commit c62981a43a7da5d7c10e432874e7c66b47a4f363
Author: Thorsten Kukuk <kukuk(a)thkukuk.de>
Date: Thu Aug 16 15:46:56 2012 +0200
Small documentation and define fixes
modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10]
modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary
modules/pam_pwhistory/pam_pwhistory.c: Document how the module works
modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory
[#6]
modules/pam_limits/limits.conf.5.xml | 3 +++
modules/pam_namespace/pam_namespace.h | 4 ++++
modules/pam_pwhistory/pam_pwhistory.c | 7 +++++--
modules/pam_unix/pam_unix.8.xml | 2 ++
4 files changed, 14 insertions(+), 2 deletions(-)
---
diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml
index 4b6b5ba..ecc6d5f 100644
--- a/modules/pam_limits/limits.conf.5.xml
+++ b/modules/pam_limits/limits.conf.5.xml
@@ -290,6 +290,9 @@
Also, please note that all limit settings are set
<emphasis>per login</emphasis>. They are not global, nor are they
permanent; existing only for the duration of the session.
+ One exception is the <emphasis>maxlogin</emphasis> option, this one
+ is system wide. But there is a race, concurrent logins at the same
+ time will not always be detect as such but only counted as one.
</para>
<para>
In the <emphasis>limits</emphasis> configuration file, the
diff --git a/modules/pam_namespace/pam_namespace.h
b/modules/pam_namespace/pam_namespace.h
index 1d0c11c..51d2388 100644
--- a/modules/pam_namespace/pam_namespace.h
+++ b/modules/pam_namespace/pam_namespace.h
@@ -81,6 +81,10 @@
#ifndef MS_PRIVATE
#define MS_PRIVATE (1<<18)
#endif
+#ifndef MS_SLAVE
+#define MS_SLAVE (1<<19)
+#endif
+
/*
* Module defines
diff --git a/modules/pam_pwhistory/pam_pwhistory.c
b/modules/pam_pwhistory/pam_pwhistory.c
index e9b28eb..654edd3 100644
--- a/modules/pam_pwhistory/pam_pwhistory.c
+++ b/modules/pam_pwhistory/pam_pwhistory.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 2008 Thorsten Kukuk
- * Author: Thorsten Kukuk <kukuk(a)suse.de>
+ * Copyright (c) 2008, 2012 Thorsten Kukuk
+ * Author: Thorsten Kukuk <kukuk(a)thkukuk.de>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -103,6 +103,9 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t
*options)
}
+/* This module saves the current crypted password in /etc/security/opasswd
+ and then compares the new password with all entries in this file. */
+
PAM_EXTERN int
pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
{
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index c272e3c..0a42d7a 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -223,6 +223,8 @@
user are saved in <filename>/etc/security/opasswd</filename>
in order to force password change history and keep the user
from alternating between the same password too frequently.
+ Instead of this option the <command>pam_pwhistory</command>
+ module should be used.
</para>
</listitem>
</varlistentry>
Show replies by date