From efd31890b5ed496a5a00c08a262da240e66a4ddc Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Thu, 3 Jan 2019 12:44:11 -0800 Subject: New upstream version 0.76 --- Linux-PAM/doc/modules/module.sgml-template | 170 +++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 Linux-PAM/doc/modules/module.sgml-template (limited to 'Linux-PAM/doc/modules/module.sgml-template') diff --git a/Linux-PAM/doc/modules/module.sgml-template b/Linux-PAM/doc/modules/module.sgml-template new file mode 100644 index 00000000..36ffe617 --- /dev/null +++ b/Linux-PAM/doc/modules/module.sgml-template @@ -0,0 +1,170 @@ + + + [*Familiar full name of module*, eg. The "allow all" module.] + +Synopsis + +

+ + +Module Name: +[ + insert the name of the module + + Blank is not permitted. +] + +Author[s]: + +[ + Insert author names here + + Blank is not permitted. If in doubt, put "unknown" if the + author wishes to remain anonymous, put "anonymous". +] + +Maintainer: + +[ + Insert names and date-begun of most recent maintainer. +] + +Management groups provided: + +[ + list the subset of four management groups supported by the + module. Choose from: account; authentication; password; + session. + + Blank entries are not permitted. Explicitly list all of the + management groups. In the future more may be added to libpam! +] + +Cryptographically sensitive: + +[ + Indicate whether this module contains code that can perform + reversible (strong) encryption. This field is primarily to + ensure that people redistributing it are not unwittingly + breaking laws... + + Modules may also require the presence of some local library + that performs the necessary encryption via some standard API. + In this case "uses API" can be included in this field. The + library in question should be added to the system requirements + below. + + Blank = no cryptography is used by module. +] + +Security rating: + +[ + Initially, this field should be left blank. If someone takes + it upon themselves to test the strength of the module, it can + later be filled. + + Blank = unknown. +] + +Clean code base: + +[ + This will probably be filled by the libpam maintainer. + It can be considered to be a public humiliation list. :*) + + I am of the opinion that "gcc -with_all_those_flags" is + trying to tell us something about whether the program + works as intended. Since there is currently no Security + evaluation procedure for modules IMHO this is not a + completely unreasonable indication (a lower bound anyway) + of the reliability of a module. + + This field would indicate the number and flavor of + warnings that gcc barfs up when trying to compile the + module as part of the tree. Is this too tyrannical? + + Blank = Linux-PAM maintainer has not tested it :) +] + +System dependencies: + +[ + here we list config files, dynamic libraries needed, system + resources, kernel options.. etc. + + Blank = nothing more than libc required. +] + +Network aware: + +[ + Does the module base its behavior on probing a network + connection? Does it expect to be protected by the + application? + + Blank = Ignorance of network. +] + + + +Overview of module + +[ + some text describing the intended actions of the module + general comments mainly (specifics in sections + below). +] + +[ + + [ now we have a level subsection for each of the + management groups. Include as many as there are groups + listed above in the synopsis ] + +[ Account | Authentication | Password | Session ] component + +

+ + +Recognized arguments: + +[ + List the supported arguments (leave their description for the + description below. + + Blank = no arguments are read and nothing is logged to syslog + about any arguments that are passed. Note, this + behavior is contrary to the RFC! +] + +Description: + +[ + This component of the module performs the task of ... +] + +Examples/suggested usage: + +[ + Here we list some doos and don'ts for this module. +] + + + + -- cgit v1.2.3