5 files changed, 278 insertions, 4 deletions
diff --git a/modules/pam_deny/Makefile.am b/modules/pam_deny/Makefile.am
index 4fe567a6..aa484074 100644
--- a/modules/pam_deny/Makefile.am
+++ b/modules/pam_deny/Makefile.am
@@ -4,7 +4,10 @@
 
 CLEANFILES = *~
 
-EXTRA_DIST = README
+EXTRA_DIST = README README.xml $(MANS) $(XMLS)
+
+man_MANS = pam_deny.8
+man_XMLS = pam_deny.8.xml
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
@@ -17,3 +20,13 @@ if HAVE_VERSIONING
 endif
 
 securelib_LTLIBRARIES = pam_deny.la
+
+if ENABLE_REGENERATE_MAN
+
+noinst_DATA = README
+
+README: pam_deny.8.xml
+
+-include $(top_srcdir)/Make.xml.rules
+endif
+
diff --git a/modules/pam_deny/README b/modules/pam_deny/README
index 6683bdcc..16845265 100644
--- a/modules/pam_deny/README
+++ b/modules/pam_deny/README
@@ -1,4 +1,31 @@
-# $Id$
-#
+pam_deny — The locking-out PAM module
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+This module can be used to deny access. It always indicates a failure to the
+application through the PAM framework. It might be suitable for using for
+default (the OTHER) entries.
+
+EXAMPLES
+
+        #%PAM-1.0
+        #
+        # If we don't have config entries for a service, the
+        # OTHER entries are used. To be secure, warn and deny
+        # access to everything.
+        other auth     required       pam_warn.so
+        other auth     required       pam_deny.so
+        other account  required       pam_warn.so
+        other account  required       pam_deny.so
+        other password required       pam_warn.so
+        other password required       pam_deny.so
+        other session  required       pam_warn.so
+        other session  required       pam_deny.so
+
+
+AUTHOR
+
+pam_deny was written by Andrew G. Morgan <morgan@kernel.org>
 
-this module always fails, it ignores all options.
diff --git a/modules/pam_deny/README.xml b/modules/pam_deny/README.xml
new file mode 100644
index 00000000..ff2e82b0
--- /dev/null
+++ b/modules/pam_deny/README.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_deny.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_deny.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_deny-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-author"]/*)'/>
+  </section>
+
+</article>
diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8
new file mode 100644
index 00000000..2638ef07
--- /dev/null
+++ b/modules/pam_deny/pam_deny.8
@@ -0,0 +1,66 @@
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "PAM_DENY" "8" "02/03/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_deny \- The locking\-out PAM module
+.SH "SYNOPSIS"
+.HP 12
+\fBpam_deny.so\fR
+.SH "DESCRIPTION"
+.PP
+This module can be used to deny access. It always indicates a failure to the application through the PAM framework. It might be suitable for using for default (the
+\fIOTHER\fR) entries.
+.SH "MODULE SERVICES PROVIDED"
+.PP
+All services (\fBaccount\fR,
+\fBauth\fR,
+\fBpassword\fR
+and
+\fBsession\fR) are supported.
+.SH "RETURN VALUES"
+.PP
+.TP
+PAM_AUTH_ERR
+This is returned by the account and auth services.
+.TP
+PAM_CRED_ERR
+This is returned by the setcred function.
+.TP
+PAM_AUTHTOK_ERR
+This is returned by the password service.
+.TP
+PAM_SESSION_ERR
+This is returned by the session service.
+.SH "EXAMPLES"
+.PP
+.nf
+        #%PAM\-1.0
+        #
+        # If we don't have config entries for a service, the
+        # OTHER entries are used. To be secure, warn and deny
+        # access to everything.
+        other auth     required       pam_warn.so
+        other auth     required       pam_deny.so
+        other account  required       pam_warn.so
+        other account  required       pam_deny.so
+        other password required       pam_warn.so
+        other password required       pam_deny.so
+        other session  required       pam_warn.so
+        other session  required       pam_deny.so
+      
+.fi
+.sp
+.SH "SEE ALSO"
+.PP
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_deny was written by Andrew G. Morgan <morgan@kernel.org>
diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml
new file mode 100644
index 00000000..eaa0b387
--- /dev/null
+++ b/modules/pam_deny/pam_deny.8.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_deny">
+
+  <refmeta>
+    <refentrytitle>pam_deny</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_deny-name">
+    <refname>pam_deny</refname>
+    <refpurpose>The locking-out PAM module</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_deny-cmdsynopsis">
+      <command>pam_deny.so</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_deny-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      This module can be used to deny access. It always indicates a failure
+      to the application through the PAM framework. It might be suitable
+      for using for default (the <emphasis>OTHER</emphasis>) entries.
+    </para>
+
+  </refsect1>
+
+  <refsect1 id="pam_deny-services">
+    <title>MODULE SERVICES PROVIDED</title>
+    <para>
+      All services (<option>account</option>, <option>auth</option>,
+      <option>password</option> and <option>session</option>) are supported.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_deny-return_values'>
+    <title>RETURN VALUES</title>
+    <para>
+      <variablelist>
+
+        <varlistentry>
+          <term>PAM_AUTH_ERR</term>
+          <listitem>
+            <para>
+              This is returned by the account and auth services.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_CRED_ERR</term>
+          <listitem>
+            <para>
+              This is returned by the setcred function.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_AUTHTOK_ERR</term>
+          <listitem>
+            <para>
+              This is returned by the password service.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_SESSION_ERR</term>
+          <listitem>
+            <para>
+              This is returned by the session service.
+            </para>
+          </listitem>
+        </varlistentry>
+
+      </variablelist>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_deny-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      <programlisting>
+        #%PAM-1.0
+        #
+        # If we don't have config entries for a service, the
+        # OTHER entries are used. To be secure, warn and deny
+        # access to everything.
+        other auth     required       pam_warn.so
+        other auth     required       pam_deny.so
+        other account  required       pam_warn.so
+        other account  required       pam_deny.so
+        other password required       pam_warn.so
+        other password required       pam_deny.so
+        other session  required       pam_warn.so
+        other session  required       pam_deny.so
+      </programlisting>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_deny-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_deny-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_deny was written by Andrew G. Morgan &lt;morgan@kernel.org&gt;
+      </para>
+  </refsect1>
+
+</refentry>