diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/adg/Linux-PAM_ADG.xml | 19 | ||||
| -rw-r--r-- | doc/mwg/Linux-PAM_MWG.xml | 6 | ||||
| -rw-r--r-- | doc/sag/Linux-PAM_SAG.xml | 12 |
3 files changed, 19 insertions, 18 deletions
diff --git a/doc/adg/Linux-PAM_ADG.xml b/doc/adg/Linux-PAM_ADG.xml index 8f5ec115..ad7966df 100644 --- a/doc/adg/Linux-PAM_ADG.xml +++ b/doc/adg/Linux-PAM_ADG.xml @@ -23,7 +23,7 @@ about the <emphasis remap='B'>Linux-PAM</emphasis> library. It describes how an application might use the <emphasis remap='B'>Linux-PAM</emphasis> library to authenticate - users. In addition it contains a description of the funtions + users. In addition it contains a description of the functions to be found in <filename>libpam_misc</filename> library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer. @@ -380,7 +380,7 @@ cc -o application .... -lpam -lpam_misc </para> </section> - <section id="adg-security-usre-identity"> + <section id="adg-security-user-identity"> <title>The identity of the user</title> <para> The <emphasis remap='B'>Linux-PAM</emphasis> modules will need @@ -395,9 +395,9 @@ cc -o application .... -lpam -lpam_misc issue of security. One convention that is actively used by some modules is that the identity of the user requesting a service should be the current <emphasis>UID</emphasis> - (userid) of the running process; the identity of the + (user ID) of the running process; the identity of the privilege granting user is the <emphasis>EUID</emphasis> - (effective userid) of the running process; the identity of + (effective user ID) of the running process; the identity of the user, under whose name the service will be executed, is given by the contents of the <emphasis>PAM_USER</emphasis> <citerefentry> @@ -459,7 +459,7 @@ cc -o application .... -lpam -lpam_misc This is also true of conversation prompts. The application should not accept prompts of arbitrary length with out checking for resource allocation failure and dealing with such extreme conditions gracefully - and in a mannor that preserves the PAM API. Such tolerance may be + and in a manner that preserves the PAM API. Such tolerance may be especially important when attempting to track a malicious adversary. </para> </section> @@ -470,7 +470,7 @@ cc -o application .... -lpam -lpam_misc <para> To aid the work of the application developer a library of miscellaneous functions is provided. It is called - <command>libpam_miscy</command>, and contains a text based + <command>libpam_misc</command>, and contains a text based conversation function, and routines for enhancing the standard PAM-environment variable support. </para> @@ -520,8 +520,9 @@ cc -o application .... -lpam -lpam_misc being be attached to it. The point being that the "standard" pop-authentication protocol(s) [which will be needed to satisfy inflexible/legacy clients] would be supported by inserting an - appropriate pam_qpopper module(s). However, having rewritten popd - once in this way any new protocols can be implemented in-situ. + appropriate pam_qpopper module(s). However, having rewritten + <command>popd</command> once in this way any new protocols can be + implemented in-situ. </para> <para> One simple test of a ported application would be to insert the @@ -558,7 +559,7 @@ cc -o application .... -lpam -lpam_misc him/herself in a variety of ways. Updating the user's authentication token thus corresponds to <emphasis>refreshing</emphasis> the object they use to - authenticate themself with the system. The word password is + authenticate them self with the system. The word password is avoided to keep open the possibility that the authentication involves a retinal scan or other non-textual mode of challenge/response. diff --git a/doc/mwg/Linux-PAM_MWG.xml b/doc/mwg/Linux-PAM_MWG.xml index 5a09a7cf..0c6c9201 100644 --- a/doc/mwg/Linux-PAM_MWG.xml +++ b/doc/mwg/Linux-PAM_MWG.xml @@ -71,7 +71,7 @@ </para> </section> - <section id="mwg-introducton-synopsis"> + <section id="mwg-introduction-synopsis"> <title>Synopsis</title> <programlisting> #include <security/pam_modules.h> @@ -97,7 +97,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam First, we cover what the module should expect from the <emphasis remap='B'>Linux-PAM</emphasis> library and a <emphasis remap='B'>Linux-PAM</emphasis> aware application. - Essesntially this is the <filename>libpam.*</filename> library. + Essentially this is the <filename>libpam.*</filename> library. </para> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_set_data.xml"/> @@ -169,7 +169,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam token of some lesser user. In other cases it may not be appropriate: when <command>joe</command> maliciously wants to reset <command>alice</command>'s password; or when anyone - other than the user themself wishes to reset their + other than the user them self wishes to reset their <emphasis>KERBEROS</emphasis> authentication token. A policy for this action should be defined by any reasonable authentication scheme, the module writer should consider diff --git a/doc/sag/Linux-PAM_SAG.xml b/doc/sag/Linux-PAM_SAG.xml index b83355ef..a3fc1ee8 100644 --- a/doc/sag/Linux-PAM_SAG.xml +++ b/doc/sag/Linux-PAM_SAG.xml @@ -27,7 +27,7 @@ </abstract> </bookinfo> - <chapter id='sag-introductoin'> + <chapter id='sag-introduction'> <title>Introduction</title> <para> <emphasis remap='B'>Linux-PAM</emphasis> (Pluggable Authentication @@ -85,7 +85,7 @@ here for locating these files are those of the relevant RFC (RFC-86.0, see <link linkend="sag-see-also">bibliography"</link>). If you are using a distribution of Linux (or some other operating system) that - supports PAM but chooses to distribute these files in a diferent way + supports PAM but chooses to distribute these files in a different way you should be careful when copying examples directly from the text. </para> <para> @@ -210,7 +210,7 @@ If a program is going to use PAM, then it has to have PAM functions explicitly coded into the program. If you have access to the source code you can add the appropriate PAM - functions. If you do not have accessto the source code, and + functions. If you do not have access to the source code, and the binary does not have the PAM functions included, then it is not possible to use PAM. </para> @@ -227,7 +227,7 @@ href="../man/pam.conf-syntax.xml" xpointer='xpointer(//section[@id = "pam.conf-syntax"]/*)' /> </section> - <section id='sag-configuratin-dirctory'> + <section id='sag-configuration-directory'> <title>Directory based configuration</title> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../man/pam.conf-dir.xml" @@ -333,7 +333,7 @@ session required pam_unix.so <chapter id='sag-security-issues'> <title>Security issues</title> - <section id='sag-scurity-issues-wrong'> + <section id='sag-security-issues-wrong'> <title>If something goes wrong</title> <para> <emphasis remap='B'>Linux-PAM</emphasis> has the potential @@ -341,7 +341,7 @@ session required pam_unix.so choose to have no security or absolute security (no access permitted). In general, <emphasis remap='B'>Linux-PAM</emphasis> errs towards the latter. Any number of configuration errors - can dissable access to your system partially, or completely. + can disable access to your system partially, or completely. </para> <para> The most dramatic problem that is likely to be encountered when |