summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_access/access.conf.515
-rw-r--r--modules/pam_access/pam_access.841
-rw-r--r--modules/pam_cracklib/pam_cracklib.864
-rw-r--r--modules/pam_deny/pam_deny.826
-rw-r--r--modules/pam_echo/pam_echo.838
-rw-r--r--modules/pam_env/pam_env.834
-rw-r--r--modules/pam_env/pam_env.conf.523
-rw-r--r--modules/pam_exec/pam_exec.833
-rw-r--r--modules/pam_filter/pam_filter.830
-rw-r--r--modules/pam_ftp/pam_ftp.826
-rw-r--r--modules/pam_group/group.conf.515
-rw-r--r--modules/pam_group/pam_group.829
-rw-r--r--modules/pam_issue/pam_issue.872
-rw-r--r--modules/pam_lastlog/pam_lastlog.838
-rw-r--r--modules/pam_listfile/Makefile.am12
-rw-r--r--modules/pam_listfile/README121
-rw-r--r--modules/pam_listfile/README.xml41
-rw-r--r--modules/pam_listfile/pam_listfile.8164
-rw-r--r--modules/pam_listfile/pam_listfile.8.xml282
-rw-r--r--modules/pam_mkhomedir/pam_mkhomedir.834
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.859
-rw-r--r--modules/pam_umask/pam_umask.842
-rw-r--r--modules/pam_unix/pam_unix_acct.c14
23 files changed, 975 insertions, 278 deletions
diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5
index dcc9ee9d..d9fcddf7 100644
--- a/modules/pam_access/access.conf.5
+++ b/modules/pam_access/access.conf.5
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "ACCESS.CONF" "5" "02/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: access.conf
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "ACCESS.CONF" "5" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -29,6 +32,7 @@ is scanned for the first entry that matches the (\fIuser\fR,
.PP
Each line of the login access control table has three fields separated by a ":" character (colon):
.PP
+
\fIpermission\fR:\fIusers\fR:\fIorigins\fR
.PP
The first field, the
@@ -146,6 +150,7 @@ All other users should be denied to get access from all sources.
\- : ALL : ALL
.SH "SEE ALSO"
.PP
+
\fBpam_access\fR(8),
\fBpam.d\fR(5),
\fBpam\fR(8)
diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8
index 0746fa8b..814878ca 100644
--- a/modules/pam_access/pam_access.8
+++ b/modules/pam_access/pam_access.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_ACCESS" "8" "02/03/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_access
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_ACCESS" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -20,26 +23,26 @@ By default rules for access management are taken from config file
\fI/etc/security/access.conf\fR
if you don't specify another file.
.SH "OPTIONS"
-.TP
+.TP 3n
\fBaccessfile=\fR\fB\fI/path/to/access.conf\fR\fR
Indicate an alternative
\fIaccess.conf\fR
style configuration file to override the default. This can be useful when different services need different access lists.
-.TP
+.TP 3n
\fBdebug\fR
A lot of debug informations are printed with
\fBsyslog\fR(3).
-.TP
+.TP 3n
\fBfieldsep=\fR\fB\fIseparators\fR\fR
This option modifies the field separator character that pam_access will recognize when parsing the access configuration file. For example:
-\fIfieldsep=|\fR
+\fBfieldsep=|\fR
will cause the default `:' character to be treated as part of a field value and `|' becomes the field separator. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the
-\fIPAM_TTY\fR
+\fBPAM_TTY\fR
item is likely to be of the form "hostname:0" which includes a `:' character in its value. But you should not need this.
-.TP
+.TP 3n
\fBlistsep=\fR\fB\fIseparators\fR\fR
This option modifies the list separator character that pam_access will recognize when parsing the access configuration file. For example:
-\fIlistsep=,\fR
+\fBlistsep=,\fR
will cause the default ` ' (space) and `\\t' (tab) characters to be treated as part of a list element value and `,' becomes the only list element separator. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space.
.SH "MODULE SERVICES PROVIDED"
.PP
@@ -49,28 +52,30 @@ and
\fBaccount\fR
services are supported.
.SH "RETURN VALUES"
-.TP
+.TP 3n
PAM_SUCCESS
Access was granted.
-.TP
+.TP 3n
PAM_PERM_DENIED
Access was not granted.
-.TP
+.TP 3n
PAM_IGNORE
+
\fBpam_setcred\fR
was called which does nothing.
-.TP
+.TP 3n
PAM_ABORT
Not all relevant data or options could be gotten.
-.TP
+.TP 3n
PAM_USER_UNKNOWN
The user is not known to the system.
.SH "FILES"
-.TP
+.TP 3n
\fI/etc/security/access.conf\fR
Default configuration file
.SH "SEE ALSO"
.PP
+
\fBaccess.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8).
diff --git a/modules/pam_cracklib/pam_cracklib.8 b/modules/pam_cracklib/pam_cracklib.8
index e5d21020..526817a4 100644
--- a/modules/pam_cracklib/pam_cracklib.8
+++ b/modules/pam_cracklib/pam_cracklib.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_CRACKLIB" "8" "02/10/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_cracklib
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_CRACKLIB" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -25,13 +28,13 @@ The first action is to prompt for a single password, check its strength and then
The strength checks works in the following manner: at first the
\fBCracklib\fR
routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done. These checks are:
-.TP
+.TP 3n
Palindrome
Is the new password a palindrome of the old one?
-.TP
+.TP 3n
Case Change Only
Is the new password the the old one with only a change of case?
-.TP
+.TP 3n
Similar
Is the new password too much like the old one? This is primarily controlled by one argument,
\fBdifok\fR
@@ -44,7 +47,7 @@ is available. This argument can be used to specify the minimum length a new pass
value is ignored. The default value for
\fBdifignore\fR
is 23.
-.TP
+.TP 3n
Simple
Is the new password too small? This is controlled by 5 arguments
\fBminlen\fR,
@@ -52,10 +55,10 @@ Is the new password too small? This is controlled by 5 arguments
\fBucredit\fR,
\fBlcredit\fR, and
\fBocredit\fR. See the section on the arguments for the details of how these work and there defaults.
-.TP
+.TP 3n
Rotated
Is the new password a rotated version of the old password?
-.TP
+.TP 3n
Already used
Was the password used in the past? Previously used passwords are to be found in
\fI/etc/security/opasswd\fR.
@@ -63,32 +66,32 @@ Was the password used in the past? Previously used passwords are to be found in
This module with no arguments will work well for standard unix password encryption. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change... In addition, the default action is to allow passwords as small as 5 characters in length. For a md5 systems it can be a good idea to increase the required minimum size of a password. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password.
.SH "OPTIONS"
.PP
-.TP
+.TP 3n
\fBdebug\fR
This option makes the module write information to
\fBsyslog\fR(3)
indicating the behavior of the module (this option does not write password information to the log file).
-.TP
+.TP 3n
\fBtype=\fR\fB\fIXXX\fR\fR
The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The default word
\fIUNIX\fR
can be replaced with this option.
-.TP
+.TP 3n
\fBretry=\fR\fB\fIN\fR\fR
Prompt user at most
\fIN\fR
times before returning with error. The default is
\fI1\fR
-.TP
+.TP 3n
\fBdifok=\fR\fB\fIN\fR\fR
This argument will change the default of
\fI5\fR
for the number of characters in the new password that must not be present in the old password. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway.
-.TP
+.TP 3n
\fBdifignore=\fR\fB\fIN\fR\fR
How many characters should the password have before difok will be ignored. The default is
\fI23\fR.
-.TP
+.TP 3n
\fBminlen=\fR\fB\fIN\fR\fR
The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR,
\fIupper\fR,
@@ -100,7 +103,7 @@ which is good for a old style UNIX password all of the same type of character bu
\fICracklib\fR
itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to
\fBminlen\fR. If you want to allow passwords as short as 5 characters you should not use this module.
-.TP
+.TP 3n
\fBdcredit=\fR\fB\fIN\fR\fR
(N >= 0) This is the maximum credit for having digits in the new password. If you have less than or
\fIN\fR
@@ -113,7 +116,7 @@ is 1 which is the recommended value for
less than 10.
.sp
(N < 0) This is the minimum number of digits that must be met for a new password.
-.TP
+.TP 3n
\fBucredit=\fR\fB\fIN\fR\fR
(N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or
\fIN\fR
@@ -128,7 +131,7 @@ which is the recommended value for
less than 10.
.sp
(N > 0) This is the minimum number of upper case letters that must be met for a new password.
-.TP
+.TP 3n
\fBlcredit=\fR\fB\fIN\fR\fR
(N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or
\fIN\fR
@@ -141,7 +144,7 @@ is 1 which is the recommended value for
less than 10.
.sp
(N < 0) This is the minimum number of lower case letters that must be met for a new password.
-.TP
+.TP 3n
\fBocredit=\fR\fB\fIN\fR\fR
(N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or
\fIN\fR
@@ -154,14 +157,14 @@ is 1 which is the recommended value for
less than 10.
.sp
(N < 0) This is the minimum number of other characters that must be met for a new password.
-.TP
+.TP 3n
\fBuse_authtok\fR
This argument is used to
\fIforce\fR
the module to not prompt the user for a new password but use the one provided by the previously stacked
\fIpassword\fR
module.
-.TP
+.TP 3n
\fBdictpath=\fR\fB\fI/path/to/dict\fR\fR
Path to the cracklib dictionaries.
.SH "MODULE SERVICES PROVIDED"
@@ -171,18 +174,18 @@ Only he
service is supported.
.SH "RETURN VALUES"
.PP
-.TP
+.TP 3n
PAM_SUCCESS
The new password passes all checks.
-.TP
+.TP 3n
PAM_AUTHTOK_ERR
No new password was entered, the username could not be determined or the new password fails the strength checks.
-.TP
+.TP 3n
PAM_AUTHTOK_RECOVERY_ERR
The old password was not supplied by a previous stackked module or got not requested from the user. The first error can happen if
\fBuse_authtok\fR
is specified.
-.TP
+.TP 3n
PAM_SERVICE_ERR
A internal error occured.
.SH "EXAMPLES"
@@ -190,6 +193,7 @@ A internal error occured.
For an example of the use of this module, we show how it may be stacked with the password component of
\fBpam_unix\fR(8)
.sp
+.RS 3n
.nf
#
# These lines stack two password type modules. In this example the
@@ -202,12 +206,14 @@ passwd password required pam_cracklib.so retry=3
passwd password required pam_unix.so use_authtok
.fi
+.RE
.sp
.PP
Another example (in the
\fI/etc/pam.d/passwd\fR
format) is for the case that you want to use md5 password encryption:
.sp
+.RS 3n
.nf
#%PAM\-1.0
#
@@ -221,10 +227,12 @@ password required pam_cracklib.so \\
password required pam_unix.so use_authtok nullok md5
.fi
+.RE
.sp
.PP
And here is another example in case you don't want to use credits:
.sp
+.RS 3n
.nf
#%PAM\-1.0
#
@@ -237,9 +245,11 @@ password required pam_cracklib.so \\
password required pam_unix.so use_authtok nullok md5
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8
index 2638ef07..78f06a19 100644
--- a/modules/pam_deny/pam_deny.8
+++ b/modules/pam_deny/pam_deny.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_DENY" "8" "02/03/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_deny
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_DENY" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -25,20 +28,23 @@ and
\fBsession\fR) are supported.
.SH "RETURN VALUES"
.PP
-.TP
+.TP 3n
PAM_AUTH_ERR
This is returned by the account and auth services.
-.TP
+.TP 3n
PAM_CRED_ERR
This is returned by the setcred function.
-.TP
+.TP 3n
PAM_AUTHTOK_ERR
This is returned by the password service.
-.TP
+.TP 3n
PAM_SESSION_ERR
This is returned by the session service.
.SH "EXAMPLES"
.PP
+
+.sp
+.RS 3n
.nf
#%PAM\-1.0
#
@@ -55,9 +61,11 @@ This is returned by the session service.
other session required pam_deny.so
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_echo/pam_echo.8 b/modules/pam_echo/pam_echo.8
index dd19e950..c4fef137 100644
--- a/modules/pam_echo/pam_echo.8
+++ b/modules/pam_echo/pam_echo.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_ECHO" "8" "02/13/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_echo
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_ECHO" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -19,22 +22,22 @@ The
PAM module is for printing text messages to inform user about special things. Sequences starting with the
\fI%\fR
character are interpreted in the following way:
-.TP
+.TP 3n
\fI%H\fR
The name of the remote host (PAM_RHOST).
-.TP
-\fI%h\fR
+.TP 3n
+\fB%h\fR
The name of the local host.
-.TP
+.TP 3n
\fI%s\fR
The service name (PAM_SERVICE).
-.TP
+.TP 3n
\fI%t\fR
The name of the controlling terminal (PAM_TTY).
-.TP
+.TP 3n
\fI%U\fR
The remote user name (PAM_RUSER).
-.TP
+.TP 3n
\fI%u\fR
The local user name (PAM_USER).
.PP
@@ -44,7 +47,7 @@ expands to the characters following the
\fI%\fR
character.
.SH "OPTIONS"
-.TP
+.TP 3n
\fBfile=\fR\fB\fI/path/message\fR\fR
The content of the file
\fI/path/message\fR
@@ -53,27 +56,30 @@ will be printed with the PAM conversion function as PAM_TEXT_INFO.
.PP
All services are supported.
.SH "RETURN VALUES"
-.TP
+.TP 3n
PAM_BUF_ERR
Memory buffer error.
-.TP
+.TP 3n
PAM_SUCCESS
Message was successful printed.
-.TP
+.TP 3n
PAM_IGNORE
PAM_SILENT flag was given or message file does not exist, no message printed.
.SH "EXAMPLES"
.PP
For an example of the use of this module, we show how it may be used to print informations about good passwords:
.sp
+.RS 3n
.nf
password optional pam_echo.so file=/usr/share/doc/good\-password.txt
password required pam_unix.so
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(8),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8
index 566396f1..23083da0 100644
--- a/modules/pam_env/pam_env.8
+++ b/modules/pam_env/pam_env.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_ENV" "8" "02/17/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_env
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_ENV" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -31,21 +34,21 @@ flag and turn it on or off by setting the
\fIreadenv\fR
flag to 1 or 0 respectively.
.SH "OPTIONS"
-.TP
+.TP 3n
\fBconffile=\fR\fB\fI/path/to/pam_env.conf\fR\fR
Indicate an alternative
\fIpam_env.conf\fR
style configuration file to override the default. This can be useful when different services need different environments.
-.TP
+.TP 3n
\fBdebug\fR
A lot of debug informations are printed with
\fBsyslog\fR(3).
-.TP
+.TP 3n
\fBenvfile=\fR\fB\fI/path/to/environment\fR\fR
Indicate an alternative
\fIenvironment\fR
file to override the default. This can be useful when different services need different environments.
-.TP
+.TP 3n
\fBreadenv=\fR\fB\fI0|1\fR\fR
Turns on or off the reading of the file specified by envfile (0 is off, 1 is on). By default this option is on.
.SH "MODULE SERVICES PROVIDED"
@@ -56,27 +59,28 @@ and
\fBsession\fR
services are supported.
.SH "RETURN VALUES"
-.TP
+.TP 3n
PAM_ABORT
Not all relevant data or options could be gotten.
-.TP
+.TP 3n
PAM_BUF_ERR
Memory buffer error.
-.TP
+.TP 3n
PAM_IGNORE
No pam_env.conf and environment file was found.
-.TP
+.TP 3n
PAM_SUCCESS
Environment variables were set.
.SH "FILES"
-.TP
+.TP 3n
\fI/etc/security/pam_env.conf\fR
Default configuration file
-.TP
+.TP 3n
\fI/etc/environment\fR
Default environment file
.SH "SEE ALSO"
.PP
+
\fBpam_env.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8).
diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5
index edf1fe2f..3f4dcd4f 100644
--- a/modules/pam_env/pam_env.conf.5
+++ b/modules/pam_env/pam_env.conf.5
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_ENV.CONF" "5" "02/17/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_env.conf
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_ENV.CONF" "5" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -22,6 +25,7 @@ file specifies the environment variables to be set, unset or modified. When some
.PP
Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use. OVERRIDE is not used, "" is assumed and no override will be done.
.PP
+
\fIVARIABLE\fR
[\fIDEFAULT=[value]\fR] [\fIOVERRIDE=[value]\fR]
.PP
@@ -35,20 +39,25 @@ These are some example lines which might be specified in
.PP
Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather than not being set at all
.sp
+.RS 3n
.nf
REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
.fi
+.RE
.PP
Set the DISPLAY variable if it seems reasonable
.sp
+.RS 3n
.nf
DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
.fi
+.RE
.PP
Now some simple variables
.sp
+.RS 3n
.nf
PAGER DEFAULT=less
MANPAGER DEFAULT=less
@@ -58,9 +67,11 @@ Now some simple variables
:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
.fi
+.RE
.PP
Silly examples of escaped variables, just to show how they work.
.sp
+.RS 3n
.nf
DOLLAR DEFAULT=\\$
DOLLARDOLLAR DEFAULT= OVERRIDE=\\$${DOLLAR}
@@ -68,8 +79,10 @@ Silly examples of escaped variables, just to show how they work.
ATSIGN DEFAULT="" OVERRIDE=\\@
.fi
+.RE
.SH "SEE ALSO"
.PP
+
\fBpam_env\fR(8),
\fBpam.d\fR(5),
\fBpam\fR(8)
diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8
index be04b75e..90e8f2b6 100644
--- a/modules/pam_exec/pam_exec.8
+++ b/modules/pam_exec/pam_exec.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_EXEC" "8" "02/03/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_exec
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_EXEC" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -17,14 +20,14 @@ pam_exec \- PAM module which calls an external command
pam_exec is a PAM module that can be used to run an external command.
.SH "OPTIONS"
.PP
-.TP
+.TP 3n
\fBdebug\fR
Print debug information.
-.TP
+.TP 3n
\fBlog=\fR\fB\fIfile\fR\fR
The output of the command is appended to
\fIfile\fR
-.TP
+.TP 3n
\fBseteuid\fR
Per default pam_exec.so will execute the external command with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID.
.SH "MODULE SERVICES PROVIDED"
@@ -38,17 +41,18 @@ and
are supported.
.SH "RETURN VALUES"
.PP
-.TP
+.TP 3n
PAM_SUCCESS
The external command runs successfull.
-.TP
+.TP 3n
PAM_SERVICE_ERR
No argument or a wrong number of arguments were given.
-.TP
+.TP 3n
PAM_SYSTEM_ERR
A system error occured or the command to execute failed.
-.TP
+.TP 3n
PAM_IGNORE
+
\fBpam_setcred\fR
was called, which does not execute the command.
.SH "EXAMPLES"
@@ -57,20 +61,25 @@ Add the following line to
\fI/etc/pam.d/passwd\fR
to rebuild the NIS database after each local password change:
.sp
+.RS 3n
.nf
passwd optional pam_exec.so seteuid make \-C /var/yp
.fi
+.RE
.sp
This will execute the command
.sp
+.RS 3n
.nf
make \-C /var/yp
.fi
+.RE
.sp
with effective user ID.
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_filter/pam_filter.8 b/modules/pam_filter/pam_filter.8
index c0f0113f..adb8415d 100644
--- a/modules/pam_filter/pam_filter.8
+++ b/modules/pam_filter/pam_filter.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_FILTER" "8" "05/30/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_filter
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_FILTER" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -27,22 +30,22 @@ with the privilege of the calling application and
that of the user. For this reason it cannot usually be killed by the user without closing their session.
.SH "OPTIONS"
.PP
-.TP
+.TP 3n
\fBdebug\fR
Print debug information.
-.TP
+.TP 3n
\fBnew_term\fR
The default action of the filter is to set the
\fIPAM_TTY\fR
item to indicate the terminal that the user is using to connect to the application. This argument indicates that the filter should set
\fIPAM_TTY\fR
to the filtered pseudo\-terminal.
-.TP
+.TP 3n
\fBnon_term\fR
don't try to set the
\fIPAM_TTY\fR
item.
-.TP
+.TP 3n
\fBrunX\fR
In order that the module can invoke a filter it should know when to invoke it. This argument is required to tell the filter when to do this.
.sp
@@ -93,7 +96,7 @@ phase) and
is used to indicate that the filter is run on the second occasion (the
\fIPAM_UPDATE_AUTHTOK\fR
phase).
-.TP
+.TP 3n
\fBfilter\fR
The full pathname of the filter to be run and any command line arguments that the filter might expect.
.SH "MODULE SERVICES PROVIDED"
@@ -107,10 +110,10 @@ and
are supported.
.SH "RETURN VALUES"
.PP
-.TP
+.TP 3n
PAM_SUCCESS
The new filter was set successfull.
-.TP
+.TP 3n
PAM_ABORT
Critical error, immediate abort.
.SH "EXAMPLES"
@@ -119,13 +122,16 @@ Add the following line to
\fI/etc/pam.d/login\fR
to see how to configure login to transpose upper and lower case letters once the user has logged in:
.sp
+.RS 3n
.nf
session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_ftp/pam_ftp.8 b/modules/pam_ftp/pam_ftp.8
index 63f62be9..41b52da0 100644
--- a/modules/pam_ftp/pam_ftp.8
+++ b/modules/pam_ftp/pam_ftp.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_FTP" "8" "06/01/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_ftp
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_FTP" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -33,13 +36,13 @@ item with the entered password and fails.
This module is not safe and easily spoofable.
.SH "OPTIONS"
.PP
-.TP
+.TP 3n
\fBdebug\fR
Print debug information.
-.TP
+.TP 3n
\fBignore\fR
Pay no attention to the email address of the user (if supplied).
-.TP
+.TP 3n
\fBftp=\fR\fB\fIXXX,YYY,...\fR\fR
Instead of
\fIftp\fR
@@ -54,10 +57,10 @@ Only the
service is supported.
.SH "RETURN VALUES"
.PP
-.TP
+.TP 3n
PAM_SUCCESS
The authentication was successfull.
-.TP
+.TP 3n
PAM_USER_UNKNOWN
User not known.
.SH "EXAMPLES"
@@ -66,6 +69,7 @@ Add the following line to
\fI/etc/pam.d/ftpd\fR
to handle ftp style anonymous login:
.sp
+.RS 3n
.nf
#
# ftpd; add ftp\-specifics. These lines enable anonymous ftp over
@@ -78,9 +82,11 @@ auth required pam_listfile.so \\
onerr=succeed item=user sense=deny file=/etc/ftpusers
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_group/group.conf.5 b/modules/pam_group/group.conf.5
index 82f21e8e..204a9749 100644
--- a/modules/pam_group/group.conf.5
+++ b/modules/pam_group/group.conf.5
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "GROUP.CONF" "5" "06/01/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: group.conf
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "GROUP.CONF" "5" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -19,6 +22,7 @@ file present. White spaces are ignored and lines maybe extended with '\\' (escap
.PP
The syntax of the lines is as follows:
.PP
+
\fIservices\fR;\fIttys\fR;\fIusers\fR;\fItimes\fR;\fIgroups\fR
.PP
The first field, the
@@ -62,6 +66,7 @@ xsh; tty* ;sword;!Wk0900\-1800;games, sound
xsh; tty* ;*;Al0900\-1800;floppy
.SH "SEE ALSO"
.PP
+
\fBpam_group\fR(8),
\fBpam.d\fR(5),
\fBpam\fR(8)
diff --git a/modules/pam_group/pam_group.8 b/modules/pam_group/pam_group.8
index b754dc4c..a72a66dc 100644
--- a/modules/pam_group/pam_group.8
+++ b/modules/pam_group/pam_group.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_GROUP" "8" "06/01/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_group
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_GROUP" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -39,31 +42,33 @@ Only the
\fBauth\fR
service is supported.
.SH "RETURN VALUES"
-.TP
+.TP 3n
PAM_SUCCESS
group membership was granted.
-.TP
+.TP 3n
PAM_ABORT
Not all relevant data could be gotten.
-.TP
+.TP 3n
PAM_BUF_ERR
Memory buffer error.
-.TP
+.TP 3n
PAM_CRED_ERR
Group membership was not granted.
-.TP
+.TP 3n
PAM_IGNORE
+
\fBpam_sm_authenticate\fR
was called which does nothing.
-.TP
+.TP 3n
PAM_USER_UNKNOWN
The user is not known to the system.
.SH "FILES"
-.TP
+.TP 3n
\fI/etc/security/group.conf\fR
Default configuration file
.SH "SEE ALSO"
.PP
+
\fBgroup.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8).
diff --git a/modules/pam_issue/pam_issue.8 b/modules/pam_issue/pam_issue.8
index 467ae26b..5cc22a99 100644
--- a/modules/pam_issue/pam_issue.8
+++ b/modules/pam_issue/pam_issue.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_ISSUE" "8" "06/01/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_issue
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_ISSUE" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -17,45 +20,45 @@ pam_issue \- PAM module to add issue file to user prompt
pam_issue is a PAM module to prepend an issue file to the username prompt. It also by default parses escape codes in the issue file similar to some common getty's (using \\x format).
.PP
Recognized escapes:
-.TP
-\fI\\d\fR
+.TP 3n
+\fB\\d\fR
current day
-.TP
-\fI\\l\fR
+.TP 3n
+\fB\\l\fR
name of this tty
-.TP
-\fI\\m\fR
+.TP 3n
+\fB\\m\fR
machine architecture (uname \-m)
-.TP
-\fI\\n\fR
+.TP 3n
+\fB\n\fR
machine's network node hostname (uname \-n)
-.TP
-\fI\\o\fR
+.TP 3n
+\fB\\o\fR
domain name of this system
-.TP
-\fI\\r\fR
+.TP 3n
+\fB\\r\fR
release number of operating system (uname \-r)
-.TP
-\fI\\t\fR
+.TP 3n
+\fB\\t\fR
current time
-.TP
-\fI\\s\fR
+.TP 3n
+\fB\\s\fR
operating system name (uname \-s)
-.TP
-\fI\\u\fR
+.TP 3n
+\fB\\u\fR
number of users currently logged in
-.TP
-\fI\\U\fR
+.TP 3n
+\fB\\U\fR
same as \\u except it is suffixed with "user" or "users" (eg. "1 user" or "10 users")
-.TP
-\fI\\v\fR
+.TP 3n
+\fB\\v\fR
operating system version and build date (uname \-v)
.SH "OPTIONS"
.PP
-.TP
+.TP 3n
\fBnoesc\fR
Turns off escape code parsing.
-.TP
+.TP 3n
\fBissue=\fR\fB\fIissue\-file\-name\fR\fR
The file to output if not using the default.
.SH "MODULE SERVICES PROVIDED"
@@ -65,16 +68,16 @@ Only the
service is supported.
.SH "RETURN VALUES"
.PP
-.TP
+.TP 3n
PAM_BUF_ERR
Memory buffer error.
-.TP
+.TP 3n
PAM_IGNORE
The prompt was already changed.
-.TP
+.TP 3n
PAM_SERVICE_ERR
A service module error occured.
-.TP
+.TP 3n
PAM_SUCCESS
The new prompt was set successfull.
.SH "EXAMPLES"
@@ -83,13 +86,16 @@ Add the following line to
\fI/etc/pam.d/login\fR
to set the user specific issue at login:
.sp
+.RS 3n
.nf
auth optional pam_issue.so issue=/etc/issue
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8
index 407f1961..9aee5caa 100644
--- a/modules/pam_lastlog/pam_lastlog.8
+++ b/modules/pam_lastlog/pam_lastlog.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_LASTLOG" "8" "06/01/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_lastlog
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_LASTLOG" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -20,29 +23,29 @@ file.
.PP
Some applications may perform this function themselves. In such cases, this module is not necessary.
.SH "OPTIONS"
-.TP
+.TP 3n
\fBdebug\fR
Print debug information.
-.TP
+.TP 3n
\fBsilent\fR
Don't inform the user about any previous login, just upate the
\fI/var/log/lastlog\fR
file.
-.TP
+.TP 3n
\fBnever\fR
If the
\fI/var/log/lastlog\fR
file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message.
-.TP
+.TP 3n
\fBnodate\fR
Don't display the date of the last login.
-.TP
+.TP 3n
\fBnoterm\fR
Don't display the terminal name on which the last login was attempted.
-.TP
+.TP 3n
\fBnohost\fR
Don't indicate from which host the last login was attempted.
-.TP
+.TP 3n
\fBnowtmp\fR
Don't update the wtmp entry.
.SH "MODULE SERVICES PROVIDED"
@@ -52,13 +55,13 @@ Only the
service is supported.
.SH "RETURN VALUES"
.PP
-.TP
+.TP 3n
PAM_SUCCESS
Everything was successfull.
-.TP
+.TP 3n
PAM_SERVICE_ERR
Internal service module error.
-.TP
+.TP 3n
PAM_USER_UNKNOWN
User not known.
.SH "EXAMPLES"
@@ -67,16 +70,19 @@ Add the following line to
\fI/etc/pam.d/login\fR
to display the last login time of an user:
.sp
+.RS 3n
.nf
session required pam_lastlog.so nowtmp
.fi
+.RE
.SH "FILES"
-.TP
+.TP 3n
\fI/var/log/lastlog\fR
Lastlog logging file
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_listfile/Makefile.am b/modules/pam_listfile/Makefile.am
index 114e2f3c..5eb5c75c 100644
--- a/modules/pam_listfile/Makefile.am
+++ b/modules/pam_listfile/Makefile.am
@@ -4,7 +4,10 @@
CLEANFILES = *~
-EXTRA_DIST = README tst-pam_listfile
+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_listfile
+
+man_MANS = pam_listfile.8
+XMLS = README.xml pam_listfile.8.xml
TESTS = tst-pam_listfile
@@ -19,3 +22,10 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_listfile.la
+
+if ENABLE_REGENERATE_MAN
+noinst_DATA = README
+README: pam_listfile.8.xml
+-include $(top_srcdir)/Make.xml.rules
+endif
+
diff --git a/modules/pam_listfile/README b/modules/pam_listfile/README
index b65e7dbb..4bfabe2d 100644
--- a/modules/pam_listfile/README
+++ b/modules/pam_listfile/README
@@ -1,25 +1,96 @@
-SUMMARY:
- pam_listfile:
- Checks a specified item against a list in a file.
- Options:
- * item=[tty|user|rhost|ruser|group|shell]
- * sense=[allow|deny] (action to take if found in file,
- if the item is NOT found in the file, then
- the opposite action is requested)
- * file=/the/file/to/get/the/list/from
- * onerr=[succeed|fail] (if something weird happens
- such as unable to open the file, what to do?)
- * apply=[user|@group]
- restrict the user class for which the restriction
- apply. Note that with item=[user|ruser|group] this
- does not make sense, but for item=[tty|rhost|shell]
- it have a meaning. (Cristian Gafton)
-
- Also checks to make sure that the list file is a plain
- file and not world writable.
-
- - Elliot Lee <sopwith@redhat.com>, Red Hat Software.
- v0.9 August 16, 1996.
-
-BUGS:
- Bugs?
+pam_listfile — deny or allow services based on an arbitrary file.
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+pam_listfile is a PAM module which provides a way to deny or allow services
+based on an arbitrary file.
+
+The module gets the item of the type specified -- user specifies the username,
+PAM_USER; tty specifies the name of the terminal over which the request has
+been made, PAM_TTY; rhost specifies the name of the remote host (if any) from
+which the request was made, PAM_RHOST; and ruser specifies the name of the
+remote user (if available) who made the request, PAM_RUSER -- and looks for an
+instance of that item in the file=filename. filename contains one line per item
+listed. If the item is found, then if sense=allow, PAM_SUCCESS is returned,
+causing the authorization request to succeed; else if sense=deny, PAM_AUTH_ERR
+is returned, causing the authorization request to fail.
+
+If an error is encountered (for instance, if filename does not exist, or a
+poorly-constructed argument is encountered), then if onerr=succeed, PAM_SUCCESS
+is returned, otherwise if onerr=fail, PAM_AUTH_ERR or PAM_SERVICE_ERR (as
+appropriate) will be returned.
+
+An additional argument, apply=, can be used to restrict the application of the
+above to a specific user (apply=username) or a given group (apply=@groupname).
+This added restriction is only meaningful when used with the tty, rhost and
+shell items.
+
+Besides this last one, all arguments should be specified; do not count on any
+default behavior.
+
+No credentials are awarded by this module.
+
+OPTIONS
+
+item=[tty|user|rhost|ruser|group|shell]
+
+ What is listed in the file and should be checked for.
+
+sense=[allow|deny]
+
+ Action to take if found in file, if the item is NOT found in the file, then
+ the opposite action is requested.
+
+file=/path/filename
+
+ File containing one item per line. The file needs to be a plain file and
+ not world writeable.
+
+onerr=[succeed|fail]
+
+ What to do if something weird happens like being unable to open the file.
+
+apply=[user|@group]
+
+ Restrict the user class for which the restriction apply. Note that with
+ item=[user|ruser|group] this oes not make sense, but for item=[tty|rhost|
+ shell] it have a meaning.
+
+EXAMPLES
+
+Classic 'ftpusers' authentication can be implemented with this entry in /etc/
+pam.d/ftpd:
+
+#
+# deny ftp-access to users listed in the /etc/ftpusers file
+#
+auth required pam_listfile.so \
+ onerr=succeed item=user sense=deny file=/etc/ftpusers
+
+
+Note, users listed in /etc/ftpusers file are (counterintuitively) not allowed
+access to the ftp service.
+
+To allow login access only for certain users, you can use a /etc/pam.d/login
+entry like this:
+
+#
+# permit login to users listed in /etc/loginusers
+#
+auth required pam_listfile.so \
+ onerr=fail item=user sense=allow file=/etc/loginusers
+
+
+For this example to work, all users who are allowed to use the login service
+should be listed in the file /etc/loginusers. Unless you are explicitly trying
+to lock out root, make sure that when you do this, you leave a way for root to
+log in, either by listing root in /etc/loginusers, or by listing a user who is
+able to su to the root account.
+
+AUTHOR
+
+pam_listfile was written by Michael K. Johnson <johnsonm@redhat.com> and Elliot
+Lee <sopwith@cuc.edu>.
+
diff --git a/modules/pam_listfile/README.xml b/modules/pam_listfile/README.xml
new file mode 100644
index 00000000..d851aef3
--- /dev/null
+++ b/modules/pam_listfile/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_listfile.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_listfile.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_listfile-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_listfile/pam_listfile.8 b/modules/pam_listfile/pam_listfile.8
new file mode 100644
index 00000000..826d337e
--- /dev/null
+++ b/modules/pam_listfile/pam_listfile.8
@@ -0,0 +1,164 @@
+.\" Title: pam_listfile
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_LISTFILE" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+pam_listfile \- deny or allow services based on an arbitrary file.
+.SH "SYNOPSIS"
+.HP 16
+\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]]
+.SH "DESCRIPTION"
+.PP
+pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file.
+.PP
+The module gets the
+\fBitem\fR
+of the type specified \-\-
+\fIuser\fR
+specifies the username,
+\fIPAM_USER\fR; tty specifies the name of the terminal over which the request has been made,
+\fIPAM_TTY\fR; rhost specifies the name of the remote host (if any) from which the request was made,
+\fIPAM_RHOST\fR; and ruser specifies the name of the remote user (if available) who made the request,
+\fIPAM_RUSER\fR
+\-\- and looks for an instance of that item in the
+\fBfile=\fR\fB\fIfilename\fR\fR.
+\fIfilename\fR
+contains one line per item listed. If the item is found, then if
+\fBsense=\fR\fB\fIallow\fR\fR,
+\fIPAM_SUCCESS\fR
+is returned, causing the authorization request to succeed; else if
+\fBsense=\fR\fB\fIdeny\fR\fR,
+\fIPAM_AUTH_ERR\fR
+is returned, causing the authorization request to fail.
+.PP
+If an error is encountered (for instance, if
+\fIfilename\fR
+does not exist, or a poorly\-constructed argument is encountered), then if
+\fIonerr=succeed\fR,
+\fIPAM_SUCCESS\fR
+is returned, otherwise if
+\fIonerr=fail\fR,
+\fIPAM_AUTH_ERR\fR
+or
+\fIPAM_SERVICE_ERR\fR
+(as appropriate) will be returned.
+.PP
+An additional argument,
+\fBapply=\fR, can be used to restrict the application of the above to a specific user (\fBapply=\fR\fB\fIusername\fR\fR) or a given group (\fBapply=\fR\fB\fI@groupname\fR\fR). This added restriction is only meaningful when used with the
+\fItty\fR,
+\fIrhost\fR
+and
+\fIshell\fR
+items.
+.PP
+Besides this last one, all arguments should be specified; do not count on any default behavior.
+.PP
+No credentials are awarded by this module.
+.SH "OPTIONS"
+.PP
+.TP 3n
+\fBitem=[tty|user|rhost|ruser|group|shell]\fR
+What is listed in the file and should be checked for.
+.TP 3n
+\fBsense=[allow|deny]\fR
+Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested.
+.TP 3n
+\fBfile=\fR\fB\fI/path/filename\fR\fR
+File containing one item per line. The file needs to be a plain file and not world writeable.
+.TP 3n
+\fBonerr=[succeed|fail]\fR
+What to do if something weird happens like being unable to open the file.
+.TP 3n
+\fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR
+Restrict the user class for which the restriction apply. Note that with
+\fBitem=[user|ruser|group]\fR
+this oes not make sense, but for
+\fBitem=[tty|rhost|shell]\fR
+it have a meaning.
+.SH "MODULE SERVICES PROVIDED"
+.PP
+The services
+\fBauth\fR,
+\fBaccount\fR,
+\fBpassword\fR
+and
+\fBsession\fR
+are supported.
+.SH "RETURN VALUES"
+.PP
+.TP 3n
+PAM_AUTH_ERR
+Authentication failure.
+.TP 3n
+PAM_BUF_ERR
+Memory buffer error.
+.TP 3n
+PAM_IGNORE
+The rule does not apply to the
+\fBapply\fR
+option.
+.TP 3n
+PAM_SERVICE_ERR
+Error in service module.
+.TP 3n
+PAM_SUCCESS
+Success.
+.SH "EXAMPLES"
+.PP
+Classic 'ftpusers' authentication can be implemented with this entry in
+\fI/etc/pam.d/ftpd\fR:
+.sp
+.RS 3n
+.nf
+#
+# deny ftp\-access to users listed in the /etc/ftpusers file
+#
+auth required pam_listfile.so \\
+ onerr=succeed item=user sense=deny file=/etc/ftpusers
+
+.fi
+.RE
+.sp
+Note, users listed in
+\fI/etc/ftpusers\fR
+file are (counterintuitively)
+\fInot\fR
+allowed access to the ftp service.
+.PP
+To allow login access only for certain users, you can use a
+\fI/etc/pam.d/login\fR
+entry like this:
+.sp
+.RS 3n
+.nf
+#
+# permit login to users listed in /etc/loginusers
+#
+auth required pam_listfile.so \\
+ onerr=fail item=user sense=allow file=/etc/loginusers
+
+.fi
+.RE
+.sp
+For this example to work, all users who are allowed to use the login service should be listed in the file
+\fI/etc/loginusers\fR. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in
+\fI/etc/loginusers\fR, or by listing a user who is able to
+\fIsu\fR
+to the root account.
+.SH "SEE ALSO"
+.PP
+
+\fBpam.conf\fR(5),
+\fBpam.d\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_listfile was written by Michael K. Johnson <johnsonm@redhat.com> and Elliot Lee <sopwith@cuc.edu>.
diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml
new file mode 100644
index 00000000..85489d3c
--- /dev/null
+++ b/modules/pam_listfile/pam_listfile.8.xml
@@ -0,0 +1,282 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_listfile">
+
+ <refmeta>
+ <refentrytitle>pam_listfile</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_listfile-name">
+ <refname>pam_listfile</refname>
+ <refpurpose>deny or allow services based on an arbitrary file.</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_listfile-cmdsynopsis">
+ <command>pam_listfile.so</command>
+ <arg choice="plain">
+ item=[tty|user|rhost|ruser|group|shell]
+ </arg>
+ <arg choice="plain">
+ sense=[allow|deny]
+ </arg>
+ <arg choice="plain">
+ file=<replaceable>/path/filename</replaceable>
+ </arg>
+ <arg choice="plain">
+ onerr=[succeed|fail]
+ </arg>
+ <arg choice="opt">
+ apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>]
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_listfile-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ pam_listfile is a PAM module which provides a way to deny or
+ allow services based on an arbitrary file.
+ </para>
+ <para>
+ The module gets the <option>item</option> of the type specified --
+ <emphasis>user</emphasis> specifies the username,
+ <emphasis>PAM_USER</emphasis>; tty specifies the name of the terminal
+ over which the request has been made, <emphasis>PAM_TTY</emphasis>;
+ rhost specifies the name of the remote host (if any) from which the
+ request was made, <emphasis>PAM_RHOST</emphasis>; and ruser specifies
+ the name of the remote user (if available) who made the request,
+ <emphasis>PAM_RUSER</emphasis> -- and looks for an instance of that
+ item in the <option>file=<replaceable>filename</replaceable></option>.
+ <filename>filename</filename> contains one line per item listed. If
+ the item is found, then if
+ <option>sense=<replaceable>allow</replaceable></option>,
+ <emphasis>PAM_SUCCESS</emphasis> is returned, causing the authorization
+ request to succeed; else if
+ <option>sense=<replaceable>deny</replaceable></option>,
+ <emphasis>PAM_AUTH_ERR</emphasis> is returned, causing the authorization
+ request to fail.
+ </para>
+ <para>
+ If an error is encountered (for instance, if
+ <filename>filename</filename> does not exist, or a poorly-constructed
+ argument is encountered), then if <emphasis>onerr=succeed</emphasis>,
+ <emphasis>PAM_SUCCESS</emphasis> is returned, otherwise if
+ <emphasis>onerr=fail</emphasis>, <emphasis>PAM_AUTH_ERR</emphasis> or
+ <emphasis>PAM_SERVICE_ERR</emphasis> (as appropriate) will be returned.
+ </para>
+ <para>
+ An additional argument, <option>apply=</option>, can be used
+ to restrict the application of the above to a specific user
+ (<option>apply=<replaceable>username</replaceable></option>)
+ or a given group
+ (<option>apply=<replaceable>@groupname</replaceable></option>).
+ This added restriction is only meaningful when used with the
+ <emphasis>tty</emphasis>, <emphasis>rhost</emphasis> and
+ <emphasis>shell</emphasis> items.
+ </para>
+ <para>
+ Besides this last one, all arguments should be specified; do not
+ count on any default behavior.
+ </para>
+ <para>
+ No credentials are awarded by this module.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_listfile-options">
+
+ <title>OPTIONS</title>
+ <para>
+ <variablelist>
+
+ <varlistentry>
+ <term>
+ <option>item=[tty|user|rhost|ruser|group|shell]</option>
+ </term>
+ <listitem>
+ <para>
+ What is listed in the file and should be checked for.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>sense=[allow|deny]</option>
+ </term>
+ <listitem>
+ <para>
+ Action to take if found in file, if the item is NOT found in
+ the file, then the opposite action is requested.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>file=<replaceable>/path/filename</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ File containing one item per line. The file needs to be a plain
+ file and not world writeable.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>onerr=[succeed|fail]</option>
+ </term>
+ <listitem>
+ <para>
+ What to do if something weird happens like being unable to open
+ the file.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>]</option>
+ </term>
+ <listitem>
+ <para>
+ Restrict the user class for which the restriction apply. Note that
+ with <option>item=[user|ruser|group]</option> this oes not make sense,
+ but for <option>item=[tty|rhost|shell]</option> it have a meaning.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_listfile-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ The services <option>auth</option>, <option>account</option>,
+ <option>password</option> and <option>session</option> are supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_listfile-return_values'>
+ <title>RETURN VALUES</title>
+ <para>
+ <variablelist>
+
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>Authentication failure.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory buffer error.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ The rule does not apply to the <option>apply</option> option.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_SERVICE_ERR</term>
+ <listitem>
+ <para>
+ Error in service module.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Success.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_listfile-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ Classic 'ftpusers' authentication can be implemented with this entry
+ in <filename>/etc/pam.d/ftpd</filename>:
+ <programlisting>
+#
+# deny ftp-access to users listed in the /etc/ftpusers file
+#
+auth required pam_listfile.so \
+ onerr=succeed item=user sense=deny file=/etc/ftpusers
+ </programlisting>
+ Note, users listed in <filename>/etc/ftpusers</filename> file are
+ (counterintuitively) <emphasis>not</emphasis> allowed access to
+ the ftp service.
+ </para>
+ <para>
+ To allow login access only for certain users, you can use a
+ <filename>/etc/pam.d/login</filename> entry like this:
+ <programlisting>
+#
+# permit login to users listed in /etc/loginusers
+#
+auth required pam_listfile.so \
+ onerr=fail item=user sense=allow file=/etc/loginusers
+ </programlisting>
+ For this example to work, all users who are allowed to use the
+ login service should be listed in the file
+ <filename>/etc/loginusers</filename>. Unless you are explicitly
+ trying to lock out root, make sure that when you do this, you leave
+ a way for root to log in, either by listing root in
+ <filename>/etc/loginusers</filename>, or by listing a user who is
+ able to <emphasis>su</emphasis> to the root account.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_listfile-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_listfile-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_listfile was written by Michael K. Johnson &lt;johnsonm@redhat.com&gt;
+ and Elliot Lee &lt;sopwith@cuc.edu&gt;.
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8 b/modules/pam_mkhomedir/pam_mkhomedir.8
index 847c75ee..1364e01f 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.8
+++ b/modules/pam_mkhomedir/pam_mkhomedir.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_MKHOMEDIR" "8" "05/30/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_mkhomedir
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_MKHOMEDIR" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -19,14 +22,14 @@ The pam_mkhomedir PAM module will create a users home directory if it does not e
.PP
The new users home directory will not be removed after logout of the user.
.SH "OPTIONS"
-.TP
+.TP 3n
\fBsilent\fR
Don't print informative messages.
-.TP
+.TP 3n
\fBumask=\fR\fB\fImask\fR\fR
The user file\-creation mask is set to
\fImask\fR. The default value of mask is 0022.
-.TP
+.TP 3n
\fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR
Indicate an alternative
\fIskel\fR
@@ -38,29 +41,30 @@ Only the
\fBsession\fR
service is supported.
.SH "RETURN VALUES"
-.TP
+.TP 3n
PAM_BUF_ERR
Memory buffer error.
-.TP
+.TP 3n
PAM_CRED_INSUFFICIENT
Insufficient credentials to access authentication data.
-.TP
+.TP 3n
PAM_PERM_DENIED
Not enough permissions to create the new directory or read the skel directory.
-.TP
+.TP 3n
PAM_USER_UNKNOWN
User not known to the underlying authentication module.
-.TP
+.TP 3n
PAM_SUCCESS
Environment variables were set.
.SH "FILES"
-.TP
+.TP 3n
\fI/etc/skel\fR
Default skel directory
.SH "EXAMPLES"
.PP
A sample /etc/pam.d/login file:
.sp
+.RS 3n
.nf
auth requisite pam_securetty.so
auth sufficient pam_ldap.so
@@ -75,9 +79,11 @@ A sample /etc/pam.d/login file:
session optional pam_mail.so standard
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBpam.d\fR(8),
\fBpam\fR(8).
.SH "AUTHOR"
diff --git a/modules/pam_succeed_if/pam_succeed_if.8 b/modules/pam_succeed_if/pam_succeed_if.8
index 70c4f8d2..3b63034e 100644
--- a/modules/pam_succeed_if/pam_succeed_if.8
+++ b/modules/pam_succeed_if/pam_succeed_if.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_SUCCEED_IF" "8" "02/24/2006" "Linux\-PAM" "Linux\-PAM"
+.\" Title: pam_succeed_if
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM
+.\" Source: Linux\-PAM
+.\"
+.TH "PAM_SUCCEED_IF" "8" "06/02/2006" "Linux\-PAM" "Linux\-PAM"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -21,22 +24,23 @@ The module should be given one or more conditions as module arguments, and authe
.PP
The following
\fIflag\fRs are supported:
-.TP
+.TP 3n
\fBdebug\fR
Turns on debugging messages sent to syslog.
-.TP
+.TP 3n
\fBuse_uid\fR
Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated.
-.TP
+.TP 3n
\fBquiet\fR
Don't log failure or success to the system log.
-.TP
+.TP 3n
\fBquiet_fail\fR
Don't log failure to the system log.
-.TP
+.TP 3n
\fBquiet_success\fR
Don't log success to the system log.
.PP
+
\fICondition\fRs are three words: a field, a test, and a value to test for.
.PP
Available fields are
@@ -46,50 +50,50 @@ Available fields are
\fIshell\fR
and
\fIhome\fR:
-.TP
+.TP 3n
\fBfield < number\fR
Field has a value numerically less than number.
-.TP
+.TP 3n
\fBfield <= number\fR
Field has a value numerically less than or equal to number.
-.TP
+.TP 3n
\fBfield eq number\fR
Field has a value numerically less equal to number.
-.TP
+.TP 3n
\fBfield >= number\fR
Field has a value numerically greater than or equal to number.
-.TP
+.TP 3n
\fBfield > number\fR
Field has a value numerically greater than number.
-.TP
+.TP 3n
\fBfield ne number\fR
Field has a value numerically different from number.
-.TP
+.TP 3n
\fBfield = string\fR
Field exactly matches the given string.
-.TP
+.TP 3n
\fBfield != string\fR
Field does not match the given string.
-.TP
+.TP 3n
\fBfield =~ glob\fR
Field matches the given glob.
-.TP
+.TP 3n
\fBfield !~ glob\fR
Field does not match the given glob.
-.TP
+.TP 3n
\fBuser ingroup group\fR
User is in given group.
-.TP
+.TP 3n
\fBuser notingroup group\fR
User is not in given group.
.SH "RETURN VALUES"
-.TP
+.TP 3n
PAM_SUCCESS
The condition was true.
-.TP
+.TP 3n
PAM_AUTH_ERR
The condition was false.
-.TP
+.TP 3n
PAM_SERVICE_ERR
A service error occured or the arguments can't be parsed as numbers.
.SH "EXAMPLES"
@@ -97,22 +101,27 @@ A service error occured or the arguments can't be parsed as numbers.
To emulate the behaviour of
\fIpam_wheel\fR, except there is no fallback to group 0:
.sp
+.RS 3n
.nf
auth required pam_succeed_if.so quiet user ingroup wheel
.fi
+.RE
.sp
.PP
Given that the type matches, only loads the othermodule rule if the UID is over 500. Adjust the number after default to skip several rules.
.sp
+.RS 3n
.nf
type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500
type required othermodule.so arguments...
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBglob\fR(7),
\fBpam\fR(8)
.SH "AUTHOR"
diff --git a/modules/pam_umask/pam_umask.8 b/modules/pam_umask/pam_umask.8
index 8e0cbb7c..97ce6a62 100644
--- a/modules/pam_umask/pam_umask.8
+++ b/modules/pam_umask/pam_umask.8
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_UMASK" "8" "05/30/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_umask
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.\"
+.TH "PAM_UMASK" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -17,33 +20,35 @@ pam_umask \- PAM module to set the file mode creation mask
pam_umask is a PAM module to set the file mode creation mask of the current environment. The umask affects the default permissions assigned to newly created files.
.PP
The PAM module tries to get the umask value from the following places in the following order:
-.TP 3
+.TP 3n
\(bu
umask= argument
-.TP
+.TP 3n
\(bu
umask= entry of the users GECOS field
-.TP
+.TP 3n
\(bu
pri= entry of the users GECOS field
-.TP
+.TP 3n
\(bu
ulimit= entry of the users GECOS field
-.TP
+.TP 3n
\(bu
UMASK= entry from /etc/default/login
-.TP
+.TP 3n
\(bu
UMASK entry from /etc/login.defs
+.sp
+.RE
.SH "OPTIONS"
.PP
-.TP
+.TP 3n
\fBdebug\fR
Print debug information.
-.TP
+.TP 3n
\fBusergroups\fR
If the user is not root, and the user ID is equal to the group ID, and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007).
-.TP
+.TP 3n
\fBumask=\fR\fB\fImask\fR\fR
Sets the calling process's file mode creation mask (umask) to
\fBmask\fR
@@ -55,13 +60,13 @@ Only the
service is supported.
.SH "RETURN VALUES"
.PP
-.TP
+.TP 3n
PAM_SUCCESS
The new umask was set successfull.
-.TP
+.TP 3n
PAM_SERVICE_ERR
No username was given.
-.TP
+.TP 3n
PAM_USER_UNKNOWN
User not known.
.SH "EXAMPLES"
@@ -70,13 +75,16 @@ Add the following line to
\fI/etc/pam.d/login\fR
to set the user specific umask at login:
.sp
+.RS 3n
.nf
session optional pam_umask.so umask=0022
.fi
+.RE
.sp
.SH "SEE ALSO"
.PP
+
\fBpam.conf\fR(5),
\fBpam.d\fR(8),
\fBpam\fR(8)
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 69af417c..5559fd2c 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -317,13 +317,25 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
pam_syslog(pamh, LOG_DEBUG,
"password for user %s will expire in %d days",
uname, daysleft);
+#ifdef HAVE_DNGETTEXT
+ snprintf (buf, sizeof (buf),
+ dngettext(PACKAGE,
+ "Warning: your password will expire in %d day",
+ "Warning: your password will expire in %d days",
+ daysleft),
+ daysleft);
+#else
if (daysleft == 1)
snprintf(buf, sizeof (buf),
- _("Warning: your password will expire in one day"));
+ _("Warning: your password will expire in %d day"),
+ daysleft);
else
snprintf(buf, sizeof (buf),
+ /* TRANSLATORS: only used if dngettext is not support
+ed */
_("Warning: your password will expire in %d days"),
daysleft);
+#endif
_make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
}