "MODULE SERVICES PROVIDED"
- .PP
- All services (\fBaccount\fR,
- \fBauth\fR,
- \fBpassword\fR
- and
--\fBsession\fR) are supported\.
-+\fBsession\fR) are supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_AUTH_ERR
- .RS 4
--This is returned by the account and auth services\.
-+This is returned by the account and auth services\&.
- .RE
- .PP
- PAM_CRED_ERR
- .RS 4
--This is returned by the setcred function\.
-+This is returned by the setcred function\&.
- .RE
- .PP
- PAM_AUTHTOK_ERR
- .RS 4
--This is returned by the password service\.
-+This is returned by the password service\&.
- .RE
- .PP
- PAM_SESSION_ERR
- .RS 4
--This is returned by the session service\.
-+This is returned by the session service\&.
- .RE
- .SH "EXAMPLES"
- .sp
+ This module can be used to deny access\&. It always indicates a failure to the application through the PAM framework\&. It might be suitable for using for default (the
+@@ -214,15 +64,7 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--#%PAM\-1\.0
-+#%PAM\-1\&.0
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ #%PAM\-1\&.0
#
# If we don\'t have config entries for a service, the
--# OTHER entries are used\. To be secure, warn and deny
--# access to everything\.
--other auth required pam_warn\.so
--other auth required pam_deny\.so
--other account required pam_warn\.so
--other account required pam_deny\.so
--other password required pam_warn\.so
--other password required pam_deny\.so
--other session required pam_warn\.so
--other session required pam_deny\.so
-+# OTHER entries are used\&. To be secure, warn and deny
-+# access to everything\&.
-+other auth required pam_warn\&.so
-+other auth required pam_deny\&.so
-+other account required pam_warn\&.so
-+other account required pam_deny\&.so
-+other password required pam_warn\&.so
-+other password required pam_deny\&.so
-+other session required pam_warn\&.so
-+other session required pam_deny\&.so
+@@ -237,13 +79,7 @@
+ other session required pam_warn\&.so
+ other session required pam_deny\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -76,7 +76,7 @@
+ .\}
+@@ -252,7 +88,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_deny was written by Andrew G\. Morgan <morgan@kernel\.org>
-+pam_deny was written by Andrew G\&. Morgan <morgan@kernel\&.org>
-Index: debian-pkg-pam/modules/pam_deny/pam_deny.8.xml
+ pam_deny was written by Andrew G\&. Morgan <morgan@kernel\&.org>
+Index: pam.deb/modules/pam_deny/pam_deny.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_deny/pam_deny.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_deny/pam_deny.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_deny/pam_deny.8.xml
++++ pam.deb/modules/pam_deny/pam_deny.8.xml
@@ -120,7 +120,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -1651,145 +2647,242 @@ Index: debian-pkg-pam/modules/pam_deny/pam_deny.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_echo/pam_echo.8
+Index: pam.deb/modules/pam_echo/pam_echo.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_echo/pam_echo.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_echo/pam_echo.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,89 +1,89 @@
+--- pam.deb.orig/modules/pam_echo/pam_echo.8
++++ pam.deb/modules/pam_echo/pam_echo.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_echo
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_ECHO" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ECHO" "8" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_echo - PAM module for printing text messages
-+pam_echo \- PAM module for printing text messages
- .SH "SYNOPSIS"
- .HP 12
--\fBpam_echo\.so\fR [file=\fI/path/message\fR]
-+\fBpam_echo\&.so\fR [file=\fI/path/message\fR]
+-.TH "PAM_ECHO" "8" "06/16/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_ECHO" "8" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_echo \- PAM module for printing text messages
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_echo\&.so\fR\ 'u
+ \fBpam_echo\&.so\fR [file=\fI/path/message\fR]
+-.fam
.SH "DESCRIPTION"
.PP
The
- \fIpam_echo\fR
--PAM module is for printing text messages to inform user about special things\. Sequences starting with the
-+PAM module is for printing text messages to inform user about special things\&. Sequences starting with the
- \fI%\fR
- character are interpreted in the following way:
- .PP
- \fI%H\fR
- .RS 4
--The name of the remote host (PAM_RHOST)\.
-+The name of the remote host (PAM_RHOST)\&.
- .RE
- .PP
- \fB%h\fR
- .RS 4
--The name of the local host\.
-+The name of the local host\&.
- .RE
- .PP
- \fI%s\fR
- .RS 4
--The service name (PAM_SERVICE)\.
-+The service name (PAM_SERVICE)\&.
- .RE
- .PP
- \fI%t\fR
- .RS 4
--The name of the controlling terminal (PAM_TTY)\.
-+The name of the controlling terminal (PAM_TTY)\&.
- .RE
- .PP
- \fI%U\fR
- .RS 4
--The remote user name (PAM_RUSER)\.
-+The remote user name (PAM_RUSER)\&.
- .RE
- .PP
- \fI%u\fR
- .RS 4
--The local user name (PAM_USER)\.
-+The local user name (PAM_USER)\&.
- .RE
- .PP
- All other sequences beginning with
- \fI%\fR
- expands to the characters following the
- \fI%\fR
--character\.
-+character\&.
- .SH "OPTIONS"
- .PP
+@@ -221,7 +71,7 @@
\fBfile=\fR\fB\fI/path/message\fR\fR
.RS 4
The content of the file
- \fI/path/message\fR
--will be printed with the PAM conversion function as PAM_TEXT_INFO\.
-+will be printed with the PAM conversion function as PAM_TEXT_INFO\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
--All services are supported\.
-+All services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
+-\FC/path/message\F[]
++/path/message
+ will be printed with the PAM conversion function as PAM_TEXT_INFO\&.
.RE
- .PP
- PAM_SUCCESS
- .RS 4
--Message was successful printed\.
-+Message was successful printed\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
--PAM_SILENT flag was given or message file does not exist, no message printed\.
-+PAM_SILENT flag was given or message file does not exist, no message printed\&.
- .RE
- .SH "EXAMPLES"
- .PP
-@@ -91,8 +91,8 @@
- .sp
+ .SH "MODULE TYPES PROVIDED"
+@@ -254,25 +104,11 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--password optional pam_echo\.so file=/usr/share/doc/good\-password\.txt
--password required pam_unix\.so
-+password optional pam_echo\&.so file=/usr/share/doc/good\-password\&.txt
-+password required pam_unix\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ password optional pam_echo\&.so file=/usr/share/doc/good\-password\&.txt
+ password required pam_unix\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -102,7 +102,7 @@
+ .\}
+@@ -282,7 +118,7 @@
\fBpam.conf\fR(8),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--Thorsten Kukuk <kukuk@thkukuk\.de>
-+Thorsten Kukuk <kukuk@thkukuk\&.de>
-Index: debian-pkg-pam/modules/pam_echo/pam_echo.8.xml
+ Thorsten Kukuk <kukuk@thkukuk\&.de>
+Index: pam.deb/modules/pam_echo/pam_echo.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_echo/pam_echo.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_echo/pam_echo.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -157,7 +157,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_echo/pam_echo.8.xml
++++ pam.deb/modules/pam_echo/pam_echo.8.xml
+@@ -159,7 +159,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -1797,145 +2890,270 @@ Index: debian-pkg-pam/modules/pam_echo/pam_echo.8.xml
</citerefentry></para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_env/pam_env.8
+Index: pam.deb/modules/pam_env/pam_env.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_env/pam_env.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_env/pam_env.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,63 +1,63 @@
+--- pam.deb.orig/modules/pam_env/pam_env.8
++++ pam.deb/modules/pam_env/pam_env.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_env
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_ENV" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ENV" "8" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_env - PAM module to set/unset environment variables
-+pam_env \- PAM module to set/unset environment variables
- .SH "SYNOPSIS"
- .HP 11
--\fBpam_env\.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR]
-+\fBpam_env\&.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR]
+-.TH "PAM_ENV" "8" "06/16/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_ENV" "8" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_env \- PAM module to set/unset environment variables
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_env\&.so\fR\ 'u
+ \fBpam_env\&.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR] [user_envfile=\fIenv\-file\fR] [user_readenv=\fI0|1\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_env PAM module allows the (un)setting of environment variables\. Supported is the use of previously set environment variables as well as
-+The pam_env PAM module allows the (un)setting of environment variables\&. Supported is the use of previously set environment variables as well as
- \fIPAM_ITEM\fRs such as
--\fIPAM_RHOST\fR\.
-+\fIPAM_RHOST\fR\&.
+ The pam_env PAM module allows the (un)setting of environment variables\&. Supported is the use of previously set environment variables as well as
+@@ -180,12 +30,12 @@
+ \fIPAM_RHOST\fR\&.
.PP
By default rules for (un)setting of variables is taken from the config file
--\fI/etc/security/pam_env\.conf\fR
--if no other file is specified\.
-+\fI/etc/security/pam_env\&.conf\fR
-+if no other file is specified\&.
+-\FC/etc/security/pam_env\&.conf\F[]
++/etc/security/pam_env\&.conf
+ if no other file is specified\&.
.PP
This module can also parse a file with simple
\fIKEY=VAL\fR
- pairs on seperate lines (\fI/etc/environment\fR
--by default)\. You can change the default file to parse, with the
-+by default)\&. You can change the default file to parse, with the
+-pairs on separate lines (\FC/etc/environment\F[]
++pairs on separate lines (/etc/environment
+ by default)\&. You can change the default file to parse, with the
\fIenvfile\fR
flag and turn it on or off by setting the
- \fIreadenv\fR
--flag to 1 or 0 respectively\.
-+flag to 1 or 0 respectively\&.
- .SH "OPTIONS"
- .PP
--\fBconffile=\fR\fB\fI/path/to/pam_env\.conf\fR\fR
-+\fBconffile=\fR\fB\fI/path/to/pam_env\&.conf\fR\fR
+@@ -196,7 +46,7 @@
+ \fBconffile=\fR\fB\fI/path/to/pam_env\&.conf\fR\fR
.RS 4
Indicate an alternative
--\fIpam_env\.conf\fR
--style configuration file to override the default\. This can be useful when different services need different environments\.
-+\fIpam_env\&.conf\fR
-+style configuration file to override the default\&. This can be useful when different services need different environments\&.
- .RE
- .PP
- \fBdebug\fR
- .RS 4
- A lot of debug informations are printed with
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
+-\FCpam_env\&.conf\F[]
++pam_env\&.conf
+ style configuration file to override the default\&. This can be useful when different services need different environments\&.
.RE
.PP
+@@ -209,7 +59,7 @@
\fBenvfile=\fR\fB\fI/path/to/environment\fR\fR
.RS 4
Indicate an alternative
- \fIenvironment\fR
--file to override the default\. This can be useful when different services need different environments\.
-+file to override the default\&. This can be useful when different services need different environments\&.
+-\FCenvironment\F[]
++environment
+ file to override the default\&. This can be useful when different services need different environments\&.
.RE
.PP
- \fBreadenv=\fR\fB\fI0|1\fR\fR
- .RS 4
--Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\. By default this option is on\.
-+Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\&. By default this option is on\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -65,31 +65,31 @@
- \fBauth\fR
- and
- \fBsession\fR
--services are supported\.
-+services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_ABORT
+@@ -221,7 +71,7 @@
+ \fBuser_envfile=\fR\fB\fIfilename\fR\fR
.RS 4
--Not all relevant data or options could be gotten\.
-+Not all relevant data or options could be gotten\&.
+ Indicate an alternative
+-\FC\&.pam_environment\F[]
++\&.pam_environment
+ file to override the default\&. This can be useful when different services need different environments\&. The filename is relative to the user home directory\&.
.RE
.PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
+@@ -259,17 +109,17 @@
.RE
+ .SH "FILES"
.PP
- PAM_IGNORE
+-\FC/etc/security/pam_env\&.conf\F[]
++/etc/security/pam_env\&.conf
.RS 4
--No pam_env\.conf and environment file was found\.
-+No pam_env\&.conf and environment file was found\&.
+ Default configuration file
.RE
.PP
- PAM_SUCCESS
+-\FC/etc/environment\F[]
++/etc/environment
.RS 4
--Environment variables were set\.
-+Environment variables were set\&.
+ Default environment file
.RE
- .SH "FILES"
.PP
--\fI/etc/security/pam_env\.conf\fR
-+\fI/etc/security/pam_env\&.conf\fR
+-\FC$HOME/\&.pam_environment\F[]
++$HOME/\&.pam_environment
.RS 4
- Default configuration file
+ User specific environment file
.RE
-@@ -103,7 +103,7 @@
+@@ -278,7 +128,7 @@
\fBpam_env.conf\fR(5),
- \fBpam.d\fR(8),
--\fBpam\fR(8)\.
+ \fBpam.d\fR(5),
+-\fBpam\fR(8)\&.
+\fBpam\fR(7)\&.
.SH "AUTHOR"
.PP
--pam_env was written by Dave Kinchlea <kinch@kinch\.ark\.com>\.
-+pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&.
-Index: debian-pkg-pam/modules/pam_env/pam_env.8.xml
+ pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&.
+Index: pam.deb/modules/pam_env/pam_env.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_env/pam_env.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_env/pam_env.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -192,7 +192,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_env/pam_env.8.xml
++++ pam.deb/modules/pam_env/pam_env.8.xml
+@@ -231,7 +231,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -1943,142 +3161,264 @@ Index: debian-pkg-pam/modules/pam_env/pam_env.8.xml
</citerefentry>.
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_exec/pam_exec.8
+Index: pam.deb/modules/pam_exec/pam_exec.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_exec/pam_exec.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_exec/pam_exec.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,23 +1,23 @@
+--- pam.deb.orig/modules/pam_exec/pam_exec.8
++++ pam.deb/modules/pam_exec/pam_exec.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_exec
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_EXEC" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_EXEC" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_exec - PAM module which calls an external command
-+pam_exec \- PAM module which calls an external command
- .SH "SYNOPSIS"
- .HP 12
--\fBpam_exec\.so\fR [debug] [seteuid] [quiet] [log=\fIfile\fR] \fIcommand\fR [\fI\.\.\.\fR]
-+\fBpam_exec\&.so\fR [debug] [seteuid] [quiet] [log=\fIfile\fR] \fIcommand\fR [\fI\&.\&.\&.\fR]
+-.TH "PAM_EXEC" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_EXEC" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_exec \- PAM module which calls an external command
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_exec\&.so\fR\ 'u
+ \fBpam_exec\&.so\fR [debug] [expose_authtok] [seteuid] [quiet] [log=\fIfile\fR] \fIcommand\fR [\fI\&.\&.\&.\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_exec is a PAM module that can be used to run an external command\.
-+pam_exec is a PAM module that can be used to run an external command\&.
- .PP
- The child\'s environment is set to the current PAM environment list, as returned by
- \fBpam_getenvlist\fR(3)
-@@ -26,13 +26,13 @@
- \fIPAM_RUSER\fR,
- \fIPAM_SERVICE\fR,
- \fIPAM_TTY\fR, and
--\fIPAM_USER\fR\.
-+\fIPAM_USER\fR\&.
- .SH "OPTIONS"
- .PP
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
+ pam_exec is a PAM module that can be used to run an external command\&.
+@@ -210,7 +60,7 @@
\fBlog=\fR\fB\fIfile\fR\fR
-@@ -43,12 +43,12 @@
- .PP
- \fBquiet\fR
.RS 4
--Per default pam_exec\.so will echo the exit status of the external command if it fails\. Specifying this option will suppress the message\.
-+Per default pam_exec\&.so will echo the exit status of the external command if it fails\&. Specifying this option will suppress the message\&.
+ The output of the command is appended to
+-\FCfile\F[]
++file
.RE
.PP
- \fBseteuid\fR
- .RS 4
--Per default pam_exec\.so will execute the external command with the real user ID of the calling process\. Specifying this option means the command is run with the effective user ID\.
-+Per default pam_exec\&.so will execute the external command with the real user ID of the calling process\&. Specifying this option means the command is run with the effective user ID\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -58,40 +58,40 @@
- \fBpassword\fR
- and
- \fBsession\fR
--are supported\.
-+are supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_SUCCESS
- .RS 4
--The external command runs successfull\.
-+The external command runs successfull\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--No argument or a wrong number of arguments were given\.
-+No argument or a wrong number of arguments were given\&.
- .RE
- .PP
- PAM_SYSTEM_ERR
- .RS 4
--A system error occured or the command to execute failed\.
-+A system error occured or the command to execute failed\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
-
- \fBpam_setcred\fR
--was called, which does not execute the command\.
-+was called, which does not execute the command\&.
- .RE
+ \fBquiet\fR
+@@ -256,30 +106,16 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/passwd\fR
-+\fI/etc/pam\&.d/passwd\fR
+-\FC/etc/pam\&.d/passwd\F[]
++/etc/pam\&.d/passwd
to rebuild the NIS database after each local password change:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-- passwd optional pam_exec\.so seteuid make \-C /var/yp
-+ passwd optional pam_exec\&.so seteuid make \-C /var/yp
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ passwd optional pam_exec\&.so seteuid make \-C /var/yp
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -104,13 +104,13 @@
+ .\}
+@@ -289,15 +125,9 @@
+ .if n \{\
+ .RS 4
+ .\}
+-.fam C
+-.ps -1
+ .nf
+-.BB lightgray
+ make \-C /var/yp
+-.EB lightgray
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .sp
--with effective user ID\.
-+with effective user ID\&.
- .SH "SEE ALSO"
- .PP
+ .\}
+@@ -308,7 +138,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\.de>\.
-+pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&.
-Index: debian-pkg-pam/modules/pam_exec/pam_exec.8.xml
+ pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&.
+Index: pam.deb/modules/pam_exec/pam_exec.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_exec/pam_exec.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_exec/pam_exec.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -202,7 +202,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_exec/pam_exec.8.xml
++++ pam.deb/modules/pam_exec/pam_exec.8.xml
+@@ -223,7 +223,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -2086,102 +3426,241 @@ Index: debian-pkg-pam/modules/pam_exec/pam_exec.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_faildelay/pam_faildelay.8
+Index: pam.deb/modules/pam_faildelay/pam_faildelay.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_faildelay/pam_faildelay.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_faildelay/pam_faildelay.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,54 +1,54 @@
+--- pam.deb.orig/modules/pam_faildelay/pam_faildelay.8
++++ pam.deb/modules/pam_faildelay/pam_faildelay.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_faildelay
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_FAILDELAY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_FAILDELAY" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_faildelay - Change the delay on failure per-application
-+pam_faildelay \- Change the delay on failure per-application
- .SH "SYNOPSIS"
- .HP 17
--\fBpam_faildelay\.so\fR [debug] [delay=\fImicroseconds\fR]
-+\fBpam_faildelay\&.so\fR [debug] [delay=\fImicroseconds\fR]
+-.TH "PAM_FAILDELAY" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_FAILDELAY" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_faildelay \- Change the delay on failure per\-application
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_faildelay\&.so\fR\ 'u
+ \fBpam_faildelay\&.so\fR [debug] [delay=\fImicroseconds\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\.
-+pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\&.
- .PP
+ pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\&.
+@@ -180,7 +30,7 @@
If no
\fBdelay\fR
is given, pam_faildelay will use the value of FAIL_DELAY from
--\fI/etc/login\.defs\fR\.
-+\fI/etc/login\&.defs\fR\&.
+-\FC/etc/login\&.defs\F[]\&.
++/etc/login\&.defs\&.
.SH "OPTIONS"
.PP
\fBdebug\fR
+@@ -215,24 +65,10 @@
+ .if n \{\
.RS 4
--Turns on debugging messages sent to syslog\.
-+Turns on debugging messages sent to syslog\&.
- .RE
- .PP
- \fBdelay=\fR\fB\fIN\fR\fR
- .RS 4
--Set the delay on failure to N microseconds\.
-+Set the delay on failure to N microseconds\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBauth\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_IGNORE
- .RS 4
--Delay was successful adjusted\.
-+Delay was successful adjusted\&.
- .RE
- .PP
- PAM_SYSTEM_ERR
- .RS 4
--The specified delay was not valid\.
-+The specified delay was not valid\&.
- .RE
- .SH "EXAMPLES"
- .PP
-@@ -56,7 +56,7 @@
- .sp
- .RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth optional pam_faildelay\.so delay=10000000
-+auth optional pam_faildelay\&.so delay=10000000
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth optional pam_faildelay\&.so delay=10000000
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -67,7 +67,7 @@
+ .\}
+@@ -243,7 +79,7 @@
\fBpam_fail_delay\fR(3),
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_faildelay was written by Darren Tucker <dtucker@zip\.com\.au>\.
-+pam_faildelay was written by Darren Tucker <dtucker@zip\&.com\&.au>\&.
-Index: debian-pkg-pam/modules/pam_faildelay/pam_faildelay.8.xml
+ pam_faildelay was written by Darren Tucker <dtucker@zip\&.com\&.au>\&.
+Index: pam.deb/modules/pam_faildelay/pam_faildelay.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_faildelay/pam_faildelay.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_faildelay/pam_faildelay.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_faildelay/pam_faildelay.8.xml
++++ pam.deb/modules/pam_faildelay/pam_faildelay.8.xml
@@ -121,7 +121,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -2189,191 +3668,239 @@ Index: debian-pkg-pam/modules/pam_faildelay/pam_faildelay.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_filter/pam_filter.8
+Index: pam.deb/modules/pam_filter/pam_filter.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_filter/pam_filter.8 2009-04-17 12:44:12.000000000 -0700
-+++ debian-pkg-pam/modules/pam_filter/pam_filter.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,73 +1,73 @@
+--- pam.deb.orig/modules/pam_filter/pam_filter.8
++++ pam.deb/modules/pam_filter/pam_filter.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_filter
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_FILTER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_FILTER" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_filter - PAM filter module
-+pam_filter \- PAM filter module
- .SH "SYNOPSIS"
- .HP 14
--\fBpam_filter\.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\.\.\.\fR]
-+\fBpam_filter\&.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\&.\&.\&.\fR]
+-.TH "PAM_FILTER" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_FILTER" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_filter \- PAM filter module
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_filter\&.so\fR\ 'u
+ \fBpam_filter\&.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\&.\&.\&.\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\. It is only suitable for tty\-based and (stdin/stdout) applications\.
-+This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\&. It is only suitable for tty\-based and (stdin/stdout) applications\&.
- .PP
- To function this module requires
- \fIfilters\fR
--to be installed on the system\. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\. (This can be very annoying and is not kind to termcap based editors)\.
-+to be installed on the system\&. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\&. (This can be very annoying and is not kind to termcap based editors)\&.
- .PP
--Each component of the module has the potential to invoke the desired filter\. The filter is always
-+Each component of the module has the potential to invoke the desired filter\&. The filter is always
- \fBexecv\fR(2)
- with the privilege of the calling application and
- \fInot\fR
--that of the user\. For this reason it cannot usually be killed by the user without closing their session\.
-+that of the user\&. For this reason it cannot usually be killed by the user without closing their session\&.
- .SH "OPTIONS"
- .PP
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
- \fBnew_term\fR
- .RS 4
- The default action of the filter is to set the
- \fIPAM_TTY\fR
--item to indicate the terminal that the user is using to connect to the application\. This argument indicates that the filter should set
-+item to indicate the terminal that the user is using to connect to the application\&. This argument indicates that the filter should set
- \fIPAM_TTY\fR
--to the filtered pseudo\-terminal\.
-+to the filtered pseudo\-terminal\&.
- .RE
- .PP
- \fBnon_term\fR
- .RS 4
- don\'t try to set the
- \fIPAM_TTY\fR
--item\.
-+item\&.
- .RE
- .PP
- \fBrunX\fR
- .RS 4
--In order that the module can invoke a filter it should know when to invoke it\. This argument is required to tell the filter when to do this\.
-+In order that the module can invoke a filter it should know when to invoke it\&. This argument is required to tell the filter when to do this\&.
- .sp
- Permitted values for
- \fIX\fR
- are
- \fI1\fR
- and
--\fI2\fR\. These indicate the precise time that the filter is to be run\. To understand this concept it will be useful to have read the
-+\fI2\fR\&. These indicate the precise time that the filter is to be run\&. To understand this concept it will be useful to have read the
- \fBpam\fR(3)
--manual page\. Basically, for each management group there are up to two ways of calling the module\'s functions\. In the case of the
-+manual page\&. Basically, for each management group there are up to two ways of calling the module\'s functions\&. In the case of the
- \fIauthentication\fR
- and
- \fIsession\fR
--components there are actually two separate functions\. For the case of authentication, these functions are
-+components there are actually two separate functions\&. For the case of authentication, these functions are
- \fBpam_authenticate\fR(3)
- and
- \fBpam_setcred\fR(3), here
-@@ -77,20 +77,20 @@
- function and
- \fBrun2\fR
- means run the filter from
--\fBpam_setcred\fR\. In the case of the session modules,
-+\fBpam_setcred\fR\&. In the case of the session modules,
- \fIrun1\fR
- implies that the filter is invoked at the
- \fBpam_open_session\fR(3)
- stage, and
- \fIrun2\fR
- for
--\fBpam_close_session\fR(3)\.
-+\fBpam_close_session\fR(3)\&.
- .sp
--For the case of the account component\. Either
-+For the case of the account component\&. Either
- \fIrun1\fR
- or
- \fIrun2\fR
--may be used\.
-+may be used\&.
- .sp
- For the case of the password component,
- \fIrun1\fR
-@@ -102,12 +102,12 @@
- \fIrun2\fR
- is used to indicate that the filter is run on the second occasion (the
- \fIPAM_UPDATE_AUTHTOK\fR
--phase)\.
-+phase)\&.
- .RE
- .PP
- \fBfilter\fR
- .RS 4
--The full pathname of the filter to be run and any command line arguments that the filter might expect\.
-+The full pathname of the filter to be run and any command line arguments that the filter might expect\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -117,28 +117,28 @@
- \fBpassword\fR
- and
- \fBsession\fR
--are supported\.
-+are supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_SUCCESS
- .RS 4
--The new filter was set successfull\.
-+The new filter was set successfull\&.
- .RE
- .PP
- PAM_ABORT
- .RS 4
--Critical error, immediate abort\.
-+Critical error, immediate abort\&.
- .RE
+ This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\&. It is only suitable for tty\-based and (stdin/stdout) applications\&.
+@@ -289,30 +139,16 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
to see how to configure login to transpose upper and lower case letters once the user has logged in:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-- session required pam_filter\.so run1 /lib/security/pam_filter/upperLOWER
-+ session required pam_filter\&.so run1 /lib/security/pam_filter/upperLOWER
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ session required pam_filter\&.so run1 /lib/security/pam_filter/upperLOWER
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -148,7 +148,7 @@
+ .\}
+@@ -322,7 +158,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_filter was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_filter was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_filter/pam_filter.8.xml
+ pam_filter was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_filter/pam_filter.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_filter/pam_filter.8.xml 2009-04-17 12:44:12.000000000 -0700
-+++ debian-pkg-pam/modules/pam_filter/pam_filter.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_filter/pam_filter.8.xml
++++ pam.deb/modules/pam_filter/pam_filter.8.xml
@@ -246,7 +246,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -2381,144 +3908,244 @@ Index: debian-pkg-pam/modules/pam_filter/pam_filter.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_ftp/pam_ftp.8
+Index: pam.deb/modules/pam_ftp/pam_ftp.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_ftp/pam_ftp.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_ftp/pam_ftp.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,25 +1,25 @@
+--- pam.deb.orig/modules/pam_ftp/pam_ftp.8
++++ pam.deb/modules/pam_ftp/pam_ftp.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_ftp
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_FTP" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_FTP" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_ftp - PAM module for anonymous access module
-+pam_ftp \- PAM module for anonymous access module
- .SH "SYNOPSIS"
- .HP 11
--\fBpam_ftp\.so\fR [debug] [ignore] [users=\fIXXX,YYY,\fR...]
-+\fBpam_ftp\&.so\fR [debug] [ignore] [users=\fIXXX,YYY,\fR...]
+-.TH "PAM_FTP" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_FTP" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_ftp \- PAM module for anonymous access module
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_ftp\&.so\fR\ 'u
+ \fBpam_ftp\&.so\fR [debug] [ignore] [users=\fIXXX,YYY,\fR...]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access\.
-+pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access\&.
- .PP
--This module intercepts the user\'s name and password\. If the name is
-+This module intercepts the user\'s name and password\&. If the name is
- \fIftp\fR
- or
- \fIanonymous\fR, the user\'s password is broken up at the
-@@ -28,67 +28,67 @@
- \fIPAM_RUSER\fR
- and a
- \fIPAM_RHOST\fR
--part; these pam\-items being set accordingly\. The username (\fIPAM_USER\fR) is set to
--\fIftp\fR\. In this case the module succeeds\. Alternatively, the module sets the
-+part; these pam\-items being set accordingly\&. The username (\fIPAM_USER\fR) is set to
-+\fIftp\fR\&. In this case the module succeeds\&. Alternatively, the module sets the
- \fIPAM_AUTHTOK\fR
--item with the entered password and fails\.
-+item with the entered password and fails\&.
- .PP
--This module is not safe and easily spoofable\.
-+This module is not safe and easily spoofable\&.
- .SH "OPTIONS"
- .PP
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
- \fBignore\fR
- .RS 4
--Pay no attention to the email address of the user (if supplied)\.
-+Pay no attention to the email address of the user (if supplied)\&.
- .RE
- .PP
--\fBftp=\fR\fB\fIXXX,YYY,\.\.\.\fR\fR
-+\fBftp=\fR\fB\fIXXX,YYY,\&.\&.\&.\fR\fR
- .RS 4
- Instead of
- \fIftp\fR
- or
- \fIanonymous\fR, provide anonymous login to the comma separated list of users:
--\fB\fIXXX,YYY,\.\.\.\fR\fR\. Should the applicant enter one of these usernames the returned username is set to the first in the list:
--\fIXXX\fR\.
-+\fB\fIXXX,YYY,\&.\&.\&.\fR\fR\&. Should the applicant enter one of these usernames the returned username is set to the first in the list:
-+\fIXXX\fR\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBauth\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_SUCCESS
- .RS 4
--The authentication was successfull\.
-+The authentication was successfull\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
+ pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access\&.
+@@ -234,21 +84,13 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/ftpd\fR
-+\fI/etc/pam\&.d/ftpd\fR
+-\FC/etc/pam\&.d/ftpd\F[]
++/etc/pam\&.d/ftpd
to handle ftp style anonymous login:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
#
--# ftpd; add ftp\-specifics\. These lines enable anonymous ftp over
-+# ftpd; add ftp\-specifics\&. These lines enable anonymous ftp over
+ # ftpd; add ftp\-specifics\&. These lines enable anonymous ftp over
# standard UN*X access (the listfile entry blocks access to
- # users listed in /etc/ftpusers)
- #
--auth sufficient pam_ftp\.so
--auth required pam_unix\.so use_first_pass
--auth required pam_listfile\.so \e
-+auth sufficient pam_ftp\&.so
-+auth required pam_unix\&.so use_first_pass
-+auth required pam_listfile\&.so \e
+@@ -259,13 +101,7 @@
+ auth required pam_listfile\&.so \e
onerr=succeed item=user sense=deny file=/etc/ftpusers
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
-@@ -99,7 +99,7 @@
+-.fam
+-.ps +1
+ .if n \{\
+ .RE
+ .\}
+@@ -275,7 +111,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_ftp was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_ftp was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_ftp/pam_ftp.8.xml
+ pam_ftp was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_ftp/pam_ftp.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_ftp/pam_ftp.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_ftp/pam_ftp.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_ftp/pam_ftp.8.xml
++++ pam.deb/modules/pam_ftp/pam_ftp.8.xml
@@ -168,7 +168,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -2526,134 +4153,237 @@ Index: debian-pkg-pam/modules/pam_ftp/pam_ftp.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_group/pam_group.8
+Index: pam.deb/modules/pam_group/pam_group.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_group/pam_group.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_group/pam_group.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,85 +1,85 @@
+--- pam.deb.orig/modules/pam_group/pam_group.8
++++ pam.deb/modules/pam_group/pam_group.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_group
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHORS" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_GROUP" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_GROUP" "8" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_group - PAM module for group access
-+pam_group \- PAM module for group access
- .SH "SYNOPSIS"
- .HP 13
--\fBpam_group\.so\fR
-+\fBpam_group\&.so\fR
+-.TH "PAM_GROUP" "8" "06/16/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_GROUP" "8" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,19 +18,17 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_group \- PAM module for group access
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_group\&.so\fR\ 'u
+ \fBpam_group\&.so\fR
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\. Such memberships are based on the service they are applying for\.
-+The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\&. Such memberships are based on the service they are applying for\&.
+ The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\&. Such memberships are based on the service they are applying for\&.
.PP
By default rules for group memberships are taken from config file
--\fI/etc/security/group\.conf\fR\.
-+\fI/etc/security/group\&.conf\fR\&.
+-\FC/etc/security/group\&.conf\F[]\&.
++/etc/security/group\&.conf\&.
.PP
--This module\'s usefulness relies on the file\-systems accessible to the user\. The point being that once granted the membership of a group, the user may attempt to create a
-+This module\'s usefulness relies on the file\-systems accessible to the user\&. The point being that once granted the membership of a group, the user may attempt to create a
+ This module\'s usefulness relies on the file\-systems accessible to the user\&. The point being that once granted the membership of a group, the user may attempt to create a
\fBsetgid\fR
--binary with a restricted group ownership\. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary\. The reason that the file\-systems that the user has access to are so significant, is the fact that when a system is mounted
-+binary with a restricted group ownership\&. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary\&. The reason that the file\-systems that the user has access to are so significant, is the fact that when a system is mounted
- \fInosuid\fR
--the user is unable to create or execute such a binary file\. For this module to provide any level of security, all file\-systems that the user has write access to should be mounted
--\fInosuid\fR\.
-+the user is unable to create or execute such a binary file\&. For this module to provide any level of security, all file\-systems that the user has write access to should be mounted
-+\fInosuid\fR\&.
- .PP
- The pam_group module fuctions in parallel with the
- \fI/etc/group\fR
--file\. If the user is granted any groups based on the behavior of this module, they are granted
-+file\&. If the user is granted any groups based on the behavior of this module, they are granted
+@@ -188,11 +38,11 @@
+ \fInosuid\fR\&.
+ .PP
+ The pam_group module functions in parallel with the
+-\FC/etc/group\F[]
++/etc/group
+ file\&. If the user is granted any groups based on the behavior of this module, they are granted
\fIin addition\fR
to those entries
- \fI/etc/group\fR
--(or equivalent)\.
-+(or equivalent)\&.
+-\FC/etc/group\F[]
++/etc/group
+ (or equivalent)\&.
.SH "OPTIONS"
.PP
--This module does not recognise any options\.
-+This module does not recognise any options\&.
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBauth\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
- .RS 4
--group membership was granted\.
-+group membership was granted\&.
- .RE
- .PP
- PAM_ABORT
- .RS 4
--Not all relevant data could be gotten\.
-+Not all relevant data could be gotten\&.
- .RE
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_CRED_ERR
- .RS 4
--Group membership was not granted\.
-+Group membership was not granted\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
-
- \fBpam_sm_authenticate\fR
--was called which does nothing\.
-+was called which does nothing\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--The user is not known to the system\.
-+The user is not known to the system\&.
+@@ -237,7 +87,7 @@
.RE
.SH "FILES"
.PP
--\fI/etc/security/group\.conf\fR
-+\fI/etc/security/group\&.conf\fR
+-\FC/etc/security/group\&.conf\F[]
++/etc/security/group\&.conf
.RS 4
Default configuration file
.RE
-@@ -88,7 +88,7 @@
+@@ -246,7 +96,7 @@
\fBgroup.conf\fR(5),
- \fBpam.d\fR(8),
--\fBpam\fR(8)\.
+ \fBpam.d\fR(5),
+-\fBpam\fR(8)\&.
+\fBpam\fR(7)\&.
.SH "AUTHORS"
.PP
--pam_group was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_group/pam_group.8.xml
+ pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_group/pam_group.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_group/pam_group.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_group/pam_group.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_group/pam_group.8.xml
++++ pam.deb/modules/pam_group/pam_group.8.xml
@@ -148,7 +148,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -2661,124 +4391,239 @@ Index: debian-pkg-pam/modules/pam_group/pam_group.8.xml
</citerefentry>.
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_issue/pam_issue.8
+Index: pam.deb/modules/pam_issue/pam_issue.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_issue/pam_issue.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_issue/pam_issue.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,23 +1,23 @@
+--- pam.deb.orig/modules/pam_issue/pam_issue.8
++++ pam.deb/modules/pam_issue/pam_issue.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_issue
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_ISSUE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_ISSUE" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_issue - PAM module to add issue file to user prompt
-+pam_issue \- PAM module to add issue file to user prompt
- .SH "SYNOPSIS"
- .HP 13
--\fBpam_issue\.so\fR [noesc] [issue=\fIissue\-file\-name\fR]
-+\fBpam_issue\&.so\fR [noesc] [issue=\fIissue\-file\-name\fR]
+-.TH "PAM_ISSUE" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_ISSUE" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_issue \- PAM module to add issue file to user prompt
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_issue\&.so\fR\ 'u
+ \fBpam_issue\&.so\fR [noesc] [issue=\fIissue\-file\-name\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_issue is a PAM module to prepend an issue file to the username prompt\. It also by default parses escape codes in the issue file similar to some common getty\'s (using \ex format)\.
-+pam_issue is a PAM module to prepend an issue file to the username prompt\&. It also by default parses escape codes in the issue file similar to some common getty\'s (using \ex format)\&.
- .PP
- Recognized escapes:
- .PP
-@@ -68,7 +68,7 @@
- .PP
- \fB\eU\fR
- .RS 4
--same as \eu except it is suffixed with "user" or "users" (eg\. "1 user" or "10 users")
-+same as \eu except it is suffixed with "user" or "users" (eg\&. "1 user" or "10 users")
- .RE
- .PP
- \fB\ev\fR
-@@ -80,49 +80,49 @@
- .PP
- \fBnoesc\fR
- .RS 4
--Turns off escape code parsing\.
-+Turns off escape code parsing\&.
- .RE
- .PP
- \fBissue=\fR\fB\fIissue\-file\-name\fR\fR
- .RS 4
--The file to output if not using the default\.
-+The file to output if not using the default\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBauth\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
--The prompt was already changed\.
-+The prompt was already changed\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--A service module error occured\.
-+A service module error occured\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--The new prompt was set successfull\.
-+The new prompt was set successfull\&.
- .RE
+ pam_issue is a PAM module to prepend an issue file to the username prompt\&. It also by default parses escape codes in the issue file similar to some common getty\'s (using \ex format)\&.
+@@ -275,30 +125,16 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
to set the user specific issue at login:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-- auth optional pam_issue\.so issue=/etc/issue
-+ auth optional pam_issue\&.so issue=/etc/issue
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth optional pam_issue\&.so issue=/etc/issue
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -132,7 +132,7 @@
+ .\}
+@@ -308,7 +144,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_issue was written by Ben Collins <bcollins@debian\.org>\.
-+pam_issue was written by Ben Collins <bcollins@debian\&.org>\&.
-Index: debian-pkg-pam/modules/pam_issue/pam_issue.8.xml
+ pam_issue was written by Ben Collins <bcollins@debian\&.org>\&.
+Index: pam.deb/modules/pam_issue/pam_issue.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_issue/pam_issue.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_issue/pam_issue.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_issue/pam_issue.8.xml
++++ pam.deb/modules/pam_issue/pam_issue.8.xml
@@ -219,7 +219,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -2786,162 +4631,247 @@ Index: debian-pkg-pam/modules/pam_issue/pam_issue.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_keyinit/pam_keyinit.8
+Index: pam.deb/modules/pam_keyinit/pam_keyinit.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_keyinit/pam_keyinit.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_keyinit/pam_keyinit.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,38 +1,38 @@
+--- pam.deb.orig/modules/pam_keyinit/pam_keyinit.8
++++ pam.deb/modules/pam_keyinit/pam_keyinit.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_keyinit
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_KEYINIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_KEYINIT" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_keyinit - Kernel session keyring initialiser module
-+pam_keyinit \- Kernel session keyring initialiser module
- .SH "SYNOPSIS"
- .HP 15
--\fBpam_keyinit\.so\fR [debug] [force] [revoke]
-+\fBpam_keyinit\&.so\fR [debug] [force] [revoke]
+-.TH "PAM_KEYINIT" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_KEYINIT" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_keyinit \- Kernel session keyring initialiser module
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_keyinit\&.so\fR\ 'u
+ \fBpam_keyinit\&.so\fR [debug] [force] [revoke]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\.
-+The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\&.
- .PP
--The session component of the module checks to see if the process\'s session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\.
-+The session component of the module checks to see if the process\'s session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\&.
- .PP
--If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\.
-+If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\&.
- .PP
--The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\.
-+The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\&.
- .PP
--This module is intended primarily for use by login processes\. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\.
-+This module is intended primarily for use by login processes\&. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\&.
- .PP
- This module should not, generally, be invoked by programs like
--\fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\. The keys have their own permissions system to manage this\.
-+\fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\&. The keys have their own permissions system to manage this\&.
- .PP
--This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\.
-+This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\&.
- .PP
--The keyutils package is used to manipulate keys more directly\. This can be obtained from:
-+The keyutils package is used to manipulate keys more directly\&. This can be obtained from:
+ The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\&.
+@@ -193,7 +43,7 @@
+ The keyutils package is used to manipulate keys more directly\&. This can be obtained from:
.PP
- \fI Keyutils \fR\&[1]
-@@ -41,23 +41,23 @@
- \fBdebug\fR
- .RS 4
- Log debug information with
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
- .RE
- .PP
- \fBforce\fR
- .RS 4
--Causes the session keyring of the invoking process to be replaced unconditionally\.
-+Causes the session keyring of the invoking process to be replaced unconditionally\&.
- .RE
- .PP
- \fBrevoke\fR
- .RS 4
--Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\.
-+Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBsession\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
-@@ -67,32 +67,32 @@
- .PP
- PAM_AUTH_ERR
- .RS 4
--Authentication failure\.
-+Authentication failure\&.
- .RE
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
--The return value should be ignored by PAM dispatch\.
-+The return value should be ignored by PAM dispatch\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Cannot determine the user name\.
-+Cannot determine the user name\&.
- .RE
- .PP
- PAM_SESSION_ERR
- .RS 4
--This module will return this value if its arguments are invalid or if a system error such as ENOMEM occurs\.
-+This module will return this value if its arguments are invalid or if a system error such as ENOMEM occurs\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
- .SH "EXAMPLES"
+-\m[blue]\fB Keyutils \fR\m[]\&\s-2\u[1]\d\s+2
++\m[blue]\fBKeyutils\fR\m[]\&\s-2\u[1]\d\s+2
+ .SH "OPTIONS"
.PP
-@@ -100,22 +100,22 @@
- .sp
+ \fBdebug\fR
+@@ -259,24 +109,10 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--session required pam_keyinit\.so
-+session required pam_keyinit\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ session required pam_keyinit\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .PP
--This will prevent keys from one session leaking into another session for the same user\.
-+This will prevent keys from one session leaking into another session for the same user\&.
- .SH "SEE ALSO"
- .PP
+ .\}
+@@ -287,12 +123,12 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
\fBkeyctl\fR(1)
.SH "AUTHOR"
.PP
--pam_keyinit was written by David Howells, <dhowells@redhat\.com>\.
-+pam_keyinit was written by David Howells, <dhowells@redhat\&.com>\&.
- .SH "NOTES"
+ pam_keyinit was written by David Howells, <dhowells@redhat\&.com>\&.
+-.SH "Notes"
++.SH "NOTES"
.IP " 1." 4
Keyutils
-Index: debian-pkg-pam/modules/pam_keyinit/pam_keyinit.8.xml
+ .RS 4
+Index: pam.deb/modules/pam_keyinit/pam_keyinit.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_keyinit/pam_keyinit.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_keyinit/pam_keyinit.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_keyinit/pam_keyinit.8.xml
++++ pam.deb/modules/pam_keyinit/pam_keyinit.8.xml
@@ -223,7 +223,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -2949,146 +4879,268 @@ Index: debian-pkg-pam/modules/pam_keyinit/pam_keyinit.8.xml
</citerefentry>
<citerefentry>
<refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum>
-Index: debian-pkg-pam/modules/pam_lastlog/pam_lastlog.8
+Index: pam.deb/modules/pam_lastlog/pam_lastlog.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_lastlog/pam_lastlog.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_lastlog/pam_lastlog.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,98 +1,98 @@
+--- pam.deb.orig/modules/pam_lastlog/pam_lastlog.8
++++ pam.deb/modules/pam_lastlog/pam_lastlog.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_lastlog
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_LASTLOG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_LASTLOG" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_lastlog - PAM module to display date of last login
-+pam_lastlog \- PAM module to display date of last login
- .SH "SYNOPSIS"
- .HP 15
--\fBpam_lastlog\.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp]
-+\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp]
+-.TH "PAM_LASTLOG" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_LASTLOG" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,17 +18,15 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_lastlog \- PAM module to display date of last login
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_lastlog\&.so\fR\ 'u
+ \fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_lastlog is a PAM module to display a line of information about the last login of the user\. In addition, the module maintains the
-+pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the
- \fI/var/log/lastlog\fR
--file\.
-+file\&.
- .PP
--Some applications may perform this function themselves\. In such cases, this module is not necessary\.
-+Some applications may perform this function themselves\&. In such cases, this module is not necessary\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
+ pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the
+-\FC/var/log/lastlog\F[]
++/var/log/lastlog
+ file\&.
.PP
+ Some applications may perform this function themselves\&. In such cases, this module is not necessary\&.
+@@ -190,14 +40,14 @@
\fBsilent\fR
.RS 4
- Don\'t inform the user about any previous login, just upate the
- \fI/var/log/lastlog\fR
--file\.
-+file\&.
+ Don\'t inform the user about any previous login, just update the
+-\FC/var/log/lastlog\F[]
++/var/log/lastlog
+ file\&.
.RE
.PP
\fBnever\fR
.RS 4
If the
- \fI/var/log/lastlog\fR
--file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\.
-+file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\&.
- .RE
- .PP
- \fBnodate\fR
- .RS 4
--Don\'t display the date of the last login\.
-+Don\'t display the date of the last login\&.
- .RE
- .PP
- \fBnoterm\fR
- .RS 4
--Don\'t display the terminal name on which the last login was attempted\.
-+Don\'t display the terminal name on which the last login was attempted\&.
- .RE
- .PP
- \fBnohost\fR
- .RS 4
--Don\'t indicate from which host the last login was attempted\.
-+Don\'t indicate from which host the last login was attempted\&.
- .RE
- .PP
- \fBnowtmp\fR
- .RS 4
--Don\'t update the wtmp entry\.
-+Don\'t update the wtmp entry\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBsession\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_SUCCESS
- .RS 4
--Everything was successfull\.
-+Everything was successfull\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Internal service module error\.
-+Internal service module error\&.
+-\FC/var/log/lastlog\F[]
++/var/log/lastlog
+ file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\&.
.RE
.PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
+@@ -257,36 +107,22 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
to display the last login time of an user:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-- session required pam_lastlog\.so nowtmp
-+ session required pam_lastlog\&.so nowtmp
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ session required pam_lastlog\&.so nowtmp
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -107,7 +107,7 @@
+ .\}
+ .SH "FILES"
+ .PP
+-\FC/var/log/lastlog\F[]
++/var/log/lastlog
+ .RS 4
+ Lastlog logging file
+ .RE
+@@ -295,7 +131,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_lastlog was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_lastlog was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_lastlog/pam_lastlog.8.xml
+ pam_lastlog was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_lastlog/pam_lastlog.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_lastlog/pam_lastlog.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_lastlog/pam_lastlog.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -216,7 +216,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_lastlog/pam_lastlog.8.xml
++++ pam.deb/modules/pam_lastlog/pam_lastlog.8.xml
+@@ -244,7 +244,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -3096,183 +5148,263 @@ Index: debian-pkg-pam/modules/pam_lastlog/pam_lastlog.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_limits/pam_limits.8
+Index: pam.deb/modules/pam_limits/pam_limits.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_limits/pam_limits.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_limits/pam_limits.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,132 +1,132 @@
+--- pam.deb.orig/modules/pam_limits/pam_limits.8
++++ pam.deb/modules/pam_limits/pam_limits.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_limits
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHORS" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_LIMITS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_LIMITS" "8" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_limits - PAM module to limit resources
-+pam_limits \- PAM module to limit resources
- .SH "SYNOPSIS"
- .HP 14
--\fBpam_limits\.so\fR [change_uid] [conf=\fI/path/to/limits\.conf\fR] [debug] [utmp_early] [noaudit]
-+\fBpam_limits\&.so\fR [change_uid] [conf=\fI/path/to/limits\&.conf\fR] [debug] [utmp_early] [noaudit]
+-.TH "PAM_LIMITS" "8" "06/16/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_LIMITS" "8" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_limits \- PAM module to limit resources
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_limits\&.so\fR\ 'u
+ \fBpam_limits\&.so\fR [change_uid] [conf=\fI/path/to/limits\&.conf\fR] [debug] [utmp_early] [noaudit]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\. Users of
-+The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\&. Users of
- \fIuid=0\fR
--are affected by this limits, too\.
-+are affected by this limits, too\&.
+ The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\&. Users of
+@@ -180,9 +30,9 @@
+ are affected by this limits, too\&.
.PP
By default limits are taken from the
--\fI/etc/security/limits\.conf\fR
--config file\. Then individual files from the
--\fI/etc/security/limits\.d/\fR
--directory are read\. The files are parsed one after another in the order of "C" locale\. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\. If a config file is explicitely specified with a module option then the files in the above directory are not parsed\.
-+\fI/etc/security/limits\&.conf\fR
-+config file\&. Then individual files from the
-+\fI/etc/security/limits\&.d/\fR
-+directory are read\&. The files are parsed one after another in the order of "C" locale\&. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\&. If a config file is explicitely specified with a module option then the files in the above directory are not parsed\&.
- .PP
--The module must not be called by a multithreaded application\.
-+The module must not be called by a multithreaded application\&.
- .PP
--If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions\.
-+If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions\&.
- .SH "OPTIONS"
- .PP
- \fBchange_uid\fR
- .RS 4
--Change real uid to the user for who the limits are set up\. Use this option if you have problems like login not forking a shell for user who has no processes\. Be warned that something else may break when you do this\.
-+Change real uid to the user for who the limits are set up\&. Use this option if you have problems like login not forking a shell for user who has no processes\&. Be warned that something else may break when you do this\&.
- .RE
- .PP
--\fBconf=\fR\fB\fI/path/to/limits\.conf\fR\fR
-+\fBconf=\fR\fB\fI/path/to/limits\&.conf\fR\fR
- .RS 4
--Indicate an alternative limits\.conf style configuration file to override the default\.
-+Indicate an alternative limits\&.conf style configuration file to override the default\&.
- .RE
+-\FC/etc/security/limits\&.conf\F[]
++/etc/security/limits\&.conf
+ config file\&. Then individual *\&.conf files from the
+-\FC/etc/security/limits\&.d/\F[]
++/etc/security/limits\&.d/
+ directory are read\&. The files are parsed one after another in the order of "C" locale\&. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\&. If a config file is explicitly specified with a module option then the files in the above directory are not parsed\&.
.PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
- \fButmp_early\fR
- .RS 4
--Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system\. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits\.conf file\.
-+Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system\&. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits\&.conf file\&.
- .RE
- .PP
- \fBnoaudit\fR
- .RS 4
--Do not report exceeded maximum logins count to the audit subsystem\.
-+Do not report exceeded maximum logins count to the audit subsystem\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBsession\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_ABORT
- .RS 4
--Cannot get current limits\.
-+Cannot get current limits\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
--No limits found for this user\.
-+No limits found for this user\&.
- .RE
- .PP
- PAM_PERM_DENIED
- .RS 4
--New limits could not be set\.
-+New limits could not be set\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Cannot read config file\.
-+Cannot read config file\&.
- .RE
- .PP
- PAM_SESSEION_ERR
- .RS 4
--Error recovering account name\.
-+Error recovering account name\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--Limits were changed\.
-+Limits were changed\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--The user is not known to the system\.
-+The user is not known to the system\&.
+ The module must not be called by a multithreaded application\&.
+@@ -257,41 +107,27 @@
.RE
.SH "FILES"
.PP
--\fI/etc/security/limits\.conf\fR
-+\fI/etc/security/limits\&.conf\fR
+-\FC/etc/security/limits\&.conf\F[]
++/etc/security/limits\&.conf
.RS 4
Default configuration file
.RE
.SH "EXAMPLES"
.PP
For the services you need resources limits (login for example) put a the following line in
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
as the last line for that service (usually after the pam_unix session line):
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--#%PAM\-1\.0
-+#%PAM\-1\&.0
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ #%PAM\-1\&.0
#
# Resource limits imposed on login sessions via pam_limits
#
--session required pam_limits\.so
-+session required pam_limits\&.so
+ session required pam_limits\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .PP
--Replace "login" for each service you are using this module\.
-+Replace "login" for each service you are using this module\&.
- .SH "SEE ALSO"
- .PP
+ .\}
+@@ -302,7 +138,7 @@
\fBlimits.conf\fR(5),
- \fBpam.d\fR(8),
--\fBpam\fR(8)\.
+ \fBpam.d\fR(5),
+-\fBpam\fR(8)\&.
+\fBpam\fR(7)\&.
.SH "AUTHORS"
.PP
--pam_limits was initially written by Cristian Gafton <gafton@redhat\.com>
-+pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com>
-Index: debian-pkg-pam/modules/pam_limits/pam_limits.8.xml
+ pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com>
+Index: pam.deb/modules/pam_limits/pam_limits.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_limits/pam_limits.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_limits/pam_limits.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_limits/pam_limits.8.xml
++++ pam.deb/modules/pam_limits/pam_limits.8.xml
@@ -242,7 +242,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -3280,230 +5412,310 @@ Index: debian-pkg-pam/modules/pam_limits/pam_limits.8.xml
</citerefentry>.
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_listfile/pam_listfile.8
+Index: pam.deb/modules/pam_listfile/pam_listfile.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_listfile/pam_listfile.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_listfile/pam_listfile.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,23 +1,23 @@
+--- pam.deb.orig/modules/pam_listfile/pam_listfile.8
++++ pam.deb/modules/pam_listfile/pam_listfile.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_listfile
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_LISTFILE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_LISTFILE" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_listfile - deny or allow services based on an arbitrary file
-+pam_listfile \- deny or allow services based on an arbitrary file
- .SH "SYNOPSIS"
- .HP 16
--\fBpam_listfile\.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet]
-+\fBpam_listfile\&.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet]
+-.TH "PAM_LISTFILE" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_LISTFILE" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_listfile \- deny or allow services based on an arbitrary file
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_listfile\&.so\fR\ 'u
+ \fBpam_listfile\&.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file\.
-+pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file\&.
- .PP
- The module gets the
- \fBitem\fR
-@@ -29,15 +29,15 @@
- \fIPAM_RHOST\fR; and ruser specifies the name of the remote user (if available) who made the request,
+ pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file\&.
+@@ -188,7 +38,7 @@
\fIPAM_RUSER\fR
\-\- and looks for an instance of that item in the
--\fBfile=\fR\fB\fIfilename\fR\fR\.
-+\fBfile=\fR\fB\fIfilename\fR\fR\&.
- \fIfilename\fR
--contains one line per item listed\. If the item is found, then if
-+contains one line per item listed\&. If the item is found, then if
+ \fBfile=\fR\fB\fIfilename\fR\fR\&.
+-\FCfilename\F[]
++filename
+ contains one line per item listed\&. If the item is found, then if
\fBsense=\fR\fB\fIallow\fR\fR,
\fIPAM_SUCCESS\fR
- is returned, causing the authorization request to succeed; else if
- \fBsense=\fR\fB\fIdeny\fR\fR,
- \fIPAM_AUTH_ERR\fR
--is returned, causing the authorization request to fail\.
-+is returned, causing the authorization request to fail\&.
+@@ -198,7 +48,7 @@
+ is returned, causing the authorization request to fail\&.
.PP
If an error is encountered (for instance, if
- \fIfilename\fR
-@@ -49,54 +49,54 @@
- \fIPAM_AUTH_ERR\fR
- or
- \fIPAM_SERVICE_ERR\fR
--(as appropriate) will be returned\.
-+(as appropriate) will be returned\&.
- .PP
- An additional argument,
--\fBapply=\fR, can be used to restrict the application of the above to a specific user (\fBapply=\fR\fB\fIusername\fR\fR) or a given group (\fBapply=\fR\fB\fI@groupname\fR\fR)\. This added restriction is only meaningful when used with the
-+\fBapply=\fR, can be used to restrict the application of the above to a specific user (\fBapply=\fR\fB\fIusername\fR\fR) or a given group (\fBapply=\fR\fB\fI@groupname\fR\fR)\&. This added restriction is only meaningful when used with the
- \fItty\fR,
- \fIrhost\fR
- and
- \fIshell\fR
--items\.
-+items\&.
- .PP
--Besides this last one, all arguments should be specified; do not count on any default behavior\.
-+Besides this last one, all arguments should be specified; do not count on any default behavior\&.
- .PP
--No credentials are awarded by this module\.
-+No credentials are awarded by this module\&.
- .SH "OPTIONS"
- .PP
- .PP
- \fBitem=[tty|user|rhost|ruser|group|shell]\fR
- .RS 4
--What is listed in the file and should be checked for\.
-+What is listed in the file and should be checked for\&.
- .RE
- .PP
- \fBsense=[allow|deny]\fR
- .RS 4
--Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested\.
-+Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested\&.
- .RE
- .PP
- \fBfile=\fR\fB\fI/path/filename\fR\fR
- .RS 4
--File containing one item per line\. The file needs to be a plain file and not world writeable\.
-+File containing one item per line\&. The file needs to be a plain file and not world writeable\&.
- .RE
- .PP
- \fBonerr=[succeed|fail]\fR
- .RS 4
--What to do if something weird happens like being unable to open the file\.
-+What to do if something weird happens like being unable to open the file\&.
- .RE
- .PP
- \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR
- .RS 4
--Restrict the user class for which the restriction apply\. Note that with
-+Restrict the user class for which the restriction apply\&. Note that with
- \fBitem=[user|ruser|group]\fR
- this does not make sense, but for
- \fBitem=[tty|rhost|shell]\fR
--it have a meaning\.
-+it have a meaning\&.
- .RE
- .PP
- \fBquiet\fR
- .RS 4
--Do not treat service refusals or missing list files as errors that need to be logged\.
-+Do not treat service refusals or missing list files as errors that need to be logged\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -106,47 +106,47 @@
- \fBpassword\fR
- and
- \fBsession\fR
--are supported\.
-+are supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_AUTH_ERR
- .RS 4
--Authentication failure\.
-+Authentication failure\&.
- .RE
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
- The rule does not apply to the
- \fBapply\fR
--option\.
-+option\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Error in service module\.
-+Error in service module\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--Success\.
-+Success\&.
- .RE
+-\FCfilename\F[]
++filename
+ does not exist, or a poorly\-constructed argument is encountered), then if
+ \fIonerr=succeed\fR,
+ \fIPAM_SUCCESS\fR
+@@ -295,79 +145,51 @@
.SH "EXAMPLES"
.PP
Classic \'ftpusers\' authentication can be implemented with this entry in
--\fI/etc/pam\.d/ftpd\fR:
-+\fI/etc/pam\&.d/ftpd\fR:
+-\FC/etc/pam\&.d/ftpd\F[]:
++/etc/pam\&.d/ftpd:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
#
# deny ftp\-access to users listed in the /etc/ftpusers file
#
--auth required pam_listfile\.so \e
-+auth required pam_listfile\&.so \e
+ auth required pam_listfile\&.so \e
onerr=succeed item=user sense=deny file=/etc/ftpusers
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
-@@ -156,10 +156,10 @@
- \fI/etc/ftpusers\fR
+-.fam
+-.ps +1
+ .if n \{\
+ .RE
+ .\}
+ .sp
+ Note, users listed in
+-\FC/etc/ftpusers\F[]
++/etc/ftpusers
file are (counterintuitively)
\fInot\fR
--allowed access to the ftp service\.
-+allowed access to the ftp service\&.
+ allowed access to the ftp service\&.
.PP
To allow login access only for certain users, you can use a
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
entry like this:
.sp
+ .if n \{\
.RS 4
-@@ -167,23 +167,23 @@
+ .\}
+-.fam C
+-.ps -1
+ .nf
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
#
# permit login to users listed in /etc/loginusers
#
--auth required pam_listfile\.so \e
-+auth required pam_listfile\&.so \e
+ auth required pam_listfile\&.so \e
onerr=fail item=user sense=allow file=/etc/loginusers
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
+ .\}
.sp
For this example to work, all users who are allowed to use the login service should be listed in the file
--\fI/etc/loginusers\fR\. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in
-+\fI/etc/loginusers\fR\&. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in
- \fI/etc/loginusers\fR, or by listing a user who is able to
+-\FC/etc/loginusers\F[]\&. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in
+-\FC/etc/loginusers\F[], or by listing a user who is able to
++/etc/loginusers\&. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in
++/etc/loginusers, or by listing a user who is able to
\fIsu\fR
--to the root account\.
-+to the root account\&.
+ to the root account\&.
.SH "SEE ALSO"
- .PP
+@@ -375,7 +197,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_listfile was written by Michael K\. Johnson <johnsonm@redhat\.com> and Elliot Lee <sopwith@cuc\.edu>\.
-+pam_listfile was written by Michael K\&. Johnson <johnsonm@redhat\&.com> and Elliot Lee <sopwith@cuc\&.edu>\&.
-Index: debian-pkg-pam/modules/pam_listfile/pam_listfile.8.xml
+ pam_listfile was written by Michael K\&. Johnson <johnsonm@redhat\&.com> and Elliot Lee <sopwith@cuc\&.edu>\&.
+Index: pam.deb/modules/pam_listfile/pam_listfile.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_listfile/pam_listfile.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_listfile/pam_listfile.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_listfile/pam_listfile.8.xml
++++ pam.deb/modules/pam_listfile/pam_listfile.8.xml
@@ -281,7 +281,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -3511,124 +5723,257 @@ Index: debian-pkg-pam/modules/pam_listfile/pam_listfile.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_localuser/pam_localuser.8
+Index: pam.deb/modules/pam_localuser/pam_localuser.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_localuser/pam_localuser.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_localuser/pam_localuser.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,37 +1,37 @@
+--- pam.deb.orig/modules/pam_localuser/pam_localuser.8
++++ pam.deb/modules/pam_localuser/pam_localuser.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_localuser
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_LOCALUSER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_LOCALUSER" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_localuser - require users to be listed in /etc/passwd
-+pam_localuser \- require users to be listed in /etc/passwd
- .SH "SYNOPSIS"
- .HP 17
--\fBpam_localuser\.so\fR [debug] [file=\fI/path/passwd\fR]
-+\fBpam_localuser\&.so\fR [debug] [file=\fI/path/passwd\fR]
+-.TH "PAM_LOCALUSER" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_LOCALUSER" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_localuser \- require users to be listed in /etc/passwd
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_localuser\&.so\fR\ 'u
+ \fBpam_localuser\&.so\fR [debug] [file=\fI/path/passwd\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\'s users and a few accounts that are local to a particular workstation\. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\'s users\.
-+pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\'s users and a few accounts that are local to a particular workstation\&. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\'s users\&.
- .PP
--This could also be implemented using pam_listfile\.so and a very short awk script invoked by cron, but it\'s common enough to have been separated out\.
-+This could also be implemented using pam_listfile\&.so and a very short awk script invoked by cron, but it\'s common enough to have been separated out\&.
- .SH "OPTIONS"
- .PP
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
+ pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\'s users and a few accounts that are local to a particular workstation\&. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\'s users\&.
+@@ -189,7 +39,7 @@
\fBfile=\fR\fB\fI/path/passwd\fR\fR
.RS 4
Use a file other than
--\fI/etc/passwd\fR\.
-+\fI/etc/passwd\fR\&.
+-\FC/etc/passwd\F[]\&.
++/etc/passwd\&.
.RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -39,34 +39,34 @@
- \fBauth\fR,
- \fBpassword\fR
- and
--\fBsession\fR) are supported\.
-+\fBsession\fR) are supported\&.
- .SH "RETURN VALUES"
+ .SH "MODULE TYPES PROVIDED"
.PP
- .PP
- PAM_SUCCESS
- .RS 4
--The new localuser was set successfull\.
-+The new localuser was set successfull\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--No username was given\.
-+No username was given\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
+@@ -218,38 +68,24 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/su\fR
--to allow only local users in group wheel to use su\.
-+\fI/etc/pam\&.d/su\fR
-+to allow only local users in group wheel to use su\&.
+-\FC/etc/pam\&.d/su\F[]
++/etc/pam\&.d/su
+ to allow only local users in group wheel to use su\&.
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--account sufficient pam_localuser\.so
--account required pam_wheel\.so
-+account sufficient pam_localuser\&.so
-+account required pam_wheel\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ account sufficient pam_localuser\&.so
+ account required pam_wheel\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -75,14 +75,14 @@
+ .\}
+ .sp
+ .SH "FILES"
.PP
- \fI/etc/passwd\fR
+-\FC/etc/passwd\F[]
++/etc/passwd
.RS 4
--Local user account information\.
-+Local user account information\&.
+ Local user account information\&.
.RE
- .SH "SEE ALSO"
- .PP
+@@ -258,7 +94,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_localuser was written by Nalin Dahyabhai <nalin@redhat\.com>\.
-+pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&.
-Index: debian-pkg-pam/modules/pam_localuser/pam_localuser.8.xml
+ pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&.
+Index: pam.deb/modules/pam_localuser/pam_localuser.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_localuser/pam_localuser.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_localuser/pam_localuser.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_localuser/pam_localuser.8.xml
++++ pam.deb/modules/pam_localuser/pam_localuser.8.xml
@@ -158,7 +158,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -3636,97 +5981,237 @@ Index: debian-pkg-pam/modules/pam_localuser/pam_localuser.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_loginuid/pam_loginuid.8
+Index: pam.deb/modules/pam_loginuid/pam_loginuid.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_loginuid/pam_loginuid.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_loginuid/pam_loginuid.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,52 +1,52 @@
+--- pam.deb.orig/modules/pam_loginuid/pam_loginuid.8
++++ pam.deb/modules/pam_loginuid/pam_loginuid.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_loginuid
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_LOGINUID" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_LOGINUID" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_loginuid - Record user's login uid to the process attribute
-+pam_loginuid \- Record user's login uid to the process attribute
- .SH "SYNOPSIS"
- .HP 16
--\fBpam_loginuid\.so\fR [require_auditd]
-+\fBpam_loginuid\&.so\fR [require_auditd]
+-.TH "PAM_LOGINUID" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_LOGINUID" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_loginuid \- Record user\'s login uid to the process attribute
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_loginuid\&.so\fR\ 'u
+ \fBpam_loginuid\&.so\fR [require_auditd]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_loginuid module sets the loginuid process attribute for the process that was authenticated\. This is necessary for applications to be correctly audited\. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd\. There are probably other entry point applications besides these\. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to\.
-+The pam_loginuid module sets the loginuid process attribute for the process that was authenticated\&. This is necessary for applications to be correctly audited\&. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd\&. There are probably other entry point applications besides these\&. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to\&.
- .SH "OPTIONS"
- .PP
- \fBrequire_auditd\fR
- .RS 4
--This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\.
-+This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- The
- \fBsession\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_SESSION_ERR
- .RS 4
--An error occured during session management\.
-+An error occured during session management\&.
- .RE
- .SH "EXAMPLES"
- .sp
+ The pam_loginuid module sets the loginuid process attribute for the process that was authenticated\&. This is necessary for applications to be correctly audited\&. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd\&. There are probably other entry point applications besides these\&. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to\&.
+@@ -199,15 +49,7 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--#%PAM\-1\.0
--auth required pam_unix\.so
--auth required pam_nologin\.so
--account required pam_unix\.so
--password required pam_unix\.so
--session required pam_unix\.so
--session required pam_loginuid\.so
-+#%PAM\-1\&.0
-+auth required pam_unix\&.so
-+auth required pam_nologin\&.so
-+account required pam_unix\&.so
-+password required pam_unix\&.so
-+session required pam_unix\&.so
-+session required pam_loginuid\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ #%PAM\-1\&.0
+ auth required pam_unix\&.so
+ auth required pam_nologin\&.so
+@@ -216,13 +58,7 @@
+ session required pam_unix\&.so
+ session required pam_loginuid\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -55,9 +55,9 @@
+ .\}
+@@ -231,7 +67,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8),
+\fBpam\fR(7),
\fBauditctl\fR(8),
\fBauditd\fR(8)
.SH "AUTHOR"
- .PP
--pam_loginuid was written by Steve Grubb <sgrubb@redhat\.com>
-+pam_loginuid was written by Steve Grubb <sgrubb@redhat\&.com>
-Index: debian-pkg-pam/modules/pam_loginuid/pam_loginuid.8.xml
+Index: pam.deb/modules/pam_loginuid/pam_loginuid.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_loginuid/pam_loginuid.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_loginuid/pam_loginuid.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_loginuid/pam_loginuid.8.xml
++++ pam.deb/modules/pam_loginuid/pam_loginuid.8.xml
@@ -104,7 +104,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -3734,186 +6219,270 @@ Index: debian-pkg-pam/modules/pam_loginuid/pam_loginuid.8.xml
</citerefentry>,
<citerefentry>
<refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum>
-Index: debian-pkg-pam/modules/pam_mail/pam_mail.8
+Index: pam.deb/modules/pam_mail/pam_mail.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_mail/pam_mail.8 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/modules/pam_mail/pam_mail.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,26 +1,26 @@
+--- pam.deb.orig/modules/pam_mail/pam_mail.8
++++ pam.deb/modules/pam_mail/pam_mail.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_mail
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_MAIL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_MAIL" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_mail - Inform about available mail
-+pam_mail \- Inform about available mail
- .SH "SYNOPSIS"
- .HP 12
--\fBpam_mail\.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quit] [standard]
-+\fBpam_mail\&.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quit] [standard]
+-.TH "PAM_MAIL" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_MAIL" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_mail \- Inform about available mail
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_mail\&.so\fR\ 'u
+ \fBpam_mail\&.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quiet] [standard]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_mail PAM module provides the "you have new mail" service to the user\. It can be plugged into any application that has credential or session hooks\. It gives a single message indicating the
-+The pam_mail PAM module provides the "you have new mail" service to the user\&. It can be plugged into any application that has credential or session hooks\&. It gives a single message indicating the
- \fInewness\fR
--of any mail it finds in the user\'s mail folder\. This module also sets the PAM environment variable,
--\fBMAIL\fR, to the user\'s mail directory\.
-+of any mail it finds in the user\'s mail folder\&. This module also sets the PAM environment variable,
-+\fBMAIL\fR, to the user\'s mail directory\&.
+ The pam_mail PAM module provides the "you have new mail" service to the user\&. It can be plugged into any application that has credential or session hooks\&. It gives a single message indicating the
+@@ -181,7 +31,7 @@
+ \fBMAIL\fR, to the user\'s mail directory\&.
.PP
If the mail spool file (be it
- \fI/var/mail/$USER\fR
-@@ -28,64 +28,64 @@
+-\FC/var/mail/$USER\F[]
++/var/mail/$USER
+ or a pathname given with the
\fBdir=\fR
parameter) is a directory then pam_mail assumes it is in the
- \fIMaildir\fR
--format\.
-+format\&.
- .SH "OPTIONS"
- .PP
- .PP
- \fBclose\fR
- .RS 4
--Indicate if the user has any mail also on logout\.
-+Indicate if the user has any mail also on logout\&.
- .RE
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
+@@ -203,9 +53,9 @@
\fBdir=\fR\fB\fImaildir\fR\fR
.RS 4
Look for the users\' mail in an alternative location defined by
--\fImaildir/<login>\fR\. The default location for mail is
--\fI/var/mail/<login>\fR\. Note, if the supplied
-+\fImaildir/<login>\fR\&. The default location for mail is
-+\fI/var/mail/<login>\fR\&. Note, if the supplied
- \fImaildir\fR
--is prefixed by a \'~\', the directory is interpreted as indicating a file in the user\'s home directory\.
-+is prefixed by a \'~\', the directory is interpreted as indicating a file in the user\'s home directory\&.
+-\FCmaildir/<login>\F[]\&. The default location for mail is
+-\FC/var/mail/<login>\F[]\&. Note, if the supplied
+-\FCmaildir\F[]
++maildir/<login>\&. The default location for mail is
++/var/mail/<login>\&. Note, if the supplied
++maildir
+ is prefixed by a \'~\', the directory is interpreted as indicating a file in the user\'s home directory\&.
.RE
.PP
- \fBempty\fR
- .RS 4
--Also print message if user has no mail\.
-+Also print message if user has no mail\&.
- .RE
- .PP
- \fBhash=\fR\fB\fIcount\fR\fR
- .RS 4
--Mail directory hash depth\. For example, a
-+Mail directory hash depth\&. For example, a
+@@ -219,7 +69,7 @@
+ Mail directory hash depth\&. For example, a
\fIhashcount\fR
of 2 would make the mail file be
--\fI/var/spool/mail/u/s/user\fR\.
-+\fI/var/spool/mail/u/s/user\fR\&.
+-\FC/var/spool/mail/u/s/user\F[]\&.
++/var/spool/mail/u/s/user\&.
.RE
.PP
\fBnoenv\fR
- .RS 4
- Do not set the
- \fBMAIL\fR
--environment variable\.
-+environment variable\&.
- .RE
- .PP
- \fBnopen\fR
- .RS 4
--Don\'t print any mail information on login\. This flag is useful to get the
-+Don\'t print any mail information on login\&. This flag is useful to get the
- \fBMAIL\fR
--environment variable set, but to not display any information about it\.
-+environment variable set, but to not display any information about it\&.
- .RE
- .PP
- \fBquiet\fR
- .RS 4
--Only report when there is new mail\.
-+Only report when there is new mail\&.
- .RE
- .PP
- \fBstandard\fR
- .RS 4
--Old style "You have\.\.\." format which doesn\'t show the mail spool being used\. This also implies "empty"\.
-+Old style "You have\&.\&.\&." format which doesn\'t show the mail spool being used\&. This also implies "empty"\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -93,37 +93,37 @@
- \fBauth\fR
- and
- \fBaccount\fR
--services are supported\.
-+services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Badly formed arguments\.
-+Badly formed arguments\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--Success\.
-+Success\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
+@@ -276,30 +126,16 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/login\fR
--to indicate that the user has new mail when they login to the system\.
-+\fI/etc/pam\&.d/login\fR
-+to indicate that the user has new mail when they login to the system\&.
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
+ to indicate that the user has new mail when they login to the system\&.
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--session optional pam_mail\.so standard
-+session optional pam_mail\&.so standard
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ session optional pam_mail\&.so standard
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -133,7 +133,7 @@
+ .\}
+@@ -309,7 +145,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_mail was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_mail was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_mail/pam_mail.8.xml
+ pam_mail was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_mail/pam_mail.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_mail/pam_mail.8.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/modules/pam_mail/pam_mail.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -264,7 +264,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_mail/pam_mail.8.xml
++++ pam.deb/modules/pam_mail/pam_mail.8.xml
+@@ -265,7 +265,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -3921,154 +6490,263 @@ Index: debian-pkg-pam/modules/pam_mail/pam_mail.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_mkhomedir/pam_mkhomedir.8
+Index: pam.deb/modules/pam_mkhomedir/pam_mkhomedir.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_mkhomedir/pam_mkhomedir.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,37 +1,37 @@
+--- pam.deb.orig/modules/pam_mkhomedir/pam_mkhomedir.8
++++ pam.deb/modules/pam_mkhomedir/pam_mkhomedir.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_mkhomedir
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_MKHOMEDIR" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_MKHOMEDIR" "8" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_mkhomedir - PAM module to create users home directory
-+pam_mkhomedir \- PAM module to create users home directory
- .SH "SYNOPSIS"
- .HP 17
--\fBpam_mkhomedir\.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR]
-+\fBpam_mkhomedir\&.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR]
+-.TH "PAM_MKHOMEDIR" "8" "06/16/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_MKHOMEDIR" "8" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,17 +18,15 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_mkhomedir \- PAM module to create users home directory
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_mkhomedir\&.so\fR\ 'u
+ \fBpam_mkhomedir\&.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\. The skeleton directory (usually
--\fI/etc/skel/\fR) is used to copy default files and also set\'s a umask for the creation\.
-+The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\&. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\&. The skeleton directory (usually
-+\fI/etc/skel/\fR) is used to copy default files and also set\'s a umask for the creation\&.
+ The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\&. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\&. The skeleton directory (usually
+-\FC/etc/skel/\F[]) is used to copy default files and also sets a umask for the creation\&.
++/etc/skel/) is used to copy default files and also sets a umask for the creation\&.
.PP
--The new users home directory will not be removed after logout of the user\.
-+The new users home directory will not be removed after logout of the user\&.
+ The new users home directory will not be removed after logout of the user\&.
.SH "OPTIONS"
- .PP
- \fBsilent\fR
- .RS 4
--Don\'t print informative messages\.
-+Don\'t print informative messages\&.
- .RE
- .PP
- \fBumask=\fR\fB\fImask\fR\fR
- .RS 4
- The user file\-creation mask is set to
--\fImask\fR\. The default value of mask is 0022\.
-+\fImask\fR\&. The default value of mask is 0022\&.
- .RE
- .PP
+@@ -195,9 +45,9 @@
\fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR
-@@ -39,38 +39,38 @@
+ .RS 4
Indicate an alternative
- \fIskel\fR
+-\FCskel\F[]
++skel
directory to override the default
--\fI/etc/skel\fR\.
-+\fI/etc/skel\fR\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBsession\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_CRED_INSUFFICIENT
- .RS 4
--Insufficient credentials to access authentication data\.
-+Insufficient credentials to access authentication data\&.
- .RE
- .PP
- PAM_PERM_DENIED
- .RS 4
--Not enough permissions to create the new directory or read the skel directory\.
-+Not enough permissions to create the new directory or read the skel directory\&.
+-\FC/etc/skel\F[]\&.
++/etc/skel\&.
.RE
+ .SH "MODULE TYPES PROVIDED"
.PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known to the underlying authentication module\.
-+User not known to the underlying authentication module\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--Environment variables were set\.
-+Environment variables were set\&.
+@@ -232,7 +82,7 @@
.RE
.SH "FILES"
.PP
-@@ -80,21 +80,21 @@
+-\FC/etc/skel\F[]
++/etc/skel
+ .RS 4
+ Default skel directory
.RE
- .SH "EXAMPLES"
- .PP
--A sample /etc/pam\.d/login file:
-+A sample /etc/pam\&.d/login file:
- .sp
+@@ -243,15 +93,7 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-- auth requisite pam_securetty\.so
-- auth sufficient pam_ldap\.so
-- auth required pam_unix\.so
-- auth required pam_nologin\.so
-- account sufficient pam_ldap\.so
-- account required pam_unix\.so
-- password required pam_unix\.so
-- session required pam_mkhomedir\.so skel=/etc/skel/ umask=0022
-- session required pam_unix\.so
-- session optional pam_lastlog\.so
-- session optional pam_mail\.so standard
-+ auth requisite pam_securetty\&.so
-+ auth sufficient pam_ldap\&.so
-+ auth required pam_unix\&.so
-+ auth required pam_nologin\&.so
-+ account sufficient pam_ldap\&.so
-+ account required pam_unix\&.so
-+ password required pam_unix\&.so
-+ session required pam_mkhomedir\&.so skel=/etc/skel/ umask=0022
-+ session required pam_unix\&.so
-+ session optional pam_lastlog\&.so
-+ session optional pam_mail\&.so standard
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth requisite pam_securetty\&.so
+ auth sufficient pam_ldap\&.so
+ auth required pam_unix\&.so
+@@ -264,13 +106,7 @@
+ session optional pam_lastlog\&.so
+ session optional pam_mail\&.so standard
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -103,7 +103,7 @@
+ .\}
+@@ -279,7 +115,7 @@
.PP
- \fBpam.d\fR(8),
--\fBpam\fR(8)\.
+ \fBpam.d\fR(5),
+-\fBpam\fR(8)\&.
+\fBpam\fR(7)\&.
.SH "AUTHOR"
.PP
--pam_mkhomedir was written by Jason Gunthorpe <jgg@debian\.org>\.
-+pam_mkhomedir was written by Jason Gunthorpe <jgg@debian\&.org>\&.
-Index: debian-pkg-pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml
+ pam_mkhomedir was written by Jason Gunthorpe <jgg@debian\&.org>\&.
+Index: pam.deb/modules/pam_mkhomedir/pam_mkhomedir.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml
++++ pam.deb/modules/pam_mkhomedir/pam_mkhomedir.8.xml
@@ -189,7 +189,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -4076,92 +6754,252 @@ Index: debian-pkg-pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml
</citerefentry>.
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_motd/pam_motd.8
+Index: pam.deb/modules/pam_motd/pam_motd.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_motd/pam_motd.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_motd/pam_motd.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,53 +1,53 @@
+--- pam.deb.orig/modules/pam_motd/pam_motd.8
++++ pam.deb/modules/pam_motd/pam_motd.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_motd
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_MOTD" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_MOTD" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_motd - Display the motd file
-+pam_motd \- Display the motd file
- .SH "SYNOPSIS"
- .HP 12
--\fBpam_motd\.so\fR [motd=\fI/path/filename\fR]
-+\fBpam_motd\&.so\fR [motd=\fI/path/filename\fR]
+-.TH "PAM_MOTD" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_MOTD" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,24 +18,22 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_motd \- Display the motd file
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_motd\&.so\fR\ 'u
+ \fBpam_motd\&.so\fR [motd=\fI/path/filename\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a succesful login\. By default the
-+pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a succesful login\&. By default the
- \fI/etc/motd\fR
--file is shown\. The message size is limited to 64KB\.
-+file is shown\&. The message size is limited to 64KB\&.
+ pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login\&. By default the
+-\FC/etc/motd\F[]
++/etc/motd
+ file is shown\&. The message size is limited to 64KB\&.
.SH "OPTIONS"
.PP
\fBmotd=\fR\fB\fI/path/filename\fR\fR
.RS 4
The
- \fI/path/filename\fR
--file is displayed as message of the day\.
-+file is displayed as message of the day\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBsession\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_IGNORE
- .RS 4
--This is the only return value of this module\.
-+This is the only return value of this module\&.
+-\FC/path/filename\F[]
++/path/filename
+ file is displayed as message of the day\&.
.RE
+ .SH "MODULE TYPES PROVIDED"
+@@ -200,30 +50,16 @@
.SH "EXAMPLES"
.PP
The suggested usage for
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
is:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--session optional pam_motd\.so motd=/etc/motd
-+session optional pam_motd\&.so motd=/etc/motd
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ session optional pam_motd\&.so motd=/etc/motd
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -58,7 +58,7 @@
+ .\}
+@@ -234,7 +70,7 @@
\fBmotd\fR(5),
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_motd was written by Ben Collins <bcollins@debian\.org>\.
-+pam_motd was written by Ben Collins <bcollins@debian\&.org>\&.
-Index: debian-pkg-pam/modules/pam_motd/pam_motd.8.xml
+ pam_motd was written by Ben Collins <bcollins@debian\&.org>\&.
+Index: pam.deb/modules/pam_motd/pam_motd.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_motd/pam_motd.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_motd/pam_motd.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_motd/pam_motd.8.xml
++++ pam.deb/modules/pam_motd/pam_motd.8.xml
@@ -99,7 +99,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -4169,201 +7007,272 @@ Index: debian-pkg-pam/modules/pam_motd/pam_motd.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_namespace/pam_namespace.8
+Index: pam.deb/modules/pam_namespace/pam_namespace.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_namespace/pam_namespace.8 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/modules/pam_namespace/pam_namespace.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,27 +1,27 @@
+--- pam.deb.orig/modules/pam_namespace/pam_namespace.8
++++ pam.deb/modules/pam_namespace/pam_namespace.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_namespace
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHORS" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_NAMESPACE" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_NAMESPACE" "8" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_namespace - PAM module for configuring namespace for a session
-+pam_namespace \- PAM module for configuring namespace for a session
- .SH "SYNOPSIS"
- .HP 17
--\fBpam_namespace\.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [no_unmount_on_close] [use_current_context] [use_default_context]
-+\fBpam_namespace\&.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [no_unmount_on_close] [use_current_context] [use_default_context]
+-.TH "PAM_NAMESPACE" "8" "06/16/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_NAMESPACE" "8" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,17 +18,15 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_namespace \- PAM module for configuring namespace for a session
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_namespace\&.so\fR\ 'u
+ \fBpam_namespace\&.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [no_unmount_on_close] [use_current_context] [use_default_context]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\. If an executable script
--\fI/etc/security/namespace\.init\fR
--exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\.
-+The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\&. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\&. If an executable script
-+\fI/etc/security/namespace\&.init\fR
-+exists, it is used to initialize the namespace every time a new instance directory is setup\&. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\&.
+ The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\&. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\&. If an executable script
+-\FC/etc/security/namespace\&.init\F[]
++/etc/security/namespace\&.init
+ exists, it is used to initialize the instance directory after it is set up and mounted on the polyinstantiated directory\&. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\&.
.PP
--The pam_namespace module disassociates the session namespace from the parent namespace\. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\.net/Articles/159077 and http://lwn\.net/Articles/159092\.
-+The pam_namespace module disassociates the session namespace from the parent namespace\&. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\&. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\&. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\&.net/Articles/159077 and http://lwn\&.net/Articles/159092\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
-@@ -31,7 +31,7 @@
- .PP
- \fBunmnt_remnt\fR
- .RS 4
--For programs such as su and newrole, the login session has already setup a polyinstantiated namespace\. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login\. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context
-+For programs such as su and newrole, the login session has already setup a polyinstantiated namespace\&. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login\&. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context
- .RE
- .PP
- \fBunmnt_only\fR
-@@ -46,101 +46,101 @@
- .PP
- \fBgen_hash\fR
- .RS 4
--Instead of using the security context string for the instance name, generate and use its md5 hash\.
-+Instead of using the security context string for the instance name, generate and use its md5 hash\&.
- .RE
- .PP
- \fBignore_config_error\fR
- .RS 4
--If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line\. Without this option, pam will return an error to the calling program resulting in termination of the session\.
-+If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line\&. Without this option, pam will return an error to the calling program resulting in termination of the session\&.
- .RE
- .PP
- \fBignore_instance_parent_mode\fR
- .RS 4
--Instance parent directories by default are expected to have the restrictive mode of 000\. Using this option, an administrator can choose to ignore the mode of the instance parent\. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism\.
-+Instance parent directories by default are expected to have the restrictive mode of 000\&. Using this option, an administrator can choose to ignore the mode of the instance parent\&. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism\&.
- .RE
- .PP
- \fBno_unmount_on_close\fR
- .RS 4
--For certain trusted programs such as newrole, open session is called from a child process while the parent perfoms close session and pam end functions\. For these commands use this option to instruct pam_close_session to not unmount the bind mounted polyinstantiated directory in the parent\.
-+For certain trusted programs such as newrole, open session is called from a child process while the parent perfoms close session and pam end functions\&. For these commands use this option to instruct pam_close_session to not unmount the bind mounted polyinstantiated directory in the parent\&.
- .RE
- .PP
- \fBuse_current_context\fR
- .RS 4
--Useful for services which do not change the SELinux context with setexeccon call\. The module will use the current SELinux context of the calling process for the level and context polyinstantiation\.
-+Useful for services which do not change the SELinux context with setexeccon call\&. The module will use the current SELinux context of the calling process for the level and context polyinstantiation\&.
- .RE
- .PP
- \fBuse_default_context\fR
- .RS 4
--Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\. The module will use the default SELinux context of the user for the level and context polyinstantiation\.
-+Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\&. The module will use the default SELinux context of the user for the level and context polyinstantiation\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- The
- \fBsession\fR
--service is supported\. The module must not be called from multithreaded processes\.
-+service is supported\&. The module must not be called from multithreaded processes\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
- .RS 4
--Namespace setup was successful\.
-+Namespace setup was successful\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Unexpected system error occurred while setting up namespace\.
-+Unexpected system error occurred while setting up namespace\&.
- .RE
- .PP
- PAM_SESSION_ERR
- .RS 4
--Unexpected namespace configuration error occurred\.
-+Unexpected namespace configuration error occurred\&.
+ The pam_namespace module disassociates the session namespace from the parent namespace\&. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\&. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\&. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\&.net/Articles/159077 and http://lwn\&.net/Articles/159092\&.
+@@ -254,17 +104,17 @@
.RE
.SH "FILES"
.PP
--\fI/etc/security/namespace\.conf\fR
-+\fI/etc/security/namespace\&.conf\fR
+-\FC/etc/security/namespace\&.conf\F[]
++/etc/security/namespace\&.conf
.RS 4
Main configuration file
.RE
.PP
--\fI/etc/security/namespace\.d\fR
-+\fI/etc/security/namespace\&.d\fR
+-\FC/etc/security/namespace\&.d\F[]
++/etc/security/namespace\&.d
.RS 4
Directory for additional configuration files
.RE
.PP
--\fI/etc/security/namespace\.init\fR
-+\fI/etc/security/namespace\&.init\fR
+-\FC/etc/security/namespace\&.init\F[]
++/etc/security/namespace\&.init
.RS 4
Init script for instance directories
.RE
- .SH "EXAMPLES"
- .PP
--For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam\.d/<service> as the last line for session group:
-+For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/<service> as the last line for session group:
- .PP
--session required pam_namespace\.so [arguments]
-+session required pam_namespace\&.so [arguments]
- .PP
- To use polyinstantiation with graphical display manager gdm, insert the following line, before exit 0, in /etc/gdm/PostSession/Default:
- .PP
+@@ -279,24 +129,16 @@
/usr/sbin/gdm\-safe\-restart
.PP
--This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\. Please use the initialization script
--\fI/etc/security/namespace\.init\fR
--to ensure that the X server and its clients can appropriately access the communication socket X0\. Please refer to the sample instructions provided in the comment section of the instance initialization script
--\fI/etc/security/namespace\.init\fR\. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp:
-+This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\&. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\&. Please use the initialization script
-+\fI/etc/security/namespace\&.init\fR
-+to ensure that the X server and its clients can appropriately access the communication socket X0\&. Please refer to the sample instructions provided in the comment section of the instance initialization script
-+\fI/etc/security/namespace\&.init\fR\&. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp:
+ This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\&. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\&. Please use the initialization script
+-\FC/etc/security/namespace\&.init\F[]
++/etc/security/namespace\&.init
+ to ensure that the X server and its clients can appropriately access the communication socket X0\&. Please refer to the sample instructions provided in the comment section of the instance initialization script
+-\FC/etc/security/namespace\&.init\F[]\&. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp:
++/etc/security/namespace\&.init\&. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp:
.PP
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-- 1\. Disable the use of font server by commenting out "FontPath"
-- line in /etc/X11/xorg\.conf\. If you do want to use the font server
-+ 1\&. Disable the use of font server by commenting out "FontPath"
-+ line in /etc/X11/xorg\&.conf\&. If you do want to use the font server
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ 1\&. Disable the use of font server by commenting out "FontPath"
+ line in /etc/X11/xorg\&.conf\&. If you do want to use the font server
then you will have to augment the instance initialization
-- script to appropriately provide /tmp/\.font\-unix from the
-- polyinstantiated /tmp\.
-- 2\. Ensure that the gdm service is setup to use pam_namespace,
-- as described above, by modifying /etc/pam\.d/gdm\.
-- 3\. Ensure that the display manager is configured to restart X server
-- with each new session\. This default setup can be verified by
-- making sure that /usr/share/gdm/defaults\.conf contains
-+ script to appropriately provide /tmp/\&.font\-unix from the
-+ polyinstantiated /tmp\&.
-+ 2\&. Ensure that the gdm service is setup to use pam_namespace,
-+ as described above, by modifying /etc/pam\&.d/gdm\&.
-+ 3\&. Ensure that the display manager is configured to restart X server
-+ with each new session\&. This default setup can be verified by
-+ making sure that /usr/share/gdm/defaults\&.conf contains
+@@ -310,13 +152,7 @@
"AlwaysRestartServer=true", and it is not overridden by
-- /etc/gdm/custom\.conf\.
-+ /etc/gdm/custom\&.conf\&.
+ /etc/gdm/custom\&.conf\&.
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -151,7 +151,7 @@
+ .\}
+@@ -327,7 +163,7 @@
\fBnamespace.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
\fBmount\fR(8),
--\fBpam\fR(8)\.
+-\fBpam\fR(8)\&.
+\fBpam\fR(7)\&.
.SH "AUTHORS"
.PP
--The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\. The pam_namespace PAM module was developed by Janak Desai <janak@us\.ibm\.com>, Chad Sellers <csellers@tresys\.com> and Steve Grubb <sgrubb@redhat\.com>\. Additional improvements by Xavier Toth <txtoth@gmail\.com> and Tomas Mraz <tmraz@redhat\.com>\.
-+The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai <janak@us\&.ibm\&.com>, Chad Sellers <csellers@tresys\&.com> and Steve Grubb <sgrubb@redhat\&.com>\&. Additional improvements by Xavier Toth <txtoth@gmail\&.com> and Tomas Mraz <tmraz@redhat\&.com>\&.
-Index: debian-pkg-pam/modules/pam_namespace/pam_namespace.8.xml
+ The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai <janak@us\&.ibm\&.com>, Chad Sellers <csellers@tresys\&.com> and Steve Grubb <sgrubb@redhat\&.com>\&. Additional improvements by Xavier Toth <txtoth@gmail\&.com> and Tomas Mraz <tmraz@redhat\&.com>\&.
+Index: pam.deb/modules/pam_namespace/pam_namespace.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_namespace/pam_namespace.8.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/modules/pam_namespace/pam_namespace.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_namespace/pam_namespace.8.xml
++++ pam.deb/modules/pam_namespace/pam_namespace.8.xml
@@ -371,7 +371,7 @@
<refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -4373,149 +7282,273 @@ Index: debian-pkg-pam/modules/pam_namespace/pam_namespace.8.xml
</citerefentry>.
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_nologin/pam_nologin.8
+Index: pam.deb/modules/pam_nologin/pam_nologin.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_nologin/pam_nologin.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_nologin/pam_nologin.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,38 +1,38 @@
+--- pam.deb.orig/modules/pam_nologin/pam_nologin.8
++++ pam.deb/modules/pam_nologin/pam_nologin.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_nologin
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_NOLOGIN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_NOLOGIN" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_nologin - Prevent non-root users from login
-+pam_nologin \- Prevent non-root users from login
- .SH "SYNOPSIS"
- .HP 15
--\fBpam_nologin\.so\fR [file=\fI/path/nologin\fR] [successok]
-+\fBpam_nologin\&.so\fR [file=\fI/path/nologin\fR] [successok]
+-.TH "PAM_NOLOGIN" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_NOLOGIN" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,26 +18,24 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_nologin \- Prevent non\-root users from login
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_nologin\&.so\fR\ 'u
+ \fBpam_nologin\&.so\fR [file=\fI/path/nologin\fR] [successok]
+-.fam
.SH "DESCRIPTION"
.PP
pam_nologin is a PAM module that prevents users from logging into the system when
- \fI/etc/nologin\fR
--exists\. The contents of the
-+exists\&. The contents of the
- \fI/etc/nologin\fR
--file are displayed to the user\. The pam_nologin module has no effect on the root user\'s ability to log in\.
-+file are displayed to the user\&. The pam_nologin module has no effect on the root user\'s ability to log in\&.
+-\FC/etc/nologin\F[]
++/etc/nologin
+ exists\&. The contents of the
+-\FC/etc/nologin\F[]
++/etc/nologin
+ file are displayed to the user\&. The pam_nologin module has no effect on the root user\'s ability to log in\&.
.SH "OPTIONS"
.PP
\fBfile=\fR\fB\fI/path/nologin\fR\fR
.RS 4
Use this file instead the default
--\fI/etc/nologin\fR\.
-+\fI/etc/nologin\fR\&.
+-\FC/etc/nologin\F[]\&.
++/etc/nologin\&.
.RE
.PP
\fBsuccessok\fR
- .RS 4
--Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\.
-+Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -40,71 +40,71 @@
- \fBauth\fR
- and
- \fBacct\fR
--services are supported\.
-+services are supported\&.
- .SH "RETURN VALUES"
- .PP
+@@ -204,7 +54,7 @@
PAM_AUTH_ERR
.RS 4
The user is not root and
- \fI/etc/nologin\fR
--exists, so the user is not permitted to log in\.
-+exists, so the user is not permitted to log in\&.
- .RE
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
--This is the default return value\.
-+This is the default return value\&.
+-\FC/etc/nologin\F[]
++/etc/nologin
+ exists, so the user is not permitted to log in\&.
.RE
.PP
+@@ -221,7 +71,7 @@
PAM_SUCCESS
.RS 4
Success: either the user is root or the
- \fI/etc/nologin\fR
--file does not exist\.
-+file does not exist\&.
+-\FC/etc/nologin\F[]
++/etc/nologin
+ file does not exist\&.
.RE
.PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known to the underlying authentication module\.
-+User not known to the underlying authentication module\&.
- .RE
+@@ -232,30 +82,16 @@
.SH "EXAMPLES"
.PP
The suggested usage for
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
is:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth required pam_nologin\.so
-+auth required pam_nologin\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth required pam_nologin\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .sp
- .SH "NOTES"
- .PP
--In order to make this module effective, all login methods should be secured by it\. It should be used as a
-+In order to make this module effective, all login methods should be secured by it\&. It should be used as a
- \fIrequired\fR
- method listed before any
- \fIsufficient\fR
--methods in order to get standard Unix nologin semantics\. Note, the use of
-+methods in order to get standard Unix nologin semantics\&. Note, the use of
- \fBsuccessok\fR
- module argument causes the module to return
- \fIPAM_SUCCESS\fR
- and as such would break such a configuration \- failing
- \fIsufficient\fR
- modules would lead to a successful login because the nologin module
--\fIsucceeded\fR\.
-+\fIsucceeded\fR\&.
- .SH "SEE ALSO"
- .PP
-
+ .\}
+@@ -280,7 +116,7 @@
\fBnologin\fR(5),
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_nologin was written by Michael K\. Johnson <johnsonm@redhat\.com>\.
-+pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&.
-Index: debian-pkg-pam/modules/pam_nologin/pam_nologin.8.xml
+ pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&.
+Index: pam.deb/modules/pam_nologin/pam_nologin.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_nologin/pam_nologin.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_nologin/pam_nologin.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_nologin/pam_nologin.8.xml
++++ pam.deb/modules/pam_nologin/pam_nologin.8.xml
@@ -159,7 +159,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -4523,93 +7556,232 @@ Index: debian-pkg-pam/modules/pam_nologin/pam_nologin.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_permit/pam_permit.8
+Index: pam.deb/modules/pam_permit/pam_permit.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_permit/pam_permit.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_permit/pam_permit.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,32 +1,32 @@
+--- pam.deb.orig/modules/pam_permit/pam_permit.8
++++ pam.deb/modules/pam_permit/pam_permit.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_permit
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_PERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_PERMIT" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_permit - The promiscuous module
-+pam_permit \- The promiscuous module
- .SH "SYNOPSIS"
- .HP 14
--\fBpam_permit\.so\fR
-+\fBpam_permit\&.so\fR
+-.TH "PAM_PERMIT" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_PERMIT" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_permit \- The promiscuous module
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_permit\&.so\fR\ 'u
+ \fBpam_permit\&.so\fR
+-.fam
.SH "DESCRIPTION"
.PP
--pam_permit is a PAM module that always permit access\. It does nothing else\.
-+pam_permit is a PAM module that always permit access\&. It does nothing else\&.
- .PP
- In the case of authentication, the user\'s name will be set to
- \fInobody\fR
--if the application didn\'t set one\. Many applications and PAM modules become confused if this name is unknown\.
-+if the application didn\'t set one\&. Many applications and PAM modules become confused if this name is unknown\&.
- .PP
--This module is very dangerous\. It should be used with extreme caution\.
-+This module is very dangerous\&. It should be used with extreme caution\&.
- .SH "OPTIONS"
- .PP
--This module does not recognise any options\.
-+This module does not recognise any options\&.
- .SH "MODULE SERVICES PROVIDED"
- .PP
- The services
-@@ -35,20 +35,20 @@
- \fBpassword\fR
- and
- \fBsession\fR
--are supported\.
-+are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
- .RS 4
--This module always returns this value\.
-+This module always returns this value\&.
- .RE
- .SH "EXAMPLES"
- .PP
--Add this line to your other login entries to disable account management, but continue to permit users to log in\.
-+Add this line to your other login entries to disable account management, but continue to permit users to log in\&.
- .sp
+ pam_permit is a PAM module that always permit access\&. It does nothing else\&.
+@@ -207,24 +57,10 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--account required pam_permit\.so
-+account required pam_permit\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ account required pam_permit\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -58,7 +58,7 @@
+ .\}
+@@ -234,7 +70,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_permit was written by Andrew G\. Morgan, <morgan@kernel\.org>\.
-+pam_permit was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_permit/pam_permit.8.xml
+ pam_permit was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_permit/pam_permit.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_permit/pam_permit.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_permit/pam_permit.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -90,7 +90,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_permit/pam_permit.8.xml
++++ pam.deb/modules/pam_permit/pam_permit.8.xml
+@@ -91,7 +91,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -4617,149 +7789,274 @@ Index: debian-pkg-pam/modules/pam_permit/pam_permit.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_rhosts/pam_rhosts.8
+Index: pam.deb/modules/pam_rhosts/pam_rhosts.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_rhosts/pam_rhosts.8 2009-04-17 12:44:12.000000000 -0700
-+++ debian-pkg-pam/modules/pam_rhosts/pam_rhosts.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,95 +1,95 @@
+--- pam.deb.orig/modules/pam_rhosts/pam_rhosts.8
++++ pam.deb/modules/pam_rhosts/pam_rhosts.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_rhosts
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_RHOSTS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_RHOSTS" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_rhosts - The rhosts PAM module
-+pam_rhosts \- The rhosts PAM module
- .SH "SYNOPSIS"
- .HP 14
--\fBpam_rhosts\.so\fR
-+\fBpam_rhosts\&.so\fR
+-.TH "PAM_RHOSTS" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_RHOSTS" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_rhosts \- The rhosts PAM module
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_rhosts\&.so\fR\ 'u
+ \fBpam_rhosts\&.so\fR
+-.fam
.SH "DESCRIPTION"
.PP
This module performs the standard network authentication for services, as used by traditional implementations of
- \fBrlogin\fR
- and
- \fBrsh\fR
--etc\.
-+etc\&.
+@@ -182,10 +32,10 @@
+ etc\&.
.PP
The authentication mechanism of this module is based on the contents of two files;
--\fI/etc/hosts\.equiv\fR
-+\fI/etc/hosts\&.equiv\fR
+-\FC/etc/hosts\&.equiv\F[]
++/etc/hosts\&.equiv
(or and
--\fI~/\.rhosts\fR\. Firstly, hosts listed in the former file are treated as equivalent to the localhost\. Secondly, entries in the user\'s own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\'s account on the current host\. Access is granted to the user if their host is present in
--\fI/etc/hosts\.equiv\fR
--and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\.
-+\fI~/\&.rhosts\fR\&. Firstly, hosts listed in the former file are treated as equivalent to the localhost\&. Secondly, entries in the user\'s own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\'s account on the current host\&. Access is granted to the user if their host is present in
-+\fI/etc/hosts\&.equiv\fR
-+and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\&.
+-\FC~/\&.rhosts\F[]\&. Firstly, hosts listed in the former file are treated as equivalent to the localhost\&. Secondly, entries in the user\'s own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\'s account on the current host\&. Access is granted to the user if their host is present in
+-\FC/etc/hosts\&.equiv\F[]
++~/\&.rhosts\&. Firstly, hosts listed in the former file are treated as equivalent to the localhost\&. Secondly, entries in the user\'s own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\'s account on the current host\&. Access is granted to the user if their host is present in
++/etc/hosts\&.equiv
+ and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\&.
.PP
The module authenticates a remote user (internally specified by the item
- \fIPAM_RUSER\fR
- connecting from the remote host (internally specified by the item
--\fBPAM_RHOST\fR)\. Accordingly, for applications to be compatible this authentication module they must set these items prior to calling
--\fBpam_authenticate()\fR\. The module is not capable of independently probing the network connection for such information\.
-+\fBPAM_RHOST\fR)\&. Accordingly, for applications to be compatible this authentication module they must set these items prior to calling
-+\fBpam_authenticate()\fR\&. The module is not capable of independently probing the network connection for such information\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
- \fBsilent\fR
- .RS 4
--Don\'t print informative messages\.
-+Don\'t print informative messages\&.
- .RE
- .PP
- \fBsuperuser=\fR\fB\fIaccount\fR\fR
- .RS 4
- Handle
- \fIaccount\fR
--as root\.
-+as root\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBauth\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
+@@ -221,7 +71,7 @@
PAM_AUTH_ERR
.RS 4
The remote host, remote user name or the local user name couldn\'t be determined or access was denied by
--\fI\.rhosts\fR
--file\.
-+\fI\&.rhosts\fR
-+file\&.
+-\FC\&.rhosts\F[]
++\&.rhosts
+ file\&.
.RE
.PP
- PAM_USER_UNKNOWN
- .RS 4
--User is not known to system\.
-+User is not known to system\&.
- .RE
+@@ -232,26 +82,18 @@
.SH "EXAMPLES"
.PP
To grant a remote user access by
--\fI/etc/hosts\.equiv\fR
-+\fI/etc/hosts\&.equiv\fR
+-\FC/etc/hosts\&.equiv\F[]
++/etc/hosts\&.equiv
or
--\fI\.rhosts\fR
-+\fI\&.rhosts\fR
+-\FC\&.rhosts\F[]
++\&.rhosts
for
\fBrsh\fR
add the following lines to
--\fI/etc/pam\.d/rsh\fR:
-+\fI/etc/pam\&.d/rsh\fR:
+-\FC/etc/pam\&.d/rsh\F[]:
++/etc/pam\&.d/rsh:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--#%PAM\-1\.0
-+#%PAM\-1\&.0
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ #%PAM\-1\&.0
#
--auth required pam_rhosts\.so
--auth required pam_nologin\.so
--auth required pam_env\.so
--auth required pam_unix\.so
-+auth required pam_rhosts\&.so
-+auth required pam_nologin\&.so
-+auth required pam_env\&.so
-+auth required pam_unix\&.so
+ auth required pam_rhosts\&.so
+@@ -259,13 +101,7 @@
+ auth required pam_env\&.so
+ auth required pam_unix\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -102,7 +102,7 @@
+ .\}
+@@ -278,7 +114,7 @@
\fBrhosts\fR(5),
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\.de>
-+pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\&.de>
-Index: debian-pkg-pam/modules/pam_rhosts/pam_rhosts.8.xml
+ pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\&.de>
+Index: pam.deb/modules/pam_rhosts/pam_rhosts.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_rhosts/pam_rhosts.8.xml 2009-04-17 12:44:12.000000000 -0700
-+++ debian-pkg-pam/modules/pam_rhosts/pam_rhosts.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_rhosts/pam_rhosts.8.xml
++++ pam.deb/modules/pam_rhosts/pam_rhosts.8.xml
@@ -156,7 +156,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -4767,115 +8064,241 @@ Index: debian-pkg-pam/modules/pam_rhosts/pam_rhosts.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_rootok/pam_rootok.8
+Index: pam.deb/modules/pam_rootok/pam_rootok.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_rootok/pam_rootok.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_rootok/pam_rootok.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,41 +1,41 @@
+--- pam.deb.orig/modules/pam_rootok/pam_rootok.8
++++ pam.deb/modules/pam_rootok/pam_rootok.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_rootok
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_ROOTOK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_ROOTOK" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_rootok - Gain only root access
-+pam_rootok \- Gain only root access
- .SH "SYNOPSIS"
- .HP 14
--\fBpam_rootok\.so\fR [debug]
-+\fBpam_rootok\&.so\fR [debug]
+-.TH "PAM_ROOTOK" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_ROOTOK" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_rootok \- Gain only root access
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_rootok\&.so\fR\ 'u
+ \fBpam_rootok\&.so\fR [debug]
+-.fam
.SH "DESCRIPTION"
.PP
pam_rootok is a PAM module that authenticates the user if their
- \fIUID\fR
- is
--\fI0\fR\. Applications that are created setuid\-root generally retain the
-+\fI0\fR\&. Applications that are created setuid\-root generally retain the
- \fIUID\fR
--of the user but run with the authority of an enhanced effective\-UID\. It is the real
-+of the user but run with the authority of an enhanced effective\-UID\&. It is the real
- \fIUID\fR
--that is checked\.
-+that is checked\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBauth\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
-@@ -43,7 +43,7 @@
- The
- \fIUID\fR
- is
--\fI0\fR\.
-+\fI0\fR\&.
- .RE
- .PP
- PAM_AUTH_ERR
-@@ -52,21 +52,21 @@
- \fIUID\fR
- is
- \fBnot\fR
--\fI0\fR\.
-+\fI0\fR\&.
- .RE
- .SH "EXAMPLES"
- .PP
+@@ -217,32 +67,18 @@
In the case of the
\fBsu\fR(1)
--application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
--\fI/etc/pam\.d/su\fR
-+application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\&. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
-+\fI/etc/pam\&.d/su\fR
+ application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\&. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
+-\FC/etc/pam\&.d/su\F[]
++/etc/pam\&.d/su
configuration file:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--# su authentication\. Root is granted access by default\.
--auth sufficient pam_rootok\.so
--auth required pam_unix\.so
-+# su authentication\&. Root is granted access by default\&.
-+auth sufficient pam_rootok\&.so
-+auth required pam_unix\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ # su authentication\&. Root is granted access by default\&.
+ auth sufficient pam_rootok\&.so
+ auth required pam_unix\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -77,7 +77,7 @@
+ .\}
+@@ -253,7 +89,7 @@
\fBsu\fR(1),
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_rootok was written by Andrew G\. Morgan, <morgan@kernel\.org>\.
-+pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_rootok/pam_rootok.8.xml
+ pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_rootok/pam_rootok.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_rootok/pam_rootok.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_rootok/pam_rootok.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_rootok/pam_rootok.8.xml
++++ pam.deb/modules/pam_rootok/pam_rootok.8.xml
@@ -115,7 +115,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -4883,132 +8306,265 @@ Index: debian-pkg-pam/modules/pam_rootok/pam_rootok.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_securetty/pam_securetty.8
+Index: pam.deb/modules/pam_securetty/pam_securetty.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_securetty/pam_securetty.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_securetty/pam_securetty.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,77 +1,77 @@
+--- pam.deb.orig/modules/pam_securetty/pam_securetty.8
++++ pam.deb/modules/pam_securetty/pam_securetty.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_securetty
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_SECURETTY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SECURETTY" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_securetty - Limit root login to special devices
-+pam_securetty \- Limit root login to special devices
- .SH "SYNOPSIS"
- .HP 17
--\fBpam_securetty\.so\fR [debug]
-+\fBpam_securetty\&.so\fR [debug]
+-.TH "PAM_SECURETTY" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_SECURETTY" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,18 +18,16 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_securetty \- Limit root login to special devices
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_securetty\&.so\fR\ 'u
+ \fBpam_securetty\&.so\fR [debug]
+-.fam
.SH "DESCRIPTION"
.PP
pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
--\fI/etc/securetty\fR\. pam_securetty also checks to make sure that
-+\fI/etc/securetty\fR\&. pam_securetty also checks to make sure that
- \fI/etc/securetty\fR
--is a plain file and not world writable\.
-+is a plain file and not world writable\&.
+-\FC/etc/securetty\F[]\&. pam_securetty also checks to make sure that
+-\FC/etc/securetty\F[]
++/etc/securetty\&. pam_securetty also checks to make sure that
++/etc/securetty
+ is a plain file and not world writable\&.
.PP
This module has no effect on non\-root users and requires that the application fills in the
- \fBPAM_TTY\fR
--item correctly\.
-+item correctly\&.
- .PP
- For canonical usage, should be listed as a
- \fBrequired\fR
- authentication method before any
- \fBsufficient\fR
--authentication methods\.
-+authentication methods\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBauth\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
- .RS 4
--The user is allowed to continue authentication\. Either the user is not root, or the root user is trying to log in on an acceptable device\.
-+The user is allowed to continue authentication\&. Either the user is not root, or the root user is trying to log in on an acceptable device\&.
- .RE
- .PP
+@@ -210,7 +60,7 @@
PAM_AUTH_ERR
.RS 4
--Authentication is rejected\. Either root is attempting to log in via an unacceptable device, or the
-+Authentication is rejected\&. Either root is attempting to log in via an unacceptable device, or the
- \fI/etc/securetty\fR
--file is world writable or not a normal file\.
-+file is world writable or not a normal file\&.
- .RE
- .PP
- PAM_INCOMPLETE
- .RS 4
--An application error occurred\. pam_securetty was not able to get information it required from the application that called it\.
-+An application error occurred\&. pam_securetty was not able to get information it required from the application that called it\&.
+ Authentication is rejected\&. Either root is attempting to log in via an unacceptable device, or the
+-\FC/etc/securetty\F[]
++/etc/securetty
+ file is world writable or not a normal file\&.
.RE
.PP
+@@ -222,13 +72,13 @@
PAM_SERVICE_ERR
.RS 4
An error occurred while the module was determining the user\'s name or tty, or the module could not open
--\fI/etc/securetty\fR\.
-+\fI/etc/securetty\fR\&.
+-\FC/etc/securetty\F[]\&.
++/etc/securetty\&.
.RE
.PP
- PAM_IGNORE
+ PAM_USER_UNKNOWN
.RS 4
The module could not find the user name in the
- \fI/etc/passwd\fR
--file to verify whether the user had a UID of 0\. Therefore, the results of running this module are ignored\.
-+file to verify whether the user had a UID of 0\&. Therefore, the results of running this module are ignored\&.
+-\FC/etc/passwd\F[]
++/etc/passwd
+ file to verify whether the user had a UID of 0\&. Therefore, the results of running this module are ignored\&.
.RE
.SH "EXAMPLES"
- .PP
-@@ -79,8 +79,8 @@
- .sp
+@@ -238,25 +88,11 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth required pam_securetty\.so
--auth required pam_unix\.so
-+auth required pam_securetty\&.so
-+auth required pam_unix\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth required pam_securetty\&.so
+ auth required pam_unix\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -91,7 +91,7 @@
+ .\}
+@@ -267,7 +103,7 @@
\fBsecuretty\fR(5),
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_securetty was written by Elliot Lee <sopwith@cuc\.edu>\.
-+pam_securetty was written by Elliot Lee <sopwith@cuc\&.edu>\&.
-Index: debian-pkg-pam/modules/pam_securetty/pam_securetty.8.xml
+ pam_securetty was written by Elliot Lee <sopwith@cuc\&.edu>\&.
+Index: pam.deb/modules/pam_securetty/pam_securetty.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_securetty/pam_securetty.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_securetty/pam_securetty.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_securetty/pam_securetty.8.xml
++++ pam.deb/modules/pam_securetty/pam_securetty.8.xml
@@ -152,7 +152,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -5016,141 +8572,234 @@ Index: debian-pkg-pam/modules/pam_securetty/pam_securetty.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_selinux/pam_selinux.8
+Index: pam.deb/modules/pam_selinux/pam_selinux.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_selinux/pam_selinux.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_selinux/pam_selinux.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,92 +1,92 @@
+--- pam.deb.orig/modules/pam_selinux/pam_selinux.8
++++ pam.deb/modules/pam_selinux/pam_selinux.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_selinux
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_SELINUX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SELINUX" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_selinux - PAM module to set the default security context
-+pam_selinux \- PAM module to set the default security context
- .SH "SYNOPSIS"
- .HP 15
--\fBpam_selinux\.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [use_current_range]
-+\fBpam_selinux\&.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [use_current_range]
+-.TH "PAM_SELINUX" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_SELINUX" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_selinux \- PAM module to set the default security context
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_selinux\&.so\fR\ 'u
+ \fBpam_selinux\&.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [env_params] [use_current_range]
+-.fam
.SH "DESCRIPTION"
.PP
--In a nutshell, pam_selinux sets up the default security context for the next execed shell\.
-+In a nutshell, pam_selinux sets up the default security context for the next execed shell\&.
- .PP
--When an application opens a session using pam_selinux, the shell that gets executed will be run in the default security context, or if the user chooses and the pam file allows the selected security context\. Also the controlling tty will have it\'s security context modified to match the users\.
-+When an application opens a session using pam_selinux, the shell that gets executed will be run in the default security context, or if the user chooses and the pam file allows the selected security context\&. Also the controlling tty will have it\'s security context modified to match the users\&.
- .PP
--Adding pam_selinux into a pam file could cause other pam modules to change their behavior if the exec another application\. The close and open option help mitigate this problem\. close option will only cause the close portion of the pam_selinux to execute, and open will only cause the open portion to run\. You can add pam_selinux to the config file twice\. Add the pam_selinux close as the executes the open pass through the modules, pam_selinux open_session will happen last\. When PAM executes the close pass through the modules pam_selinux close_session will happen first\.
-+Adding pam_selinux into a pam file could cause other pam modules to change their behavior if the exec another application\&. The close and open option help mitigate this problem\&. close option will only cause the close portion of the pam_selinux to execute, and open will only cause the open portion to run\&. You can add pam_selinux to the config file twice\&. Add the pam_selinux close as the executes the open pass through the modules, pam_selinux open_session will happen last\&. When PAM executes the close pass through the modules pam_selinux close_session will happen first\&.
- .SH "OPTIONS"
- .PP
- \fBclose\fR
- .RS 4
--Only execute the close_session portion of the module\.
-+Only execute the close_session portion of the module\&.
- .RE
- .PP
- \fBdebug\fR
- .RS 4
- Turns on debugging via
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
- .RE
- .PP
- \fBopen\fR
- .RS 4
--Only execute the open_session portion of the module\.
-+Only execute the open_session portion of the module\&.
- .RE
- .PP
- \fBnottys\fR
- .RS 4
--Do not try to setup the ttys security context\.
-+Do not try to setup the ttys security context\&.
- .RE
- .PP
- \fBverbose\fR
- .RS 4
--attempt to inform the user when security context is set\.
-+attempt to inform the user when security context is set\&.
- .RE
- .PP
- \fBselect_context\fR
- .RS 4
--Attempt to ask the user for a custom security context role\. If MLS is on ask also for sensitivity level\.
-+Attempt to ask the user for a custom security context role\&. If MLS is on ask also for sensitivity level\&.
- .RE
- .PP
- \fBuse_current_range\fR
- .RS 4
--Use the sensitivity range of the process for the user context\. This option and the select_context option are mutually exclusive\.
-+Use the sensitivity range of the process for the user context\&. This option and the select_context option are mutually exclusive\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBsession\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_AUTH_ERR
- .RS 4
--Unable to get or set a valid context\.
-+Unable to get or set a valid context\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--The security context was set successfull\.
-+The security context was set successfull\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--The user is not known to the system\.
-+The user is not known to the system\&.
- .RE
- .SH "EXAMPLES"
- .sp
+ In a nutshell, pam_selinux sets up the default security context for the next execed shell\&.
+@@ -251,26 +101,12 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth required pam_unix\.so
--session required pam_permit\.so
--session optional pam_selinux\.so
-+auth required pam_unix\&.so
-+session required pam_permit\&.so
-+session optional pam_selinux\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth required pam_unix\&.so
+ session required pam_permit\&.so
+ session optional pam_selinux\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -95,7 +95,7 @@
+ .\}
+@@ -279,7 +115,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_selinux was written by Dan Walsh <dwalsh@redhat\.com>\.
-+pam_selinux was written by Dan Walsh <dwalsh@redhat\&.com>\&.
-Index: debian-pkg-pam/modules/pam_selinux/pam_selinux.8.xml
+ pam_selinux was written by Dan Walsh <dwalsh@redhat\&.com>\&.
+Index: pam.deb/modules/pam_selinux/pam_selinux.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_selinux/pam_selinux.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_selinux/pam_selinux.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -205,7 +205,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_selinux/pam_selinux.8.xml
++++ pam.deb/modules/pam_selinux/pam_selinux.8.xml
+@@ -226,7 +226,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -5158,138 +8807,230 @@ Index: debian-pkg-pam/modules/pam_selinux/pam_selinux.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_sepermit/pam_sepermit.8
+Index: pam.deb/modules/pam_sepermit/pam_sepermit.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_sepermit/pam_sepermit.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_sepermit/pam_sepermit.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,53 +1,53 @@
+--- pam.deb.orig/modules/pam_sepermit/pam_sepermit.8
++++ pam.deb/modules/pam_sepermit/pam_sepermit.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_sepermit
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_SEPERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SEPERMIT" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_sepermit - PAM module to allow/deny login depending on SELinux enforcement state
-+pam_sepermit \- PAM module to allow/deny login depending on SELinux enforcement state
- .SH "SYNOPSIS"
- .HP 16
--\fBpam_sepermit\.so\fR [debug] [conf=\fI/path/to/config/file\fR]
-+\fBpam_sepermit\&.so\fR [debug] [conf=\fI/path/to/config/file\fR]
+-.TH "PAM_SEPERMIT" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_SEPERMIT" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_sepermit \- PAM module to allow/deny login depending on SELinux enforcement state
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_sepermit\&.so\fR\ 'u
+ \fBpam_sepermit\&.so\fR [debug] [conf=\fI/path/to/config/file\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_sepermit module allows or denies login depending on SELinux enforcement state\.
-+The pam_sepermit module allows or denies login depending on SELinux enforcement state\&.
- .PP
--When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\. Otherwise he is denied access\. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\.
-+When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\&. Otherwise he is denied access\&. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\&.
- .PP
--The config file contains a simple list of user names one per line\. If the
-+The config file contains a simple list of user names one per line\&. If the
- \fIname\fR
- is prefixed with
- \fI@\fR
- character it means that all users in the group
- \fIname\fR
--match\. If it is prefixed with a
-+match\&. If it is prefixed with a
- \fI%\fR
- character the SELinux user is used to match against the
- \fIname\fR
--instead of the account name\. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\.
-+instead of the account name\&. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\&. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\&.
- .PP
- Each user name in the configuration file can have optional arguments separated by
- \fI:\fR
--character\. The only currently recognized argument is
--\fIexclusive\fR\. The pam_sepermit module will allow only single concurrent user session for the user with this argument specified and it will attempt to kill all processes of the user after logout\.
-+character\&. The only currently recognized argument is
-+\fIexclusive\fR\&. The pam_sepermit module will allow only single concurrent user session for the user with this argument specified and it will attempt to kill all processes of the user after logout\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
- Turns on debugging via
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
- .RE
- .PP
- \fBconf=\fR\fB\fI/path/to/config/file\fR\fR
- .RS 4
--Path to alternative config file overriding the default\.
-+Path to alternative config file overriding the default\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -55,36 +55,36 @@
- \fBauth\fR
- and
- \fBaccount\fR
--services are supported\.
-+services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_AUTH_ERR
- .RS 4
--SELinux is disabled or in the permissive mode and the user matches\.
-+SELinux is disabled or in the permissive mode and the user matches\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--SELinux is in the enforcing mode and the user matches\.
-+SELinux is in the enforcing mode and the user matches\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
--The user does not match any entry in the config file\.
-+The user does not match any entry in the config file\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--The module was unable to determine the user\'s name\.
-+The module was unable to determine the user\'s name\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Error during reading or parsing the config file\.
-+Error during reading or parsing the config file\&.
+ The pam_sepermit module allows or denies login depending on SELinux enforcement state\&.
+@@ -242,7 +92,7 @@
.RE
.SH "FILES"
.PP
--\fI/etc/security/sepermit\.conf\fR
-+\fI/etc/security/sepermit\&.conf\fR
+-\FC/etc/security/sepermit\&.conf\F[]
++/etc/security/sepermit\&.conf
.RS 4
Default configuration file
.RE
-@@ -92,10 +92,10 @@
- .sp
+@@ -251,27 +101,13 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth [success=done ignore=ignore default=bad] pam_sepermit\.so
--auth required pam_unix\.so
--account required pam_unix\.so
--session required pam_permit\.so
-+auth [success=done ignore=ignore default=bad] pam_sepermit\&.so
-+auth required pam_unix\&.so
-+account required pam_unix\&.so
-+session required pam_permit\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth [success=done ignore=ignore default=bad] pam_sepermit\&.so
+ auth required pam_unix\&.so
+ account required pam_unix\&.so
+ session required pam_permit\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -104,7 +104,7 @@
+ .\}
+@@ -280,7 +116,7 @@
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
@@ -5297,12 +9038,11 @@ Index: debian-pkg-pam/modules/pam_sepermit/pam_sepermit.8
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_sepermit was written by Tomas Mraz <tmraz@redhat\.com>\.
-+pam_sepermit was written by Tomas Mraz <tmraz@redhat\&.com>\&.
-Index: debian-pkg-pam/modules/pam_sepermit/pam_sepermit.8.xml
+ pam_sepermit was written by Tomas Mraz <tmraz@redhat\&.com>\&.
+Index: pam.deb/modules/pam_sepermit/pam_sepermit.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_sepermit/pam_sepermit.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_sepermit/pam_sepermit.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_sepermit/pam_sepermit.8.xml
++++ pam.deb/modules/pam_sepermit/pam_sepermit.8.xml
@@ -174,7 +174,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -5312,102 +9052,250 @@ Index: debian-pkg-pam/modules/pam_sepermit/pam_sepermit.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_shells/pam_shells.8
+Index: pam.deb/modules/pam_shells/pam_shells.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_shells/pam_shells.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_shells/pam_shells.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,54 +1,54 @@
+--- pam.deb.orig/modules/pam_shells/pam_shells.8
++++ pam.deb/modules/pam_shells/pam_shells.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_shells
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_SHELLS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SHELLS" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_shells - PAM module to check for valid login shell
-+pam_shells \- PAM module to check for valid login shell
- .SH "SYNOPSIS"
- .HP 14
--\fBpam_shells\.so\fR
-+\fBpam_shells\&.so\fR
+-.TH "PAM_SHELLS" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_SHELLS" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,20 +18,18 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_shells \- PAM module to check for valid login shell
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_shells\&.so\fR\ 'u
+ \fBpam_shells\&.so\fR
+-.fam
.SH "DESCRIPTION"
.PP
pam_shells is a PAM module that only allows access to the system if the users shell is listed in
--\fI/etc/shells\fR\.
-+\fI/etc/shells\fR\&.
+-\FC/etc/shells\F[]\&.
++/etc/shells\&.
.PP
It also checks if
- \fI/etc/shells\fR
--is a plain file and not world writable\.
-+is a plain file and not world writable\&.
+-\FC/etc/shells\F[]
++/etc/shells
+ is a plain file and not world writable\&.
.SH "OPTIONS"
.PP
--This module does not recognise any options\.
-+This module does not recognise any options\&.
- .SH "MODULE SERVICES PROVIDED"
- .PP
- The services
- \fBauth\fR
- and
- \fBaccount\fR
--are supported\.
-+are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_AUTH_ERR
- .RS 4
--Access to the system was denied\.
-+Access to the system was denied\&.
- .RE
- .PP
+@@ -201,7 +51,7 @@
PAM_SUCCESS
.RS 4
The users login shell was listed as valid shell in
--\fI/etc/shells\fR\.
-+\fI/etc/shells\fR\&.
+-\FC/etc/shells\F[]\&.
++/etc/shells\&.
.RE
.PP
PAM_SERVICE_ERR
+@@ -215,24 +65,10 @@
+ .if n \{\
.RS 4
--The module was not able to get the name of the user\.
-+The module was not able to get the name of the user\&.
- .RE
- .SH "EXAMPLES"
- .PP
-@@ -56,7 +56,7 @@
- .sp
- .RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth required pam_shells\.so
-+auth required pam_shells\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth required pam_shells\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -67,7 +67,7 @@
+ .\}
+@@ -243,7 +79,7 @@
\fBshells\fR(5),
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_shells was written by Erik Troan <ewt@redhat\.com>\.
-+pam_shells was written by Erik Troan <ewt@redhat\&.com>\&.
-Index: debian-pkg-pam/modules/pam_shells/pam_shells.8.xml
+ pam_shells was written by Erik Troan <ewt@redhat\&.com>\&.
+Index: pam.deb/modules/pam_shells/pam_shells.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_shells/pam_shells.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_shells/pam_shells.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_shells/pam_shells.8.xml
++++ pam.deb/modules/pam_shells/pam_shells.8.xml
@@ -102,7 +102,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -5415,228 +9303,244 @@ Index: debian-pkg-pam/modules/pam_shells/pam_shells.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_succeed_if/pam_succeed_if.8
+Index: pam.deb/modules/pam_succeed_if/pam_succeed_if.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_succeed_if/pam_succeed_if.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_succeed_if/pam_succeed_if.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,25 +1,25 @@
+--- pam.deb.orig/modules/pam_succeed_if/pam_succeed_if.8
++++ pam.deb/modules/pam_succeed_if/pam_succeed_if.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_succeed_if
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM
.\" Source: Linux-PAM
+ .\" Language: English
.\"
--.TH "PAM_SUCCEED_IF" "8" "04/16/2008" "Linux-PAM" "Linux\-PAM"
-+.TH "PAM_SUCCEED_IF" "8" "07/27/2008" "Linux-PAM" "Linux\-PAM"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_succeed_if - test account characteristics
-+pam_succeed_if \- test account characteristics
- .SH "SYNOPSIS"
- .HP 18
--\fBpam_succeed_if\.so\fR [\fIflag\fR...] [\fIcondition\fR...]
-+\fBpam_succeed_if\&.so\fR [\fIflag\fR...] [\fIcondition\fR...]
+-.TH "PAM_SUCCEED_IF" "8" "06/16/2009" "Linux-PAM" "Linux\-PAM"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_SUCCEED_IF" "8" "08/24/2009" "Linux-PAM" "Linux\-PAM"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_succeed_if \- test account characteristics
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_succeed_if\&.so\fR\ 'u
+ \fBpam_succeed_if\&.so\fR [\fIflag\fR...] [\fIcondition\fR...]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_succeed_if\.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\. One use is to select whether to load other modules based on this test\.
-+pam_succeed_if\&.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\&. One use is to select whether to load other modules based on this test\&.
- .PP
--The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\.
-+The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\&.
- .SH "OPTIONS"
- .PP
- The following
-@@ -27,31 +27,31 @@
- .PP
- \fBdebug\fR
- .RS 4
--Turns on debugging messages sent to syslog\.
-+Turns on debugging messages sent to syslog\&.
- .RE
- .PP
- \fBuse_uid\fR
- .RS 4
--Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\.
-+Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&.
- .RE
- .PP
- \fBquiet\fR
- .RS 4
--Don\'t log failure or success to the system log\.
-+Don\'t log failure or success to the system log\&.
- .RE
- .PP
- \fBquiet_fail\fR
- .RS 4
--Don\'t log failure to the system log\.
-+Don\'t log failure to the system log\&.
- .RE
- .PP
- \fBquiet_success\fR
- .RS 4
--Don\'t log success to the system log\.
-+Don\'t log success to the system log\&.
- .RE
- .PP
-
--\fICondition\fRs are three words: a field, a test, and a value to test for\.
-+\fICondition\fRs are three words: a field, a test, and a value to test for\&.
- .PP
- Available fields are
- \fIuser\fR,
-@@ -64,101 +64,101 @@
- .PP
- \fBfield < number\fR
- .RS 4
--Field has a value numerically less than number\.
-+Field has a value numerically less than number\&.
- .RE
- .PP
- \fBfield <= number\fR
- .RS 4
--Field has a value numerically less than or equal to number\.
-+Field has a value numerically less than or equal to number\&.
- .RE
- .PP
- \fBfield eq number\fR
- .RS 4
--Field has a value numerically equal to number\.
-+Field has a value numerically equal to number\&.
- .RE
- .PP
- \fBfield >= number\fR
- .RS 4
--Field has a value numerically greater than or equal to number\.
-+Field has a value numerically greater than or equal to number\&.
- .RE
- .PP
- \fBfield > number\fR
- .RS 4
--Field has a value numerically greater than number\.
-+Field has a value numerically greater than number\&.
- .RE
- .PP
- \fBfield ne number\fR
- .RS 4
--Field has a value numerically different from number\.
-+Field has a value numerically different from number\&.
- .RE
- .PP
- \fBfield = string\fR
- .RS 4
--Field exactly matches the given string\.
-+Field exactly matches the given string\&.
- .RE
- .PP
- \fBfield != string\fR
- .RS 4
--Field does not match the given string\.
-+Field does not match the given string\&.
- .RE
- .PP
- \fBfield =~ glob\fR
- .RS 4
--Field matches the given glob\.
-+Field matches the given glob\&.
- .RE
- .PP
- \fBfield !~ glob\fR
- .RS 4
--Field does not match the given glob\.
-+Field does not match the given glob\&.
- .RE
- .PP
--\fBfield in item:item:\.\.\.\fR
-+\fBfield in item:item:\&.\&.\&.\fR
- .RS 4
--Field is contained in the list of items separated by colons\.
-+Field is contained in the list of items separated by colons\&.
- .RE
- .PP
--\fBfield notin item:item:\.\.\.\fR
-+\fBfield notin item:item:\&.\&.\&.\fR
- .RS 4
--Field is not contained in the list of items separated by colons\.
-+Field is not contained in the list of items separated by colons\&.
- .RE
- .PP
- \fBuser ingroup group\fR
- .RS 4
--User is in given group\.
-+User is in given group\&.
- .RE
- .PP
- \fBuser notingroup group\fR
- .RS 4
--User is not in given group\.
-+User is not in given group\&.
- .RE
- .PP
- \fBuser innetgr netgroup\fR
- .RS 4
--(user,host) is in given netgroup\.
-+(user,host) is in given netgroup\&.
- .RE
- .PP
- \fBuser notinnetgr group\fR
- .RS 4
--(user,host) is not in given netgroup\.
-+(user,host) is not in given netgroup\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
--All services are supported\.
-+All services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
- .RS 4
--The condition was true\.
-+The condition was true\&.
- .RE
- .PP
- PAM_AUTH_ERR
- .RS 4
--The condition was false\.
-+The condition was false\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--A service error occured or the arguments can\'t be parsed as numbers\.
-+A service error occured or the arguments can\'t be parsed as numbers\&.
- .RE
- .SH "EXAMPLES"
- .PP
-@@ -167,17 +167,17 @@
- .sp
+ pam_succeed_if\&.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\&. One use is to select whether to load other modules based on this test\&.
+@@ -330,24 +180,10 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth required pam_succeed_if\.so quiet user ingroup wheel
-+auth required pam_succeed_if\&.so quiet user ingroup wheel
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth required pam_succeed_if\&.so quiet user ingroup wheel
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .PP
--Given that the type matches, only loads the othermodule rule if the UID is over 500\. Adjust the number after default to skip several rules\.
-+Given that the type matches, only loads the othermodule rule if the UID is over 500\&. Adjust the number after default to skip several rules\&.
- .sp
+ .\}
+@@ -357,25 +193,11 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--type [default=1 success=ignore] pam_succeed_if\.so quiet uid > 500
--type required othermodule\.so arguments\.\.\.
-+type [default=1 success=ignore] pam_succeed_if\&.so quiet uid > 500
-+type required othermodule\&.so arguments\&.\&.\&.
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ type [default=1 success=ignore] pam_succeed_if\&.so quiet uid > 500
+ type required othermodule\&.so arguments\&.\&.\&.
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -185,7 +185,7 @@
+ .\}
+@@ -383,7 +205,7 @@
.PP
\fBglob\fR(7),
@@ -5644,13 +9548,12 @@ Index: debian-pkg-pam/modules/pam_succeed_if/pam_succeed_if.8
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--Nalin Dahyabhai <nalin@redhat\.com>
-+Nalin Dahyabhai <nalin@redhat\&.com>
-Index: debian-pkg-pam/modules/pam_succeed_if/pam_succeed_if.8.xml
+ Nalin Dahyabhai <nalin@redhat\&.com>
+Index: pam.deb/modules/pam_succeed_if/pam_succeed_if.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_succeed_if/pam_succeed_if.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_succeed_if/pam_succeed_if.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -285,7 +285,7 @@
+--- pam.deb.orig/modules/pam_succeed_if/pam_succeed_if.8.xml
++++ pam.deb/modules/pam_succeed_if/pam_succeed_if.8.xml
+@@ -286,7 +286,7 @@
<refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum>
</citerefentry>,
<citerefentry>
@@ -5659,284 +9562,296 @@ Index: debian-pkg-pam/modules/pam_succeed_if/pam_succeed_if.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_tally/pam_tally.8
+Index: pam.deb/modules/pam_tally/pam_tally.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_tally/pam_tally.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_tally/pam_tally.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,34 +1,34 @@
+--- pam.deb.orig/modules/pam_tally/pam_tally.8
++++ pam.deb/modules/pam_tally/pam_tally.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_tally
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_TALLY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_TALLY" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_tally - The login counter (tallying) module
-+pam_tally \- The login counter (tallying) module
- .SH "SYNOPSIS"
- .HP 13
--\fBpam_tally\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit]
-+\fBpam_tally\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit]
- .HP 10
+-.TH "PAM_TALLY" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_TALLY" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,17 +18,13 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_tally \- The login counter (tallying) module
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_tally\&.so\fR\ 'u
+ \fBpam_tally\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] [silent] [no_log_info]
+-.fam
+-.fam C
+ .HP \w'\fBpam_tally\fR\ 'u
\fBpam_tally\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet]
+-.fam
.SH "DESCRIPTION"
.PP
--This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\.
-+This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&.
- .PP
- pam_tally comes in two parts:
--\fBpam_tally\.so\fR
-+\fBpam_tally\&.so\fR
- and
--\fBpam_tally\fR\. The former is the PAM module and the latter, a stand\-alone program\.
-+\fBpam_tally\fR\&. The former is the PAM module and the latter, a stand\-alone program\&.
- \fBpam_tally\fR
--is an (optional) application which can be used to interrogate and manipulate the counter file\. It can display users\' counts, set individual counts, or clear all counts\. Setting artificially high counts may be useful for blocking users without changing their passwords\. For example, one might find it useful to clear all counts every midnight from a cron job\. The
-+is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display users\' counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&. The
- \fBfaillog\fR(8)
--command can be used instead of pam_tally to to maintain the counter file\.
-+command can be used instead of pam_tally to to maintain the counter file\&.
- .PP
- Normally, failed attempts to access
- \fIroot\fR
-@@ -36,7 +36,7 @@
- \fBnot\fR
- cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\'t given shell accounts and root may only login via
- \fBsu\fR
--or at the machine console (not telnet/rsh, etc), this is safe\.
-+or at the machine console (not telnet/rsh, etc), this is safe\&.
- .SH "OPTIONS"
- .PP
- GLOBAL OPTIONS
-@@ -45,7 +45,7 @@
- \fIauth\fR
- and
- \fIaccount\fR
--services\.
-+services\&.
- .PP
- \fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR
- .RS 4
-@@ -53,85 +53,85 @@
- \fBPAM_SUCESS\fR
- if
- \fBonerr=\fR\fB\fIsucceed\fR\fR
--is given, else with the corresponding PAM error code\.
-+is given, else with the corresponding PAM error code\&.
- .RE
- .PP
+ This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&.
+@@ -219,7 +67,7 @@
\fBfile=\fR\fB\fI/path/to/counter\fR\fR
.RS 4
--File where to keep counts\. Default is
--\fI/var/log/faillog\fR\.
-+File where to keep counts\&. Default is
-+\fI/var/log/faillog\fR\&.
+ File where to keep counts\&. Default is
+-\FC/var/log/faillog\F[]\&.
++/var/log/faillog\&.
.RE
.PP
\fBaudit\fR
- .RS 4
--Will log the user name into the system log if the user is not found\.
-+Will log the user name into the system log if the user is not found\&.
- .RE
- .RE
- .PP
- AUTH OPTIONS
- .RS 4
--Authentication phase first checks if user should be denied access and if not it increments attempted login counter\. Then on call to
-+Authentication phase first checks if user should be denied access and if not it increments attempted login counter\&. Then on call to
- \fBpam_setcred\fR(3)
--it resets the attempts counter\.
-+it resets the attempts counter\&.
- .PP
- \fBdeny=\fR\fB\fIn\fR\fR
- .RS 4
- Deny access if tally for this user exceeds
--\fIn\fR\.
-+\fIn\fR\&.
- .RE
- .PP
- \fBlock_time=\fR\fB\fIn\fR\fR
- .RS 4
- Always deny for
- \fIn\fR
--seconds after failed attempt\.
-+seconds after failed attempt\&.
- .RE
- .PP
- \fBunlock_time=\fR\fB\fIn\fR\fR
- .RS 4
- Allow access after
- \fIn\fR
--seconds after failed attempt\. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\.
-+seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&.
- .RE
- .PP
- \fBmagic_root\fR
- .RS 4
--If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like
--\fBsu\fR, otherwise this argument should be omitted\.
-+If the module is invoked by a user with uid=0 the counter is not incremented\&. The sys\-admin should use this for user launched services, like
-+\fBsu\fR, otherwise this argument should be omitted\&.
- .RE
- .PP
+@@ -274,7 +122,7 @@
\fBno_lock_time\fR
.RS 4
--Do not use the \.fail_locktime field in
-+Do not use the \&.fail_locktime field in
- \fI/var/log/faillog\fR
--for this user\.
-+for this user\&.
- .RE
- .PP
- \fBno_reset\fR
- .RS 4
--Don\'t reset count on successful entry, only decrement\.
-+Don\'t reset count on successful entry, only decrement\&.
- .RE
- .PP
- \fBeven_deny_root_account\fR
- .RS 4
--Root account can become unavailable\.
-+Root account can become unavailable\&.
+ Do not use the \&.fail_locktime field in
+-\FC/var/log/faillog\F[]
++/var/log/faillog
+ for this user\&.
.RE
.PP
+@@ -291,7 +139,7 @@
\fBper_user\fR
.RS 4
If
- \fI/var/log/faillog\fR
--contains a non\-zero \.fail_max/\.fail_locktime field for this user then use it instead of
-+contains a non\-zero \&.fail_max/\&.fail_locktime field for this user then use it instead of
+-\FC/var/log/faillog\F[]
++/var/log/faillog
+ contains a non\-zero \&.fail_max/\&.fail_locktime field for this user then use it instead of
\fBdeny=\fR\fB\fIn\fR\fR/
\fBlock_time=\fR\fB\fIn\fR\fR
--parameter\.
-+parameter\&.
- .RE
- .PP
+@@ -301,7 +149,7 @@
\fBno_lock_time\fR
.RS 4
--Don\'t use \.fail_locktime filed in
-+Don\'t use \&.fail_locktime filed in
- \fI/var/log/faillog\fR
--for this user\.
-+for this user\&.
- .RE
- .RE
- .PP
-@@ -139,19 +139,19 @@
- .RS 4
- Account phase resets attempts counter if the user is
- \fBnot\fR
--magic root\. This phase can be used optionaly for services which don\'t call
-+magic root\&. This phase can be used optionaly for services which don\'t call
- \fBpam_setcred\fR(3)
--correctly or if the reset should be done regardless of the failure of the account phase of other modules\.
-+correctly or if the reset should be done regardless of the failure of the account phase of other modules\&.
- .PP
- \fBmagic_root\fR
- .RS 4
--If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like
--\fBsu\fR, otherwise this argument should be omitted\.
-+If the module is invoked by a user with uid=0 the counter is not incremented\&. The sys\-admin should use this for user launched services, like
-+\fBsu\fR, otherwise this argument should be omitted\&.
- .RE
- .PP
- \fBno_reset\fR
- .RS 4
--Don\'t reset count on successful entry, only decrement\.
-+Don\'t reset count on successful entry, only decrement\&.
+ Don\'t use \&.fail_locktime filed in
+-\FC/var/log/faillog\F[]
++/var/log/faillog
+ for this user\&.
.RE
.RE
- .SH "MODULE SERVICES PROVIDED"
-@@ -160,46 +160,46 @@
- \fBauth\fR
- and
- \fBaccount\fR
--services are supported\.
-+services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_AUTH_ERR
- .RS 4
--A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\.
-+A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--Everything was successfull\.
-+Everything was successfull\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
+@@ -351,9 +199,9 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/login\fR
--to lock the account after too many failed logins\. The number of allowed fails is specified by
-+\fI/etc/pam\&.d/login\fR
-+to lock the account after too many failed logins\&. The number of allowed fails is specified by
- \fI/var/log/faillog\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
+ to lock the account after too many failed logins\&. The number of allowed fails is specified by
+-\FC/var/log/faillog\F[]
++/var/log/faillog
and needs to be set with pam_tally or
\fBfaillog\fR(8)
--before\.
-+before\&.
- .sp
+ before\&.
+@@ -361,15 +209,7 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--auth required pam_securetty\.so
--auth required pam_tally\.so per_user
--auth required pam_env\.so
--auth required pam_unix\.so
--auth required pam_nologin\.so
--account required pam_unix\.so
--password required pam_unix\.so
--session required pam_limits\.so
--session required pam_unix\.so
--session required pam_lastlog\.so nowtmp
--session optional pam_mail\.so standard
-+auth required pam_securetty\&.so
-+auth required pam_tally\&.so per_user
-+auth required pam_env\&.so
-+auth required pam_unix\&.so
-+auth required pam_nologin\&.so
-+account required pam_unix\&.so
-+password required pam_unix\&.so
-+session required pam_limits\&.so
-+session required pam_unix\&.so
-+session required pam_lastlog\&.so nowtmp
-+session optional pam_mail\&.so standard
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ auth required pam_securetty\&.so
+ auth required pam_tally\&.so per_user
+ auth required pam_env\&.so
+@@ -382,19 +222,13 @@
+ session required pam_lastlog\&.so nowtmp
+ session optional pam_mail\&.so standard
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -215,7 +215,7 @@
+ .\}
+ .SH "FILES"
+ .PP
+-\FC/var/log/faillog\F[]
++/var/log/faillog
+ .RS 4
+ failure logging file
+ .RE
+@@ -404,7 +238,7 @@
\fBfaillog\fR(8),
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_tally was written by Tim Baverstock and Tomas Mraz\.
-+pam_tally was written by Tim Baverstock and Tomas Mraz\&.
-Index: debian-pkg-pam/modules/pam_tally/pam_tally.8.xml
+ pam_tally was written by Tim Baverstock and Tomas Mraz\&.
+Index: pam.deb/modules/pam_tally/pam_tally.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_tally/pam_tally.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_tally/pam_tally.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -412,7 +412,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_tally/pam_tally.8.xml
++++ pam.deb/modules/pam_tally/pam_tally.8.xml
+@@ -438,7 +438,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -5944,132 +9859,252 @@ Index: debian-pkg-pam/modules/pam_tally/pam_tally.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_time/pam_time.8
+Index: pam.deb/modules/pam_time/pam_time.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_time/pam_time.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_time/pam_time.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,74 +1,74 @@
+--- pam.deb.orig/modules/pam_time/pam_time.8
++++ pam.deb/modules/pam_time/pam_time.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_time
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_TIME" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_TIME" "8" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_time - PAM module for time control access
-+pam_time \- PAM module for time control access
- .SH "SYNOPSIS"
- .HP 12
--\fBpam_time\.so\fR [debug] [noaudit]
-+\fBpam_time\&.so\fR [debug] [noaudit]
+-.TH "PAM_TIME" "8" "06/16/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_TIME" "8" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,19 +18,17 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_time \- PAM module for time control access
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_time\&.so\fR\ 'u
+ \fBpam_time\&.so\fR [debug] [noaudit]
+-.fam
.SH "DESCRIPTION"
.PP
--The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\.
-+The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\&. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\&.
+ The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\&. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\&.
.PP
By default rules for time/port access are taken from config file
--\fI/etc/security/time\.conf\fR\.
-+\fI/etc/security/time\&.conf\fR\&.
+-\FC/etc/security/time\&.conf\F[]\&.
++/etc/security/time\&.conf\&.
.PP
--If Linux PAM is compiled with audit support the module will report when it denies access\.
-+If Linux PAM is compiled with audit support the module will report when it denies access\&.
+ If Linux PAM is compiled with audit support the module will report when it denies access\&.
.SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
- Some debug informations are printed with
--\fBsyslog\fR(3)\.
-+\fBsyslog\fR(3)\&.
- .RE
- .PP
- \fBnoaudit\fR
- .RS 4
--Do not report logins at disallowed time to the audit subsystem\.
-+Do not report logins at disallowed time to the audit subsystem\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBaccount\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_SUCCESS
- .RS 4
--Access was granted\.
-+Access was granted\&.
- .RE
- .PP
- PAM_ABORT
- .RS 4
--Not all relevant data could be gotten\.
-+Not all relevant data could be gotten\&.
- .RE
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_PERM_DENIED
- .RS 4
--Access was not granted\.
-+Access was not granted\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--The user is not known to the system\.
-+The user is not known to the system\&.
+@@ -226,7 +76,7 @@
.RE
.SH "FILES"
.PP
--\fI/etc/security/time\.conf\fR
-+\fI/etc/security/time\&.conf\fR
+-\FC/etc/security/time\&.conf\F[]
++/etc/security/time\&.conf
.RS 4
Default configuration file
.RE
-@@ -76,11 +76,11 @@
- .sp
+@@ -235,28 +85,14 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--#%PAM\-1\.0
-+#%PAM\-1\&.0
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ #%PAM\-1\&.0
#
# apply pam_time accounting to login requests
#
--login account required pam_time\.so
-+login account required pam_time\&.so
+ login account required pam_time\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -89,7 +89,7 @@
+ .\}
+@@ -265,7 +101,7 @@
\fBtime.conf\fR(5),
- \fBpam.d\fR(8),
--\fBpam\fR(8)\.
+ \fBpam.d\fR(5),
+-\fBpam\fR(8)\&.
+\fBpam\fR(7)\&.
.SH "AUTHOR"
.PP
--pam_time was written by Andrew G\. Morgan <morgan@kernel\.org>\.
-+pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
-Index: debian-pkg-pam/modules/pam_time/pam_time.8.xml
+ pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&.
+Index: pam.deb/modules/pam_time/pam_time.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_time/pam_time.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_time/pam_time.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_time/pam_time.8.xml
++++ pam.deb/modules/pam_time/pam_time.8.xml
@@ -169,7 +169,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -6077,132 +10112,239 @@ Index: debian-pkg-pam/modules/pam_time/pam_time.8.xml
</citerefentry>.
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_umask/pam_umask.8
+Index: pam.deb/modules/pam_umask/pam_umask.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_umask/pam_umask.8 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_umask/pam_umask.8 2009-04-17 12:47:20.000000000 -0700
-@@ -1,23 +1,23 @@
+--- pam.deb.orig/modules/pam_umask/pam_umask.8
++++ pam.deb/modules/pam_umask/pam_umask.8
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_umask
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 06/16/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_UMASK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_UMASK" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_umask - PAM module to set the file mode creation mask
-+pam_umask \- PAM module to set the file mode creation mask
- .SH "SYNOPSIS"
- .HP 13
--\fBpam_umask\.so\fR [debug] [silent] [usergroups] [umask=\fImask\fR]
-+\fBpam_umask\&.so\fR [debug] [silent] [usergroups] [umask=\fImask\fR]
+-.TH "PAM_UMASK" "8" "06/16/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_UMASK" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_umask \- PAM module to set the file mode creation mask
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_umask\&.so\fR\ 'u
+ \fBpam_umask\&.so\fR [debug] [silent] [usergroups] [umask=\fImask\fR]
+-.fam
.SH "DESCRIPTION"
.PP
--pam_umask is a PAM module to set the file mode creation mask of the current environment\. The umask affects the default permissions assigned to newly created files\.
-+pam_umask is a PAM module to set the file mode creation mask of the current environment\&. The umask affects the default permissions assigned to newly created files\&.
- .PP
- The PAM module tries to get the umask value from the following places in the following order:
- .sp
-@@ -42,7 +42,7 @@
- .RE
- .sp
- .RS 4
--\h'-04'\(bu\h'+03'UMASK entry from /etc/login\.defs
-+\h'-04'\(bu\h'+03'UMASK entry from /etc/login\&.defs
- .RE
- .sp
- .RE
-@@ -51,56 +51,56 @@
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
- \fBsilent\fR
- .RS 4
--Don\'t print informative messages\.
-+Don\'t print informative messages\&.
- .RE
- .PP
- \fBusergroups\fR
- .RS 4
--If the user is not root, and the user ID is equal to the group ID, and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\.
-+If the user is not root, and the user ID is equal to the group ID, and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&.
- .RE
- .PP
- \fBumask=\fR\fB\fImask\fR\fR
- .RS 4
- Sets the calling process\'s file mode creation mask (umask) to
- \fBmask\fR
--& 0777\. The value is interpreted as Octal\.
-+& 0777\&. The value is interpreted as Octal\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
- Only the
- \fBsession\fR
--service is supported\.
-+service is supported\&.
- .SH "RETURN VALUES"
- .PP
- .PP
- PAM_SUCCESS
- .RS 4
--The new umask was set successfull\.
-+The new umask was set successfull\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--No username was given\.
-+No username was given\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
+ pam_umask is a PAM module to set the file mode creation mask of the current environment\&. The umask affects the default permissions assigned to newly created files\&.
+@@ -295,30 +145,16 @@
.SH "EXAMPLES"
.PP
Add the following line to
--\fI/etc/pam\.d/login\fR
-+\fI/etc/pam\&.d/login\fR
+-\FC/etc/pam\&.d/login\F[]
++/etc/pam\&.d/login
to set the user specific umask at login:
.sp
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-- session optional pam_umask\.so umask=0022
-+ session optional pam_umask\&.so umask=0022
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ session optional pam_umask\&.so umask=0022
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -110,7 +110,7 @@
+ .\}
+@@ -328,7 +164,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
--pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\.de>\.
-+pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&.
-Index: debian-pkg-pam/modules/pam_umask/pam_umask.8.xml
+ pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&.
+Index: pam.deb/modules/pam_umask/pam_umask.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_umask/pam_umask.8.xml 2009-04-17 12:44:13.000000000 -0700
-+++ debian-pkg-pam/modules/pam_umask/pam_umask.8.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/modules/pam_umask/pam_umask.8.xml
++++ pam.deb/modules/pam_umask/pam_umask.8.xml
@@ -205,7 +205,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -6210,25 +10352,25 @@ Index: debian-pkg-pam/modules/pam_umask/pam_umask.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/modules/pam_unix/pam_unix.8
+Index: pam.deb/modules/pam_unix/pam_unix.8
===================================================================
---- debian-pkg-pam.orig/modules/pam_unix/pam_unix.8 2009-04-17 12:47:19.000000000 -0700
-+++ debian-pkg-pam/modules/pam_unix/pam_unix.8 2009-04-17 12:47:20.000000000 -0700
-@@ -228,7 +228,7 @@
+--- pam.deb.orig/modules/pam_unix/pam_unix.8
++++ pam.deb/modules/pam_unix/pam_unix.8
+@@ -255,7 +255,7 @@
\fBpam.conf\fR(5),
- \fBpam.d\fR(8),
+ \fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
pam_unix was written by various people\&.
-Index: debian-pkg-pam/modules/pam_unix/pam_unix.8.xml
+Index: pam.deb/modules/pam_unix/pam_unix.8.xml
===================================================================
---- debian-pkg-pam.orig/modules/pam_unix/pam_unix.8.xml 2009-04-17 12:47:19.000000000 -0700
-+++ debian-pkg-pam/modules/pam_unix/pam_unix.8.xml 2009-04-17 12:47:20.000000000 -0700
-@@ -465,7 +465,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+--- pam.deb.orig/modules/pam_unix/pam_unix.8.xml
++++ pam.deb/modules/pam_unix/pam_unix.8.xml
+@@ -486,7 +486,7 @@
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
@@ -6236,131 +10378,203 @@ Index: debian-pkg-pam/modules/pam_unix/pam_unix.8.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/doc/man/misc_conv.3
+Index: pam.deb/doc/man/misc_conv.3
===================================================================
---- debian-pkg-pam.orig/doc/man/misc_conv.3 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/misc_conv.3 2009-04-17 12:47:20.000000000 -0700
-@@ -1,22 +1,22 @@
+--- pam.deb.orig/doc/man/misc_conv.3
++++ pam.deb/doc/man/misc_conv.3
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: misc_conv
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "MISC_CONV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "MISC_CONV" "3" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--misc_conv - text based conversation function
-+misc_conv \- text based conversation function
- .SH "SYNOPSIS"
+-.TH "MISC_CONV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "MISC_CONV" "3" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,23 +18,17 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ misc_conv \- text based conversation function
+-.SH "Synopsis"
++.SH "SYNOPSIS"
.sp
.ft B
+-.fam C
+-.ps -1
.nf
--#include <security/pam_misc\.h>
-+#include <security/pam_misc\&.h>
+ #include <security/pam_misc\&.h>
.fi
+-.fam
+-.ps +1
.ft
- .HP 15
-@@ -29,28 +29,28 @@
- \fBlibpam_misc\fR
- and not of the standard
- \fBlibpam\fR
--library\. This function will prompt the user with the appropriate comments and obtain the appropriate inputs as directed by authentication modules\.
-+library\&. This function will prompt the user with the appropriate comments and obtain the appropriate inputs as directed by authentication modules\&.
- .PP
- In addition to simply slotting into the appropriate
--\fBpam_conv\fR(3), this function provides some time\-out facilities\. The function exports five variables that can be used by an application programmer to limit the amount of time this conversation function will spend waiting for the user to type something\. The five variabls are as follows:
-+\fBpam_conv\fR(3), this function provides some time\-out facilities\&. The function exports five variables that can be used by an application programmer to limit the amount of time this conversation function will spend waiting for the user to type something\&. The five variabls are as follows:
- .PP
- \fBtime_t\fR \fIpam_misc_conv_warn_time\fR;
- .RS 4
- This variable contains the
- \fItime\fR
- (as returned by
--\fBtime\fR(2)) that the user should be first warned that the clock is ticking\. By default it has the value
--0, which indicates that no such warning will be given\. The application may set its value to sometime in the future, but this should be done prior to passing control to the
-+\fBtime\fR(2)) that the user should be first warned that the clock is ticking\&. By default it has the value
-+0, which indicates that no such warning will be given\&. The application may set its value to sometime in the future, but this should be done prior to passing control to the
- \fILinux\-PAM\fR
--library\.
-+library\&.
- .RE
- .PP
- \fBconst char *\fR\fIpam_misc_conv_warn_line\fR;
- .RS 4
- Used in conjuction with
--\fIpam_misc_conv_warn_time\fR, this variable is a pointer to the string that will be displayed when it becomes time to warn the user that the timeout is approaching\. Its default value is a translated version of
--\(lq\.\.\.Time is running out\.\.\.\(rq, but this can be changed by the application prior to passing control to
--\fILinux\-PAM\fR\.
-+\fIpam_misc_conv_warn_time\fR, this variable is a pointer to the string that will be displayed when it becomes time to warn the user that the timeout is approaching\&. Its default value is a translated version of
-+\(lq\&.\&.\&.Time is running out\&.\&.\&.\(rq, but this can be changed by the application prior to passing control to
-+\fILinux\-PAM\fR\&.
- .RE
- .PP
- \fBtime_t\fR \fIpam_misc_conv_die_time\fR;
-@@ -58,54 +58,54 @@
- This variable contains the
- \fItime\fR
- (as returned by
--\fBtime\fR(2)) that the will time out\. By default it has the value
--0, which indicates that the conversation function will not timeout\. The application may set its value to sometime in the future, but this should be done prior to passing control to the
-+\fBtime\fR(2)) that the will time out\&. By default it has the value
-+0, which indicates that the conversation function will not timeout\&. The application may set its value to sometime in the future, but this should be done prior to passing control to the
- \fILinux\-PAM\fR
--library\.
-+library\&.
- .RE
- .PP
- \fBconst char *\fR\fIpam_misc_conv_die_line\fR;
- .RS 4
- Used in conjuction with
--\fIpam_misc_conv_die_time\fR, this variable is a pointer to the string that will be displayed when the conversation times out\. Its default value is a translated version of
--\(lq\.\.\.Sorry, your time is up!\(rq, but this can be changed by the application prior to passing control to
--\fILinux\-PAM\fR\.
-+\fIpam_misc_conv_die_time\fR, this variable is a pointer to the string that will be displayed when the conversation times out\&. Its default value is a translated version of
-+\(lq\&.\&.\&.Sorry, your time is up!\(rq, but this can be changed by the application prior to passing control to
-+\fILinux\-PAM\fR\&.
- .RE
- .PP
- \fBint\fR \fIpam_misc_conv_died\fR;
- .RS 4
- Following a return from the
- \fILinux\-PAM\fR
--libraray, the value of this variable indicates whether the conversation has timed out\. A value of
-+libraray, the value of this variable indicates whether the conversation has timed out\&. A value of
- 1
--indicates the time\-out occurred\.
-+indicates the time\-out occurred\&.
- .RE
- .PP
--The following two function pointers are available for supporting binary prompts in the conversation function\. They are optimized for the current incarnation of the
-+The following two function pointers are available for supporting binary prompts in the conversation function\&. They are optimized for the current incarnation of the
- \fBlibpamc\fR
--library and are subject to change\.
-+library and are subject to change\&.
- .PP
- \fBint\fR \fI(*pam_binary_handler_fn)\fR(\fBvoid *\fR\fIappdata\fR, \fBpamc_bp_t *\fR\fIprompt_p\fR);
- .RS 4
- This function pointer is initialized to
- NULL
--but can be filled with a function that provides machine\-machine (hidden) message exchange\. It is intended for use with hidden authentication protocols such as RSA or Diffie\-Hellman key exchanges\. (This is still under development\.)
-+but can be filled with a function that provides machine\-machine (hidden) message exchange\&. It is intended for use with hidden authentication protocols such as RSA or Diffie\-Hellman key exchanges\&. (This is still under development\&.)
- .RE
+-.fam C
+ .HP \w'void\ misc_conv('u
+ .BI "void misc_conv(int\ " "num_msg" ", const\ struct\ pam_message\ **" "msgm" ", struct\ pam_response\ **" "response" ", void\ *" "appdata_ptr" ");"
+-.fam
+ .SH "DESCRIPTION"
.PP
- \fBint\fR \fI(*pam_binary_handler_free)\fR(\fBvoid *\fR\fIappdata\fR, \fBpamc_bp_t *\fR\fIdelete_me\fR);
- .RS 4
- This function pointer is initialized to
--\fBPAM_BP_RENEW(delete_me, 0, 0)\fR, but can be redefined as desired by the application\.
-+\fBPAM_BP_RENEW(delete_me, 0, 0)\fR, but can be redefined as desired by the application\&.
- .RE
- .SH "SEE ALSO"
+ The
+@@ -263,7 +109,7 @@
.PP
\fBpam_conv\fR(3),
@@ -6369,15 +10583,10 @@ Index: debian-pkg-pam/doc/man/misc_conv.3
.SH "STANDARDS"
.PP
The
- \fBmisc_conv\fR
- function is part of the
- \fBlibpam_misc\fR
--Library and not defined in any standard\.
-+Library and not defined in any standard\&.
-Index: debian-pkg-pam/doc/man/misc_conv.3.xml
+Index: pam.deb/doc/man/misc_conv.3.xml
===================================================================
---- debian-pkg-pam.orig/doc/man/misc_conv.3.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/misc_conv.3.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/doc/man/misc_conv.3.xml
++++ pam.deb/doc/man/misc_conv.3.xml
@@ -171,7 +171,7 @@
<refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -6387,114 +10596,212 @@ Index: debian-pkg-pam/doc/man/misc_conv.3.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/doc/man/pam_acct_mgmt.3
+Index: pam.deb/doc/man/pam_acct_mgmt.3
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_acct_mgmt.3 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_acct_mgmt.3 2009-04-17 12:47:20.000000000 -0700
-@@ -1,22 +1,22 @@
+--- pam.deb.orig/doc/man/pam_acct_mgmt.3
++++ pam.deb/doc/man/pam_acct_mgmt.3
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_acct_mgmt
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_ACCT_MGMT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ACCT_MGMT" "3" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_acct_mgmt - PAM account validation management
-+pam_acct_mgmt \- PAM account validation management
- .SH "SYNOPSIS"
+-.TH "PAM_ACCT_MGMT" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_ACCT_MGMT" "3" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,23 +18,17 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_acct_mgmt \- PAM account validation management
+-.SH "Synopsis"
++.SH "SYNOPSIS"
.sp
.ft B
+-.fam C
+-.ps -1
.nf
--#include <security/pam_appl\.h>
-+#include <security/pam_appl\&.h>
+ #include <security/pam_appl\&.h>
.fi
+-.fam
+-.ps +1
.ft
- .HP 18
-@@ -25,54 +25,54 @@
- .PP
- The
- \fBpam_acct_mgmt\fR
--function is used to determine if the users account is valid\. It checks for authentication token and account expiration and verifies access restrictions\. It is typically called after the user has been authenticated\.
-+function is used to determine if the users account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&.
+-.fam C
+ .HP \w'int\ pam_acct_mgmt('u
+ .BI "int pam_acct_mgmt(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+-.fam
+ .SH "DESCRIPTION"
.PP
The
- \fIpamh\fR
--argument is an authentication handle obtained by a prior call to pam_start()\. The flags argument is the binary or of zero or more of the following values:
-+argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
- .PP
- PAM_SILENT
- .RS 4
--Do not emit any messages\.
-+Do not emit any messages\&.
- .RE
- .PP
- PAM_DISALLOW_NULL_AUTHTOK
- .RS 4
--The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token\.
-+The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token\&.
- .RE
- .SH "RETURN VALUES"
- .PP
- PAM_ACCT_EXPIRED
- .RS 4
--User account has expired\.
-+User account has expired\&.
- .RE
- .PP
- PAM_AUTH_ERR
- .RS 4
--Authentication failure\.
-+Authentication failure\&.
- .RE
- .PP
- PAM_NEW_AUTHTOK_REQD
- .RS 4
- The user account is valid but their authentication token is
--\fIexpired\fR\. The correct response to this return\-value is to require that the user satisfies the
-+\fIexpired\fR\&. The correct response to this return\-value is to require that the user satisfies the
- \fBpam_chauthtok()\fR
--function before obtaining service\. It may not be possible for some applications to do this\. In such cases, the user should be denied access until such time as they can update their password\.
-+function before obtaining service\&. It may not be possible for some applications to do this\&. In such cases, the user should be denied access until such time as they can update their password\&.
- .RE
- .PP
- PAM_PERM_DENIED
- .RS 4
--Permission denied\.
-+Permission denied\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--The authentication token was successfully updated\.
-+The authentication token was successfully updated\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User unknown to password service\.
-+User unknown to password service\&.
- .RE
- .SH "SEE ALSO"
- .PP
-@@ -81,4 +81,4 @@
+@@ -243,4 +89,4 @@
\fBpam_authenticate\fR(3),
\fBpam_chauthtok\fR(3),
\fBpam_strerror\fR(3),
-\fBpam\fR(8)
+\fBpam\fR(7)
-Index: debian-pkg-pam/doc/man/pam_acct_mgmt.3.xml
+Index: pam.deb/doc/man/pam_acct_mgmt.3.xml
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_acct_mgmt.3.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_acct_mgmt.3.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/doc/man/pam_acct_mgmt.3.xml
++++ pam.deb/doc/man/pam_acct_mgmt.3.xml
@@ -138,7 +138,7 @@
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -6504,126 +10811,212 @@ Index: debian-pkg-pam/doc/man/pam_acct_mgmt.3.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/doc/man/pam_authenticate.3
+Index: pam.deb/doc/man/pam_authenticate.3
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_authenticate.3 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_authenticate.3 2009-04-17 12:47:20.000000000 -0700
-@@ -1,22 +1,22 @@
+--- pam.deb.orig/doc/man/pam_authenticate.3
++++ pam.deb/doc/man/pam_authenticate.3
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_authenticate
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_AUTHENTICATE" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_AUTHENTICATE" "3" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_authenticate - account authentication
-+pam_authenticate \- account authentication
- .SH "SYNOPSIS"
+-.TH "PAM_AUTHENTICATE" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_AUTHENTICATE" "3" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,23 +18,17 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_authenticate \- account authentication
+-.SH "Synopsis"
++.SH "SYNOPSIS"
.sp
.ft B
+-.fam C
+-.ps -1
.nf
--#include <security/pam_appl\.h>
-+#include <security/pam_appl\&.h>
+ #include <security/pam_appl\&.h>
.fi
+-.fam
+-.ps +1
.ft
- .HP 21
-@@ -25,26 +25,26 @@
- .PP
- The
- \fBpam_authenticate\fR
--function is used to authenticate the user\. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\.
-+function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&.
- .PP
- The PAM service module may request that the user enter their username vio the the conversation mechanism (see
- \fBpam_start\fR(3)
- and
--\fBpam_conv\fR(3))\. The name of the authenticated user will be present in the PAM item PAM_USER\. This item may be recovered with a call to
--\fBpam_get_item\fR(3)\.
-+\fBpam_conv\fR(3))\&. The name of the authenticated user will be present in the PAM item PAM_USER\&. This item may be recovered with a call to
-+\fBpam_get_item\fR(3)\&.
+-.fam C
+ .HP \w'int\ pam_authenticate('u
+ .BI "int pam_authenticate(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+-.fam
+ .SH "DESCRIPTION"
.PP
The
- \fIpamh\fR
--argument is an authentication handle obtained by a prior call to pam_start()\. The flags argument is the binary or of zero or more of the following values:
-+argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
- .PP
- PAM_SILENT
- .RS 4
--Do not emit any messages\.
-+Do not emit any messages\&.
- .RE
- .PP
- PAM_DISALLOW_NULL_AUTHTOK
- .RS 4
--The PAM module service should return PAM_AUTH_ERR if the user does not have a registered authentication token\.
-+The PAM module service should return PAM_AUTH_ERR if the user does not have a registered authentication token\&.
- .RE
- .SH "RETURN VALUES"
- .PP
-@@ -52,37 +52,37 @@
- .RS 4
- The application should exit immediately after calling
- \fBpam_end\fR(3)
--first\.
-+first\&.
- .RE
- .PP
- PAM_AUTH_ERR
- .RS 4
--The user was not authenticated\.
-+The user was not authenticated\&.
- .RE
- .PP
- PAM_CRED_INSUFFICIENT
- .RS 4
--For some reason the application does not have sufficient credentials to authenticate the user\.
-+For some reason the application does not have sufficient credentials to authenticate the user\&.
- .RE
- .PP
- PAM_AUTHINFO_UNVAIL
- .RS 4
--The modules were not able to access the authentication information\. This might be due to a network or hardware failure etc\.
-+The modules were not able to access the authentication information\&. This might be due to a network or hardware failure etc\&.
- .RE
- .PP
- PAM_MAXTRIES
- .RS 4
--One or more of the authentication modules has reached its limit of tries authenticating the user\. Do not try again\.
-+One or more of the authentication modules has reached its limit of tries authenticating the user\&. Do not try again\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--The user was successfully authenticated\.
-+The user was successfully authenticated\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User unknown to authentication service\.
-+User unknown to authentication service\&.
- .RE
- .SH "SEE ALSO"
- .PP
-@@ -91,4 +91,4 @@
+@@ -253,4 +99,4 @@
\fBpam_setcred\fR(3),
\fBpam_chauthtok\fR(3),
\fBpam_strerror\fR(3),
-\fBpam\fR(8)
+\fBpam\fR(7)
-Index: debian-pkg-pam/doc/man/pam_authenticate.3.xml
+Index: pam.deb/doc/man/pam_authenticate.3.xml
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_authenticate.3.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_authenticate.3.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/doc/man/pam_authenticate.3.xml
++++ pam.deb/doc/man/pam_authenticate.3.xml
@@ -162,7 +162,7 @@
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -6633,122 +11026,212 @@ Index: debian-pkg-pam/doc/man/pam_authenticate.3.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/doc/man/pam_chauthtok.3
+Index: pam.deb/doc/man/pam_chauthtok.3
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_chauthtok.3 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_chauthtok.3 2009-04-17 12:47:20.000000000 -0700
-@@ -1,22 +1,22 @@
+--- pam.deb.orig/doc/man/pam_chauthtok.3
++++ pam.deb/doc/man/pam_chauthtok.3
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_chauthtok
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_CHAUTHTOK" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_CHAUTHTOK" "3" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_chauthtok - updating authentication tokens
-+pam_chauthtok \- updating authentication tokens
- .SH "SYNOPSIS"
+-.TH "PAM_CHAUTHTOK" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_CHAUTHTOK" "3" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,23 +18,17 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_chauthtok \- updating authentication tokens
+-.SH "Synopsis"
++.SH "SYNOPSIS"
.sp
.ft B
+-.fam C
+-.ps -1
.nf
--#include <security/pam_appl\.h>
-+#include <security/pam_appl\&.h>
+ #include <security/pam_appl\&.h>
.fi
+-.fam
+-.ps +1
.ft
- .HP 18
-@@ -26,61 +26,61 @@
- The
- \fBpam_chauthtok\fR
- function is used to change the authentication token for a given user (as indicated by the state associated with the handle
--\fIpamh\fR)\.
-+\fIpamh\fR)\&.
+-.fam C
+ .HP \w'int\ pam_chauthtok('u
+ .BI "int pam_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
+-.fam
+ .SH "DESCRIPTION"
.PP
The
- \fIpamh\fR
--argument is an authentication handle obtained by a prior call to pam_start()\. The flags argument is the binary or of zero or more of the following values:
-+argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
- .PP
- PAM_SILENT
- .RS 4
--Do not emit any messages\.
-+Do not emit any messages\&.
- .RE
- .PP
- PAM_CHANGE_EXPIRED_AUTHTOK
- .RS 4
--This argument indicates to the modules that the users authentication token (password) should only be changed if it has expired\. If this argument is not passed, the application requires that all authentication tokens are to be changed\.
-+This argument indicates to the modules that the users authentication token (password) should only be changed if it has expired\&. If this argument is not passed, the application requires that all authentication tokens are to be changed\&.
- .RE
- .SH "RETURN VALUES"
- .PP
- PAM_AUTHTOK_ERR
- .RS 4
--A module was unable to obtain the new authentication token\.
-+A module was unable to obtain the new authentication token\&.
- .RE
- .PP
- PAM_AUTHTOK_RECOVERY_ERR
- .RS 4
--A module was unable to obtain the old authentication token\.
-+A module was unable to obtain the old authentication token\&.
- .RE
- .PP
- PAM_AUTHTOK_LOCK_BUSY
- .RS 4
--One or more of the modules was unable to change the authentication token since it is currently locked\.
-+One or more of the modules was unable to change the authentication token since it is currently locked\&.
- .RE
- .PP
- PAM_AUTHTOK_DISABLE_AGING
- .RS 4
--Authentication token aging has been disabled for at least one of the modules\.
-+Authentication token aging has been disabled for at least one of the modules\&.
- .RE
- .PP
- PAM_PERM_DENIED
- .RS 4
--Permission denied\.
-+Permission denied\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--The authentication token was successfully updated\.
-+The authentication token was successfully updated\&.
- .RE
- .PP
- PAM_TRY_AGAIN
- .RS 4
--Not all of the modules were in a position to update the authentication token(s)\. In such a case none of the user\'s authentication tokens are updated\.
-+Not all of the modules were in a position to update the authentication token(s)\&. In such a case none of the user\'s authentication tokens are updated\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User unknown to password service\.
-+User unknown to password service\&.
- .RE
- .SH "SEE ALSO"
- .PP
-@@ -90,4 +90,4 @@
+@@ -252,4 +98,4 @@
\fBpam_setcred\fR(3),
\fBpam_get_item\fR(3),
\fBpam_strerror\fR(3),
-\fBpam\fR(8)
+\fBpam\fR(7)
-Index: debian-pkg-pam/doc/man/pam_chauthtok.3.xml
+Index: pam.deb/doc/man/pam_chauthtok.3.xml
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_chauthtok.3.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_chauthtok.3.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/doc/man/pam_chauthtok.3.xml
++++ pam.deb/doc/man/pam_chauthtok.3.xml
@@ -157,7 +157,7 @@
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -6758,165 +11241,245 @@ Index: debian-pkg-pam/doc/man/pam_chauthtok.3.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/doc/man/pam_conv.3
+Index: pam.deb/doc/man/pam_conv.3
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_conv.3 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_conv.3 2009-04-17 12:47:20.000000000 -0700
-@@ -1,22 +1,22 @@
+--- pam.deb.orig/doc/man/pam_conv.3
++++ pam.deb/doc/man/pam_conv.3
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_conv
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_CONV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_CONV" "3" "07/27/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_conv - PAM conversation function
-+pam_conv \- PAM conversation function
- .SH "SYNOPSIS"
+-.TH "PAM_CONV" "3" "03/02/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_CONV" "3" "08/24/2009" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,22 +18,16 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_conv \- PAM conversation function
+-.SH "Synopsis"
++.SH "SYNOPSIS"
.sp
.ft B
+-.fam C
+-.ps -1
.nf
--#include <security/pam_appl\.h>
-+#include <security/pam_appl\&.h>
+ #include <security/pam_appl\&.h>
.fi
+-.fam
+-.ps +1
.ft
.sp
-@@ -42,36 +42,36 @@
- .RE
+-.fam C
+-.ps -1
+ .nf
+ struct pam_message {
+ int msg_style;
+@@ -200,8 +46,6 @@
+ };
+
+ .fi
+-.fam
+-.ps +1
.SH "DESCRIPTION"
.PP
--The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\. This callback is specified by the
-+The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the
- \fIstruct pam_conv\fR
- passed to
- \fBpam_start\fR(3)
--at the start of the transaction\.
-+at the start of the transaction\&.
- .PP
- When a module calls the referenced conv() function, the argument
- \fIappdata_ptr\fR
--is set to the second element of this structure\.
-+is set to the second element of this structure\&.
- .PP
--The other arguments of a call to conv() concern the information exchanged by module and application\. That is to say,
-+The other arguments of a call to conv() concern the information exchanged by module and application\&. That is to say,
- \fInum_msg\fR
- holds the length of the array of pointers,
--\fImsg\fR\. After a successful return, the pointer
-+\fImsg\fR\&. After a successful return, the pointer
- \fIresp\fR
--points to an array of pam_response structures, holding the application supplied text\. The
-+points to an array of pam_response structures, holding the application supplied text\&. The
- \fIresp_retcode\fR
--member of this struct is unused and should be set to zero\. It is the caller\'s responsibility to release both, this array and the responses themselves, using
--\fBfree\fR(3)\. Note,
-+member of this struct is unused and should be set to zero\&. It is the caller\'s responsibility to release both, this array and the responses themselves, using
-+\fBfree\fR(3)\&. Note,
- \fI*resp\fR
- is a
- \fIstruct pam_response\fR
--array and not an array of pointers\.
-+array and not an array of pointers\&.
- .PP
- The number of responses is always equal to the
- \fInum_msg\fR
--conversation function argument\. This does require that the response array is
--\fBfree\fR(3)\'d after every call to the conversation function\. The index of the responses corresponds directly to the prompt index in the pam_message array\.
-+conversation function argument\&. This does require that the response array is
-+\fBfree\fR(3)\'d after every call to the conversation function\&. The index of the responses corresponds directly to the prompt index in the pam_message array\&.
- .PP
--On failure, the conversation function should release any resources it has allocated, and return one of the predefined PAM error codes\.
-+On failure, the conversation function should release any resources it has allocated, and return one of the predefined PAM error codes\&.
- .PP
- Each message can have one of four types, specified by the
- \fImsg_style\fR
-@@ -80,36 +80,36 @@
- .PP
- PAM_PROMPT_ECHO_OFF
- .RS 4
--Obtain a string without echoing any text\.
-+Obtain a string without echoing any text\&.
- .RE
- .PP
- PAM_PROMPT_ECHO_ON
- .RS 4
--Obtain a string whilst echoing text\.
-+Obtain a string whilst echoing text\&.
- .RE
- .PP
- PAM_ERROR_MSG
- .RS 4
--Display an error message\.
-+Display an error message\&.
- .RE
- .PP
- PAM_TEXT_INFO
- .RS 4
--Display some text\.
-+Display some text\&.
- .RE
- .PP
--The point of having an array of messages is that it becomes possible to pass a number of things to the application in a single call from the module\. It can also be convenient for the application that related things come at once: a windows based application can then present a single form with many messages/prompts on at once\.
-+The point of having an array of messages is that it becomes possible to pass a number of things to the application in a single call from the module\&. It can also be convenient for the application that related things come at once: a windows based application can then present a single form with many messages/prompts on at once\&.
- .PP
--In passing, it is worth noting that there is a descrepency between the way Linux\-PAM handles the const struct pam_message **msg conversation function argument from the way that Solaris\' PAM (and derivitives, known to include HP/UX, are there others?) does\. Linux\-PAM interprets the msg argument as entirely equivalent to the following prototype const struct pam_message *msg[] (which, in spirit, is consistent with the commonly used prototypes for argv argument to the familiar main() function: char **argv; and char *argv[])\. Said another way Linux\-PAM interprets the msg argument as a pointer to an array of num_msg read only \'struct pam_message\' pointers\. Solaris\' PAM implementation interprets this argument as a pointer to a pointer to an array of num_msg pam_message structures\. Fortunately, perhaps, for most module/application developers when num_msg has a value of one these two definitions are entirely equivalent\. Unfortunately, casually raising this number to two has led to unanticipated compatibility problems\.
-+In passing, it is worth noting that there is a descrepency between the way Linux\-PAM handles the const struct pam_message **msg conversation function argument from the way that Solaris\' PAM (and derivitives, known to include HP/UX, are there others?) does\&. Linux\-PAM interprets the msg argument as entirely equivalent to the following prototype const struct pam_message *msg[] (which, in spirit, is consistent with the commonly used prototypes for argv argument to the familiar main() function: char **argv; and char *argv[])\&. Said another way Linux\-PAM interprets the msg argument as a pointer to an array of num_msg read only \'struct pam_message\' pointers\&. Solaris\' PAM implementation interprets this argument as a pointer to a pointer to an array of num_msg pam_message structures\&. Fortunately, perhaps, for most module/application developers when num_msg has a value of one these two definitions are entirely equivalent\&. Unfortunately, casually raising this number to two has led to unanticipated compatibility problems\&.
- .PP
- For what its worth the two known module writer work\-arounds for trying to maintain source level compatibility with both PAM implementations are:
- .sp
- .RS 4
--\h'-04'\(bu\h'+03'never call the conversation function with num_msg greater than one\.
-+\h'-04'\(bu\h'+03'never call the conversation function with num_msg greater than one\&.
- .RE
- .sp
- .RS 4
--\h'-04'\(bu\h'+03'set up msg as doubly referenced so both types of conversation function can find the messages\. That is, make
-+\h'-04'\(bu\h'+03'set up msg as doubly referenced so both types of conversation function can find the messages\&. That is, make
- .sp
+ The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the
+@@ -290,24 +134,10 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
-@@ -122,18 +122,18 @@
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_CONV_ERR
- .RS 4
--Conversation failure\. The application should not set
--\fI*resp\fR\.
-+Conversation failure\&. The application should not set
-+\fI*resp\fR\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--Success\.
-+Success\&.
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ msg[n] = & (( *msg )[n])
+
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
+ .fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
- .SH "SEE ALSO"
- .PP
-@@ -142,4 +142,4 @@
+ .\}
+@@ -336,4 +166,4 @@
\fBpam_set_item\fR(3),
\fBpam_get_item\fR(3),
\fBpam_strerror\fR(3),
-\fBpam\fR(8)
+\fBpam\fR(7)
-Index: debian-pkg-pam/doc/man/pam_conv.3.xml
+Index: pam.deb/doc/man/pam_conv.3.xml
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_conv.3.xml 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_conv.3.xml 2009-04-17 12:47:20.000000000 -0700
+--- pam.deb.orig/doc/man/pam_conv.3.xml
++++ pam.deb/doc/man/pam_conv.3.xml
@@ -221,7 +221,7 @@
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -6926,85 +11489,207 @@ Index: debian-pkg-pam/doc/man/pam_conv.3.xml
</citerefentry>
</para>
</refsect1>
-Index: debian-pkg-pam/doc/man/pam_error.3
+Index: pam.deb/doc/man/pam_error.3
===================================================================
---- debian-pkg-pam.orig/doc/man/pam_error.3 2009-04-17 12:44:14.000000000 -0700
-+++ debian-pkg-pam/doc/man/pam_error.3 2009-04-17 12:47:20.000000000 -0700
-@@ -1,33 +1,33 @@
+--- pam.deb.orig/doc/man/pam_error.3
++++ pam.deb/doc/man/pam_error.3
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_error
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [FIXME: author