+2009-06-16 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * doc/sag/Linux-PAM_SAG.xml: Fix typos.
+ * doc/adg/Linux-PAM_ADG.xml: Likewise.
+ * doc/mwg/Linux-PAM_MWG.xml: Likewise.
+
2009-06-08 Rajesh Ranjan <rajesh672@gmail.com>
* po/hi.po: Updated translations.
about the <emphasis remap='B'>Linux-PAM</emphasis> library. It
describes how an application might use the
<emphasis remap='B'>Linux-PAM</emphasis> library to authenticate
- users. In addition it contains a description of the funtions
+ users. In addition it contains a description of the functions
to be found in <filename>libpam_misc</filename> library, that can
be used in general applications. Finally, it contains some comments
on PAM related security issues for the application developer.
</para>
</section>
- <section id="adg-security-usre-identity">
+ <section id="adg-security-user-identity">
<title>The identity of the user</title>
<para>
The <emphasis remap='B'>Linux-PAM</emphasis> modules will need
issue of security. One convention that is actively used by
some modules is that the identity of the user requesting a
service should be the current <emphasis>UID</emphasis>
- (userid) of the running process; the identity of the
+ (user ID) of the running process; the identity of the
privilege granting user is the <emphasis>EUID</emphasis>
- (effective userid) of the running process; the identity of
+ (effective user ID) of the running process; the identity of
the user, under whose name the service will be executed, is
given by the contents of the <emphasis>PAM_USER</emphasis>
<citerefentry>
This is also true of conversation prompts. The application should not
accept prompts of arbitrary length with out checking for resource
allocation failure and dealing with such extreme conditions gracefully
- and in a mannor that preserves the PAM API. Such tolerance may be
+ and in a manner that preserves the PAM API. Such tolerance may be
especially important when attempting to track a malicious adversary.
</para>
</section>
<para>
To aid the work of the application developer a library of
miscellaneous functions is provided. It is called
- <command>libpam_miscy</command>, and contains a text based
+ <command>libpam_misc</command>, and contains a text based
conversation function, and routines for enhancing the standard
PAM-environment variable support.
</para>
being be attached to it. The point being that the "standard"
pop-authentication protocol(s) [which will be needed to satisfy
inflexible/legacy clients] would be supported by inserting an
- appropriate pam_qpopper module(s). However, having rewritten popd
- once in this way any new protocols can be implemented in-situ.
+ appropriate pam_qpopper module(s). However, having rewritten
+ <command>popd</command> once in this way any new protocols can be
+ implemented in-situ.
</para>
<para>
One simple test of a ported application would be to insert the
him/herself in a variety of ways. Updating the user's
authentication token thus corresponds to
<emphasis>refreshing</emphasis> the object they use to
- authenticate themself with the system. The word password is
+ authenticate them self with the system. The word password is
avoided to keep open the possibility that the authentication
involves a retinal scan or other non-textual mode of
challenge/response.
</para>
</section>
- <section id="mwg-introducton-synopsis">
+ <section id="mwg-introduction-synopsis">
<title>Synopsis</title>
<programlisting>
#include <security/pam_modules.h>
First, we cover what the module should expect from the
<emphasis remap='B'>Linux-PAM</emphasis> library and a
<emphasis remap='B'>Linux-PAM</emphasis> aware application.
- Essesntially this is the <filename>libpam.*</filename> library.
+ Essentially this is the <filename>libpam.*</filename> library.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_set_data.xml"/>
token of some lesser user. In other cases it may not be
appropriate: when <command>joe</command> maliciously wants
to reset <command>alice</command>'s password; or when anyone
- other than the user themself wishes to reset their
+ other than the user them self wishes to reset their
<emphasis>KERBEROS</emphasis> authentication token. A policy
for this action should be defined by any reasonable
authentication scheme, the module writer should consider
</abstract>
</bookinfo>
- <chapter id='sag-introductoin'>
+ <chapter id='sag-introduction'>
<title>Introduction</title>
<para>
<emphasis remap='B'>Linux-PAM</emphasis> (Pluggable Authentication
here for locating these files are those of the relevant RFC (RFC-86.0,
see <link linkend="sag-see-also">bibliography"</link>). If you are
using a distribution of Linux (or some other operating system) that
- supports PAM but chooses to distribute these files in a diferent way
+ supports PAM but chooses to distribute these files in a different way
you should be careful when copying examples directly from the text.
</para>
<para>
If a program is going to use PAM, then it has to have PAM
functions explicitly coded into the program. If you have
access to the source code you can add the appropriate PAM
- functions. If you do not have accessto the source code, and
+ functions. If you do not have access to the source code, and
the binary does not have the PAM functions included, then
it is not possible to use PAM.
</para>
href="../man/pam.conf-syntax.xml"
xpointer='xpointer(//section[@id = "pam.conf-syntax"]/*)' />
</section>
- <section id='sag-configuratin-dirctory'>
+ <section id='sag-configuration-directory'>
<title>Directory based configuration</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam.conf-dir.xml"
<chapter id='sag-security-issues'>
<title>Security issues</title>
- <section id='sag-scurity-issues-wrong'>
+ <section id='sag-security-issues-wrong'>
<title>If something goes wrong</title>
<para>
<emphasis remap='B'>Linux-PAM</emphasis> has the potential
choose to have no security or absolute security (no access
permitted). In general, <emphasis remap='B'>Linux-PAM</emphasis>
errs towards the latter. Any number of configuration errors
- can dissable access to your system partially, or completely.
+ can disable access to your system partially, or completely.
</para>
<para>
The most dramatic problem that is likely to be encountered when
projects / linux-pam / commitdiff