+2009-06-01 Ville Skyttä <ville.skytta@iki.fi>
+
+ * modules/pam_limits/pam_limits.8.xml: Only *.conf
+ files are parsed. Spelling fixes.
+ * modules/pam_access/pam_access.8.xml: Spelling fixes.
+ * modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
+ * modules/pam_echo/pam_echo.8.xml: Likewise.
+ * modules/pam_env/pam_env.8.xml: Likewise.
+ * modules/pam_exec/pam_exec.8.xml: Likewise.
+ * modules/pam_filter/pam_filter.8.xml: Likewise.
+ * modules/pam_ftp/pam_ftp.8.xml: Likewise.
+ * modules/pam_group/pam_group.8.xml: Likewise.
+ * modules/pam_issue/pam_issue.8.xml: Likewise.
+ * modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
+ * modules/pam_listfile/pam_listfile.8.xml: Likewise.
+ * modules/pam_localuser/pam_localuser.8.xml: Likewise.
+ * modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
+ * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
+ * modules/pam_motd/pam_motd.8.xml: Likewise.
+ * modules/pam_namespace/pam_namespace.8.xml: Likewise.
+ * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
+ * modules/pam_selinux/pam_selinux.8.xml: Likewise.
+ * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
+ * modules/pam_tally/pam_tally.8.xml: Likewise.
+ * modules/pam_tally2/pam_tally2.8.xml: Likewise.
+ * modules/pam_time/pam_time.8.xml: Likewise.
+ * modules/pam_timestamp/pam_timestamp.8.xml: Likewise.
+ * modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise.
+ * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
+ * modules/pam_umask/pam_umask.8.xml: Likewise.
+ * modules/pam_unix/pam_unix.8.xml: Likewise.
+ * modules/pam_xauth/pam_xauth.8.xml: Likewise.
+
2009-05-28 Jaswinder Singh <jsingh@redhat.com>
* po/pa.po: Updated translations.
</term>
<listitem>
<para>
- A lot of debug informations are printed with
+ A lot of debug information is printed with
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
</listitem>
<emphasis remap='B'>fieldsep=|</emphasis> will cause the
default `:' character to be treated as part of a field value
and `|' becomes the field separator. Doing this may be
- useful in conjuction with a system that wants to use
+ useful in conjunction with a system that wants to use
pam_access with X based applications, since the
<emphasis remap='B'>PAM_TTY</emphasis> item is likely to be
of the form "hostname:0" which includes a `:' character in
<term>PAM_SERVICE_ERR</term>
<listitem>
<para>
- A internal error occured.
+ A internal error occurred.
</para>
</listitem>
</varlistentry>
<title>EXAMPLES</title>
<para>
For an example of the use of this module, we show how it may be
- used to print informations about good passwords:
+ used to print information about good passwords:
<programlisting>
password optional pam_echo.so file=/usr/share/doc/good-password.txt
password required pam_unix.so
</term>
<listitem>
<para>
- A lot of debug informations are printed with
+ A lot of debug information is printed with
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
</listitem>
<para>
Indicate an alternative <filename>.pam_environment</filename>
file to override the default. This can be useful when different
- services need different environments. The filename is relativ to
+ services need different environments. The filename is relative to
the user home directory.
</para>
</listitem>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- The external command runs successfull.
+ The external command was run successfully.
</para>
</listitem>
</varlistentry>
<term>PAM_SYSTEM_ERR</term>
<listitem>
<para>
- A system error occured or the command to execute failed.
+ A system error occurred or the command to execute failed.
</para>
</listitem>
</varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- The new filter was set successfull.
+ The new filter was set successfully.
</para>
</listitem>
</varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- The authentication was successfull.
+ The authentication was successful.
</para>
</listitem>
</varlistentry>
access to should be mounted <emphasis>nosuid</emphasis>.
</para>
<para>
- The pam_group module fuctions in parallel with the
+ The pam_group module functions in parallel with the
<filename>/etc/group</filename> file. If the user is granted any groups
based on the behavior of this module, they are granted
<emphasis>in addition</emphasis> to those entries
<term>PAM_SERVICE_ERR</term>
<listitem>
<para>
- A service module error occured.
+ A service module error occurred.
</para>
</listitem>
</varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- The new prompt was set successfull.
+ The new prompt was set successfully.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
Don't inform the user about any previous login,
- just upate the <filename>/var/log/lastlog</filename> file.
+ just update the <filename>/var/log/lastlog</filename> file.
</para>
</listitem>
</varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- Everything was successfull.
+ Everything was successful.
</para>
</listitem>
</varlistentry>
</para>
<para>
By default limits are taken from the <filename>/etc/security/limits.conf</filename>
- config file. Then individual files from the <filename>/etc/security/limits.d/</filename>
+ config file. Then individual *.conf files from the <filename>/etc/security/limits.d/</filename>
directory are read. The files are parsed one after another in the order of "C" locale.
The effect of the individual files is the same as if all the files were
concatenated together in the order of parsing.
- If a config file is explicitely specified with a module option then the
+ If a config file is explicitly specified with a module option then the
files in the above directory are not parsed.
</para>
<para>
</listitem>
</varlistentry>
<varlistentry>
- <term>PAM_SESSEION_ERR</term>
+ <term>PAM_SESSION_ERR</term>
<listitem>
<para>
Error recovering account name.
<listitem>
<para>
File containing one item per line. The file needs to be a plain
- file and not world writeable.
+ file and not world writable.
</para>
</listitem>
</varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- The new localuser was set successfull.
+ The new localuser was set successfully.
</para>
</listitem>
</varlistentry>
<term>PAM_SESSION_ERR</term>
<listitem>
<para>
- An error occured during session management.
+ An error occurred during session management.
</para>
</listitem>
</varlistentry>
without using a distributed file system or pre-creating a large
number of directories. The skeleton directory (usually
<filename>/etc/skel/</filename>) is used to copy default files
- and also set's a umask for the creation.
+ and also sets a umask for the creation.
</para>
<para>
The new users home directory will not be removed after logout
<para>
pam_motd is a PAM module that can be used to display
- arbitrary motd (message of the day) files after a succesful
+ arbitrary motd (message of the day) files after a successful
login. By default the <filename>/etc/motd</filename> file is
shown. The message size is limited to 64KB.
</para>
using SELinux, user name, security context or both. If an executable
script <filename>/etc/security/namespace.init</filename> exists, it
is used to initialize the instance directory after it is set up
- and mounted on the polyinstantiated direcory. The script receives the
+ and mounted on the polyinstantiated directory. The script receives the
polyinstantiated directory path, the instance directory path, flag
whether the instance directory was newly created (0 for no, 1 for yes),
and the user name as its arguments.
<listitem>
<para>
For certain trusted programs such as newrole, open session
- is called from a child process while the parent perfoms
+ is called from a child process while the parent performs
close session and pam end functions. For these commands
use this option to instruct pam_close_session to not
unmount the bind mounted polyinstantiated directory in the
alternating between the same password too frequently.
</para>
<para>
- This module does not work togehter with kerberos. In general,
- it does not make much sense to use this module in conjuction
+ This module does not work together with kerberos. In general,
+ it does not make much sense to use this module in conjunction
with NIS or LDAP, since the old passwords are stored on the
local machine and are not available on another machine for
password history checking.
<listitem>
<para>
Use the sensitivity level of the current process for the user context
- instead of the default level. Also supresses asking of the
+ instead of the default level. Also suppresses asking of the
sensitivity level from the user or obtaining it from PAM environment.
</para>
</listitem>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- The security context was set successfull.
+ The security context was set successfully.
</para>
</listitem>
</varlistentry>
<term>PAM_SERVICE_ERR</term>
<listitem>
<para>
- A service error occured or the arguments can't be
+ A service error occurred or the arguments can't be
parsed correctly.
</para>
</listitem>
<listitem>
<para>
If something weird happens (like unable to open the file),
- return with <errorcode>PAM_SUCESS</errorcode> if
+ return with <errorcode>PAM_SUCCESS</errorcode> if
<option>onerr=<replaceable>succeed</replaceable></option>
is given, else with the corresponding PAM error code.
</para>
<listitem>
<para>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <command>su</command>,
otherwise this argument should be omitted.
</para>
<para>
Account phase resets attempts counter if the user is
<emphasis remap='B'>not</emphasis> magic root.
- This phase can be used optionaly for services which don't call
+ This phase can be used optionally for services which don't call
<citerefentry>
<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> correctly or if the reset should be done regardless
<listitem>
<para>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <command>su</command>,
otherwise this argument should be omitted.
</para>
<listitem>
<para>
A invalid option was given, the module was not able
- to retrive the user name, no valid counter file
+ to retrieve the user name, no valid counter file
was found, or too many failed logins.
</para>
</listitem>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- Everything was successfull.
+ Everything was successful.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
If something weird happens (like unable to open the file),
- return with <errorcode>PAM_SUCESS</errorcode> if
+ return with <errorcode>PAM_SUCCESS</errorcode> if
<option>onerr=<replaceable>succeed</replaceable></option>
is given, else with the corresponding PAM error code.
</para>
<listitem>
<para>
If the module is invoked by a user with uid=0 the
- counter is not incremented. The sys-admin should use this
+ counter is not incremented. The sysadmin should use this
for user launched services, like <command>su</command>,
otherwise this argument should be omitted.
</para>
<para>
This option implies <option>even_deny_root</option> option.
Allow access after <replaceable>n</replaceable> seconds
- to root acccount after failed attempt. If this option is used
+ to root account after failed attempt. If this option is used
the root user will be locked out for the specified amount of
time after he exceeded his maximum allowed attempts.
</para>
<para>
Account phase resets attempts counter if the user is
<emphasis remap='B'>not</emphasis> magic root.
- This phase can be used optionaly for services which don't call
+ This phase can be used optionally for services which don't call
<citerefentry>
<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> correctly or if the reset should be done regardless
<listitem>
<para>
If the module is invoked by a user with uid=0 the
- counter is not changed. The sys-admin should use this
+ counter is not changed. The sysadmin should use this
for user launched services, like <command>su</command>,
otherwise this argument should be omitted.
</para>
<listitem>
<para>
A invalid option was given, the module was not able
- to retrive the user name, no valid counter file
+ to retrieve the user name, no valid counter file
was found, or too many failed logins.
</para>
</listitem>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- Everything was successfull.
+ Everything was successful.
</para>
</listitem>
</varlistentry>
</term>
<listitem>
<para>
- Some debug informations are printed with
+ Some debug information is printed with
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
</listitem>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>
- The module was not able to retrive the user name or
+ The module was not able to retrieve the user name or
no valid timestamp file was found.
</para>
</listitem>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- Everything was successfull.
+ Everything was successful.
</para>
</listitem>
</varlistentry>
timestamps generated by <emphasis>pam_timestamp</emphasis> when
the user authenticates as herself. When the user authenticates as a
different user, the name of the timestamp file changes to
- accomodate this. <replaceable>target_user</replaceable> allows
+ accommodate this. <replaceable>target_user</replaceable> allows
to specify this user name.
</para>
</listitem>
For each user matching one of comma-separated glob
<option><replaceable>patterns</replaceable></option>, disable
TTY auditing. This overrides any previous <option>enable</option>
- option matchin the same user name on the command line.
+ option matching the same user name on the command line.
</para>
</listitem>
</varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
- The new umask was set successfull.
+ The new umask was set successfully.
</para>
</listitem>
</varlistentry>
</term>
<listitem>
<para>
- Ignore errors reading shadow inforation for
+ Ignore errors reading shadow information for
users in the account management module.
</para>
</listitem>
Without pam_xauth, when xauth is enabled and a user uses the
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry> command to assume another user's priviledges,
+ </citerefentry> command to assume another user's privileges,
that user is no longer able to access the original user's X display
because the new user does not have the key needed to access the
display. pam_xauth solves the problem by forwarding the key from
This means, for example, that when you run
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry> from an xterm sesssion, you will be able to run
+ </citerefentry> from an xterm session, you will be able to run
X programs without explicitly dealing with the
<citerefentry>
<refentrytitle>xauth</refentrytitle><manvolnum>1</manvolnum>
projects / linux-pam / commitdiff