From 65d6735c5949ec233df9813f734e918a93fa36cf Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com>
Date: Mon, 16 Sep 2019 17:17:49 +0200
Subject: Add support for a vendor directory and libeconf (#136)

With this, it is possible for Linux distributors to store their
supplied default configuration files somewhere below /usr, while
/etc only contains the changes made by the user. The new option
--enable-vendordir defines where Linux-PAM should additional look
for pam.d/*, login.defs and securetty if this files are not in /etc.
libeconf is a key/value configuration file reading library, which
handles the split of configuration files in different locations
and merges them transparently for the application.
---
 doc/man/Makefile.am |  5 +++++
 doc/man/pam.8.xml   | 17 +++++++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

(limited to 'doc/man')

diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 78c891df..8e76897e 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -59,5 +59,10 @@ pam.d.5: pam.conf.5
 pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
 pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
 pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml
+if HAVE_VENDORDIR
+XSLTPROC_CUSTOM = --stringparam vendordir $(VENDORDIR)
+else
+XSLTPROC_CUSTOM = --stringparam vendordir "<vendordir>"
+endif
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml
index 9839defb..464af0e5 100644
--- a/doc/man/pam.8.xml
+++ b/doc/man/pam.8.xml
@@ -53,11 +53,12 @@
 
     <para>
       Vendor-supplied PAM configuration files might be installed in
-      the system directory <filename>/usr/lib/pam.d/</filename> instead
+      the system directory <filename>/usr/lib/pam.d/</filename> or
+      a configurable vendor specific directory instead
       of the machine configuration directory <filename>/etc/pam.d/</filename>.
       If no machine configuration file is found, the vendor-supplied file
       is used. All files in <filename>/etc/pam.d/</filename> override
-      files with the same name in <filename>/usr/lib/pam.d/</filename>.
+      files with the same name in other directories.
     </para>
 
 <para>From the point of view of the system administrator, for whom this
@@ -157,6 +158,18 @@ closing hook for modules to affect the services available to a user.</para>
           </para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><filename>%vendordir%/pam.d</filename></term>
+        <listitem>
+          <para>
+            the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration
+	    directory. Files in <filename>/etc/pam.d</filename> and
+	    <filename>/usr/lib/pam.d</filename> override files with the same
+	    name in this directory. Only available if Linux-PAM was compiled
+	    with vendordir enabled.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
-- 
cgit v1.2.3