summaryrefslogtreecommitdiff
path: root/modules/pam_tally2/pam_tally2.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_tally2/pam_tally2.8.xml')
-rw-r--r--modules/pam_tally2/pam_tally2.8.xml32
1 files changed, 21 insertions, 11 deletions
diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml
index a7a3fc47..255fcea4 100644
--- a/modules/pam_tally2/pam_tally2.8.xml
+++ b/modules/pam_tally2/pam_tally2.8.xml
@@ -43,6 +43,9 @@
root_unlock_time=<replaceable>n</replaceable>
</arg>
<arg choice="opt">
+ serialize
+ </arg>
+ <arg choice="opt">
audit
</arg>
<arg choice="opt">
@@ -246,16 +249,6 @@
</varlistentry>
<varlistentry>
<term>
- <option>no_reset</option>
- </term>
- <listitem>
- <para>
- Don't reset count on successful entry, only decrement.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
<option>even_deny_root</option>
</term>
<listitem>
@@ -278,6 +271,23 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>serialize</option>
+ </term>
+ <listitem>
+ <para>
+ Serialize access to the tally file using locks. This option might
+ be used only for non-multithreaded services because it depends on
+ the fcntl locking of the tally file. Also it is a good idea to use
+ this option only in such configurations where the time between auth
+ phase and account or setcred phase is not dependent on the
+ authenticating client. Otherwise the authenticating client will be
+ able to prevent simultaneous authentications by the same user by
+ simply artificially prolonging the time the file record lock is held.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</listitem>
</varlistentry>
@@ -431,7 +441,7 @@ session optional pam_mail.so standard
<refsect1 id='pam_tally2-author'>
<title>AUTHOR</title>
<para>
- pam_tally was written by Tim Baverstock and Tomas Mraz.
+ pam_tally2 was written by Tim Baverstock and Tomas Mraz.
</para>
</refsect1>