From c62981a43a7da5d7c10e432874e7c66b47a4f363 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 16 Aug 2012 15:46:56 +0200 Subject: [PATCH] Small documentation and define fixes modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10] modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary modules/pam_pwhistory/pam_pwhistory.c: Document how the module works modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6] --- modules/pam_limits/limits.conf.5.xml | 3 +++ modules/pam_namespace/pam_namespace.h | 4 ++++ modules/pam_pwhistory/pam_pwhistory.c | 7 +++++-- modules/pam_unix/pam_unix.8.xml | 2 ++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml index 4b6b5baf..ecc6d5ff 100644 --- a/modules/pam_limits/limits.conf.5.xml +++ b/modules/pam_limits/limits.conf.5.xml @@ -290,6 +290,9 @@ Also, please note that all limit settings are set per login. They are not global, nor are they permanent; existing only for the duration of the session. + One exception is the maxlogin option, this one + is system wide. But there is a race, concurrent logins at the same + time will not always be detect as such but only counted as one. In the limits configuration file, the diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h index 1d0c11c6..51d23886 100644 --- a/modules/pam_namespace/pam_namespace.h +++ b/modules/pam_namespace/pam_namespace.h @@ -81,6 +81,10 @@ #ifndef MS_PRIVATE #define MS_PRIVATE (1<<18) #endif +#ifndef MS_SLAVE +#define MS_SLAVE (1<<19) +#endif + /* * Module defines diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index e9b28eb1..654edd39 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -1,6 +1,6 @@ /* - * Copyright (c) 2008 Thorsten Kukuk - * Author: Thorsten Kukuk + * Copyright (c) 2008, 2012 Thorsten Kukuk + * Author: Thorsten Kukuk * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -103,6 +103,9 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) } +/* This module saves the current crypted password in /etc/security/opasswd + and then compares the new password with all entries in this file. */ + PAM_EXTERN int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index c272e3ce..0a42d7a3 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -223,6 +223,8 @@ user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently. + Instead of this option the pam_pwhistory + module should be used. -- 2.40.0