summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_securetty/Makefile.am9
-rw-r--r--modules/pam_securetty/README38
-rw-r--r--modules/pam_securetty/README.xml41
-rw-r--r--modules/pam_securetty/pam_securetty.8147
-rw-r--r--modules/pam_securetty/pam_securetty.8.xml167
5 files changed, 314 insertions, 88 deletions
diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am
index 1562a937..ca97ef4d 100644
--- a/modules/pam_securetty/Makefile.am
+++ b/modules/pam_securetty/Makefile.am
@@ -4,11 +4,12 @@
CLEANFILES = *~
-EXTRA_DIST = README $(MANS) tst-pam_securetty
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty
TESTS = tst-pam_securetty
man_MANS = pam_securetty.8
+XMLS = README.xml pam_securetty.8.xml
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
@@ -21,3 +22,9 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_securetty.la
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_securetty.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_securetty/README b/modules/pam_securetty/README
index 1df095c9..d4ee5f97 100644
--- a/modules/pam_securetty/README
+++ b/modules/pam_securetty/README
@@ -1,9 +1,33 @@
-pam_securetty:
- Allows root logins only if the user is logging in on a
- "secure" tty, as defined by the listing in /etc/securetty
+pam_securetty — Limit root login to special devices
- Also checks to make sure that /etc/securetty is a plain
- file and not world writable.
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+pam_securetty is a PAM module that allows root logins only if the user is
+logging in on a "secure" tty, as defined by the listing in /etc/securetty.
+pam_securetty also checks to make sure that /etc/securetty is a plain file and
+not world writable.
+
+This module has no effect on non-root users and requires that the application
+fills in the PAM_TTY item correctly.
+
+For canonical usage, should be listed as a required authentication method
+before any sufficient authentication methods.
+
+OPTIONS
+
+debug
+
+ Print debug information.
+
+EXAMPLES
+
+auth required pam_securetty.so
+auth required pam_unix.so
+
+
+AUTHOR
+
+pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
- - Elliot Lee <sopwith@redhat.com>, Red Hat Software.
- July 25, 1996.
diff --git a/modules/pam_securetty/README.xml b/modules/pam_securetty/README.xml
new file mode 100644
index 00000000..a8c098a0
--- /dev/null
+++ b/modules/pam_securetty/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_securetty.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_securetty.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_securetty-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8
index 2364a312..f72e611f 100644
--- a/modules/pam_securetty/pam_securetty.8
+++ b/modules/pam_securetty/pam_securetty.8
@@ -1,98 +1,85 @@
-.\" Copyright (C) 2003 International Business Machines Corp.
-.\" This file is distributed according to the GNU General Public License.
-.\" See the file COPYING in the top level source directory for details.
+.\" Title: pam_securetty
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/04/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
.\"
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "PAM_SECURETTY" 8 "2003-02-21" "Linux 2.4" "System Administrator's Manual"
-.SH NAME
-pam_securetty \- Limits root to logging in on devices listed in /etc/securetty
-.SH "SYNOPSIS"
+.TH "PAM_SECURETTY" "8" "06/04/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
.ad l
-.hy 0
-
-/usr/security/pam_securetty
-.sp
-.ad
-.hy
-
+.SH "NAME"
+pam_securetty \- Limit root login to special devices
+.SH "SYNOPSIS"
+.HP 17
+\fBpam_securetty.so\fR [debug]
.SH "DESCRIPTION"
-
.PP
-\fBpam_securetty\fR is a PAM module that allows root logins only if the
-user is logging in on a "secure" tty, as defined by the listing in
-\fI/etc/securetty\fR.
-\fBpam_securetty\fR also checks to make sure that \fI/etc/securetty\fR
+pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
+\fI/etc/securetty\fR. pam_securetty also checks to make sure that
+\fI/etc/securetty\fR
is a plain file and not world writable.
-
.PP
-This module has no effect on non-root users.
-
-.SH "OPTIONS"
+This module has no effect on non\-root users and requires that the application fills in the
+\fBPAM_TTY\fR
+item correctly.
.PP
-\fBpam_securetty\fR has no options.
-
-.SH "RETURN CODES"
+For canonical usage, should be listed as a
+\fBrequired\fR
+authentication method before any
+\fBsufficient\fR
+authentication methods.
+.SH "OPTIONS"
+.TP 3n
+\fBdebug\fR
+Print debug information.
+.SH "MODULE SERVICES PROVIDED"
.PP
-\fBpam_securetty\fR has the following return codes:
-.TP
+Only the
+\fBauth\fR
+service is supported.
+.SH "RETURN VALUES"
+.TP 3n
PAM_SUCCESS
-The user is allowed to continue authentication.
-Either the user is not root, or the root user is trying to log in on
-an acceptable device.
-
-.TP
+The user is allowed to continue authentication. Either the user is not root, or the root user is trying to log in on an acceptable device.
+.TP 3n
PAM_AUTH_ERR
-Authentication is rejected.
-Either root is attempting to log in via an unacceptable device,
-or the \fI/etc/securetty\fR file is world writable or not a normal file.
-
-.TP
+Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the
+\fI/etc/securetty\fR
+file is world writable or not a normal file.
+.TP 3n
PAM_INCOMPLETE
-An application error occurred. \fBpam_securetty\fR was not able to get
-information it required from the application that called it.
-
-.TP
+An application error occurred. pam_securetty was not able to get information it required from the application that called it.
+.TP 3n
PAM_SERVICE_ERR
-An error occurred while the module was determining the user's name or tty,
-or the module could not open \fI/etc/securetty\fR.
-
-.TP
+An error occurred while the module was determining the user's name or tty, or the module could not open
+\fI/etc/securetty\fR.
+.TP 3n
PAM_IGNORE
-The module could not find the user name in the
-\fI/etc/passwd\fR file to verify whether the user had a UID of 0.
-Therefore, the results of running this module are ignored.
-
-.SH "HISTORY"
-
+The module could not find the user name in the
+\fI/etc/passwd\fR
+file to verify whether the user had a UID of 0. Therefore, the results of running this module are ignored.
+.SH "EXAMPLES"
.PP
-\fBpam_securetty\fR was written by Elliot Lee.
-
-.SH "FILES"
-
-.PP
- \fI/etc/securetty\fR
+.sp
+.RS 3n
+.nf
+auth required pam_securetty.so
+auth required pam_unix.so
+
+.fi
+.RE
+.sp
.SH "SEE ALSO"
-
.PP
-\fBpam.conf\fR(8), \fBpam.d\fR(8), \fBpam\fR(8), \fBsecuretty\fR(8).
-.SH AUTHOR
-Emily Ratliff.
+\fBsecuretty\fR(5),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml
new file mode 100644
index 00000000..56348d78
--- /dev/null
+++ b/modules/pam_securetty/pam_securetty.8.xml
@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_securetty">
+
+ <refmeta>
+ <refentrytitle>pam_securetty</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_securetty-name">
+ <refname>pam_securetty</refname>
+ <refpurpose>Limit root login to special devices</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_securetty-cmdsynopsis">
+ <command>pam_securetty.so</command>
+ <arg choice="opt">
+ debug
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_securetty-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ pam_securetty is a PAM module that allows root logins only if the
+ user is logging in on a "secure" tty, as defined by the listing
+ in <filename>/etc/securetty</filename>. pam_securetty also checks
+ to make sure that <filename>/etc/securetty</filename> is a plain
+ file and not world writable.
+ </para>
+ <para>
+ This module has no effect on non-root users and requires that the
+ application fills in the <emphasis remap='B'>PAM_TTY</emphasis>
+ item correctly.
+ </para>
+ <para>
+ For canonical usage, should be listed as a
+ <emphasis remap='B'>required</emphasis> authentication method
+ before any <emphasis remap='B'>sufficient</emphasis>
+ authentication methods.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_securetty-options">
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Print debug information.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_securetty-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ Only the <option>auth</option> service is supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_securetty-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The user is allowed to continue authentication.
+ Either the user is not root, or the root user is
+ trying to log in on an acceptable device.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ Authentication is rejected. Either root is attempting to
+ log in via an unacceptable device, or the
+ <filename>/etc/securetty</filename> file is world writable or
+ not a normal file.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_INCOMPLETE</term>
+ <listitem>
+ <para>
+ An application error occurred. pam_securetty was not able
+ to get information it required from the application that
+ called it.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SERVICE_ERR</term>
+ <listitem>
+ <para>
+ An error occurred while the module was determining the
+ user's name or tty, or the module could not open
+ <filename>/etc/securetty</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ The module could not find the user name in the
+ <filename>/etc/passwd</filename> file to verify whether
+ the user had a UID of 0. Therefore, the results of running
+ this module are ignored.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_securetty-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ <programlisting>
+auth required pam_securetty.so
+auth required pam_unix.so
+ </programlisting>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_securetty-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>securetty</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_securetty-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_securetty was written by Elliot Lee &lt;sopwith@cuc.edu&gt;.
+ </para>
+ </refsect1>
+
+</refentry>