summaryrefslogtreecommitdiff
path: root/doc/modules
diff options
context:
space:
mode:
Diffstat (limited to 'doc/modules')
-rw-r--r--doc/modules/pam_pwdb.sgml12
-rw-r--r--doc/modules/pam_unix.sgml22
2 files changed, 25 insertions, 9 deletions
diff --git a/doc/modules/pam_pwdb.sgml b/doc/modules/pam_pwdb.sgml
index 2ee102e1..51f4f86d 100644
--- a/doc/modules/pam_pwdb.sgml
+++ b/doc/modules/pam_pwdb.sgml
@@ -99,7 +99,8 @@ login account required pam_pwdb.so
<tt/try_first_pass/;
<tt/nullok/;
<tt/nodelay/;
-<tt/likeauth/
+<tt/likeauth/;
+<tt/noreap/
<tag><bf>Description:</bf></tag>
@@ -137,7 +138,14 @@ password when it is stored in a read protected database. This binary
is very simple and will only check the password of the user invoking
it. It is called transparently on behalf of the user by the
authenticating component of this module. In this way it is possible
-for applications like <em>xlock</em> to work without being setuid-root.
+for applications like <em>xlock</em> to work without being
+setuid-root. The module, by default, will temporarily turn off
+<tt/SIGCHLD/ handling for the duration of execution of the helper
+binary. This is generally the right thing to do, as many applications
+are not prepared to handle this signal from a child they didn't know
+was <tt/fork()/d. The <tt/noreap/ module argument can be used to
+suppress this temporary shielding and may be needed for use with
+certain applications.
<p>
The <tt>likeauth</tt> argument makes the module return the same value
diff --git a/doc/modules/pam_unix.sgml b/doc/modules/pam_unix.sgml
index 286cd3f8..86c584a8 100644
--- a/doc/modules/pam_unix.sgml
+++ b/doc/modules/pam_unix.sgml
@@ -97,7 +97,8 @@ login account required pam_unix.so
<tt/use_first_pass/;
<tt/try_first_pass/;
<tt/nullok/;
-<tt/nodelay/
+<tt/nodelay/;
+<tt/noreap/
<tag><bf>Description:</bf></tag>
@@ -126,17 +127,24 @@ authentication as a whole fail. The default action is for the module
to request a delay-on-failure of the order of one second.
<p>
-Remaining arguments, supported by the other functions of this module,
-are silently ignored. Other arguments are logged as errors through
-<tt/syslog(3)/.
-
-<p>
A helper binary, <tt>unix_chkpwd</tt>, is provided to check the user's
password when it is stored in a read protected database. This binary
is very simple and will only check the password of the user invoking
it. It is called transparently on behalf of the user by the
authenticating component of this module. In this way it is possible
-for applications like <em>xlock</em> to work without being setuid-root.
+for applications like <em>xlock</em> to work without being
+setuid-root. The module, by default, will temporarily turn off
+<tt/SIGCHLD/ handling for the duration of execution of the helper
+binary. This is generally the right thing to do, as many applications
+are not prepared to handle this signal from a child they didn't know
+was <tt/fork()/d. The <tt/noreap/ module argument can be used to
+suppress this temporary shielding and may be needed for use with
+certain applications.
+
+<p>
+Remaining arguments, supported by the other functions of this module,
+are silently ignored. Other arguments are logged as errors through
+<tt/syslog(3)/.
<tag><bf>Examples/suggested usage:</bf></tag>