From 8ae5f5769c4c611ca6918450bbe6e55dfa4e5926 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Fri, 7 Dec 2007 15:40:01 +0000
Subject: Relevant BUGIDs:

Purpose of commit: new feature and cleanup

Commit summary:
---------------
2007-12-07  Tomas Mraz  <t8m@centrum.cz>

        * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
        * libpam/pam_audit.c: Add _pam_audit_open() and
        pam_modutil_audit_write().
        (_pam_auditlog): Call _pam_audit_open().
        * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
        * modules/pam_access/pam_access.8.xml: Add noaudit option.
        Document auditing.
        * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
        only_new_group_syntax variables to struct login_info. Add noaudit
        member.
        (_parse_args): Adjust for the move of variables and add support for
        noaudit option.
        (group_match): Add debug parameter.
        (string_match): Likewise.
        (network_netmask_match): Likewise.
        (login_access): Adjust for the move of variables. Add nonall_match.
        Add call to pam_modutil_audit_write().
        (list_match): Adjust for the move of variables.
        (user_match): Likewise.
        (from_match): Likewise.
        (pam_sm_authenticate): Call _parse_args() earlier.
        * modules/pam_limits/pam_limits.8.xml: Add noaudit option.
        Document auditing.
        * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
        (setup_limits): Call pam_modutil_audit_write().
        * modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
        Document auditing.
        * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
        (check_account): Call _pam_parse(). Call pam_modutil_audit_write()
        and pam_syslog() on login denials.
---
 modules/pam_time/README | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'modules/pam_time/README')

diff --git a/modules/pam_time/README b/modules/pam_time/README
index abafd936..05eaec2c 100644
--- a/modules/pam_time/README
+++ b/modules/pam_time/README
@@ -14,6 +14,9 @@ from which they are making their request.
 By default rules for time/port access are taken from config file /etc/security/
 time.conf.
 
+If Linux PAM is compiled with audit support the module will report when it
+denies access.
+
 EXAMPLES
 
 These are some example lines which might be specified in /etc/security/
-- 
cgit v1.2.3