diff options
Diffstat (limited to 'doc/adg')
-rw-r--r-- | doc/adg/Linux-PAM_ADG.xml | 21 | ||||
-rw-r--r-- | doc/adg/Makefile.in | 40 |
2 files changed, 33 insertions, 28 deletions
diff --git a/doc/adg/Linux-PAM_ADG.xml b/doc/adg/Linux-PAM_ADG.xml index 8f5ec115..5f4aa0ab 100644 --- a/doc/adg/Linux-PAM_ADG.xml +++ b/doc/adg/Linux-PAM_ADG.xml @@ -16,14 +16,14 @@ <email>kukuk@thkukuk.de</email> </author> </authorgroup> - <releaseinfo>Version 1.0, 3. April 2008</releaseinfo> + <releaseinfo>Version 1.1, 16. June 2009</releaseinfo> <abstract> <para> This manual documents what an application developer needs to know about the <emphasis remap='B'>Linux-PAM</emphasis> library. It describes how an application might use the <emphasis remap='B'>Linux-PAM</emphasis> library to authenticate - users. In addition it contains a description of the funtions + users. In addition it contains a description of the functions to be found in <filename>libpam_misc</filename> library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer. @@ -380,7 +380,7 @@ cc -o application .... -lpam -lpam_misc </para> </section> - <section id="adg-security-usre-identity"> + <section id="adg-security-user-identity"> <title>The identity of the user</title> <para> The <emphasis remap='B'>Linux-PAM</emphasis> modules will need @@ -395,9 +395,9 @@ cc -o application .... -lpam -lpam_misc issue of security. One convention that is actively used by some modules is that the identity of the user requesting a service should be the current <emphasis>UID</emphasis> - (userid) of the running process; the identity of the + (user ID) of the running process; the identity of the privilege granting user is the <emphasis>EUID</emphasis> - (effective userid) of the running process; the identity of + (effective user ID) of the running process; the identity of the user, under whose name the service will be executed, is given by the contents of the <emphasis>PAM_USER</emphasis> <citerefentry> @@ -459,7 +459,7 @@ cc -o application .... -lpam -lpam_misc This is also true of conversation prompts. The application should not accept prompts of arbitrary length with out checking for resource allocation failure and dealing with such extreme conditions gracefully - and in a mannor that preserves the PAM API. Such tolerance may be + and in a manner that preserves the PAM API. Such tolerance may be especially important when attempting to track a malicious adversary. </para> </section> @@ -470,7 +470,7 @@ cc -o application .... -lpam -lpam_misc <para> To aid the work of the application developer a library of miscellaneous functions is provided. It is called - <command>libpam_miscy</command>, and contains a text based + <command>libpam_misc</command>, and contains a text based conversation function, and routines for enhancing the standard PAM-environment variable support. </para> @@ -520,8 +520,9 @@ cc -o application .... -lpam -lpam_misc being be attached to it. The point being that the "standard" pop-authentication protocol(s) [which will be needed to satisfy inflexible/legacy clients] would be supported by inserting an - appropriate pam_qpopper module(s). However, having rewritten popd - once in this way any new protocols can be implemented in-situ. + appropriate pam_qpopper module(s). However, having rewritten + <command>popd</command> once in this way any new protocols can be + implemented in-situ. </para> <para> One simple test of a ported application would be to insert the @@ -558,7 +559,7 @@ cc -o application .... -lpam -lpam_misc him/herself in a variety of ways. Updating the user's authentication token thus corresponds to <emphasis>refreshing</emphasis> the object they use to - authenticate themself with the system. The word password is + authenticate them self with the system. The word password is avoided to keep open the possibility that the authentication involves a retinal scan or other non-textual mode of challenge/response. diff --git a/doc/adg/Makefile.in b/doc/adg/Makefile.in index b920e2f1..cf5874f1 100644 --- a/doc/adg/Makefile.in +++ b/doc/adg/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.10.1 from Makefile.am. +# Makefile.in generated by automake 1.10.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -39,13 +39,16 @@ subdir = doc/adg DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \ - $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -68,23 +71,19 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ -ECHO = @ECHO@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ FO2PDF = @FO2PDF@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -96,6 +95,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ @@ -119,6 +119,7 @@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ @@ -128,15 +129,18 @@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ +NM = @NM@ NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ -PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ @@ -150,10 +154,9 @@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ -WITH_DEBUG = @WITH_DEBUG@ -WITH_PAMLOCKING = @WITH_PAMLOCKING@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ @@ -165,8 +168,7 @@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -198,6 +200,7 @@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ @@ -212,6 +215,7 @@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = Linux-PAM_ADG.fo *~ @@ -226,8 +230,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ |