svn commit: r52137 - head/en_US.ISO8859-1/articles/pam
Benedict Reuschling
bcr at FreeBSD.org
Thu Aug 16 14:45:07 UTC 2018
Author: bcr
Date: Thu Aug 16 14:45:06 2018
New Revision: 52137
URL: https://svnweb.freebsd.org/changeset/doc/52137
Log:
Cleanup of this file with regards to overlong lines, bad tag indent, and
capitalization in titles as much as possible.
Modified:
head/en_US.ISO8859-1/articles/pam/article.xml
Modified: head/en_US.ISO8859-1/articles/pam/article.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/pam/article.xml Thu Aug 16 13:55:09 2018 (r52136)
+++ head/en_US.ISO8859-1/articles/pam/article.xml Thu Aug 16 14:45:06 2018 (r52137)
@@ -34,9 +34,11 @@
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- SUCH DAMAGE.
-->
-<article xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:lang="en">
- <info><title>Pluggable Authentication Modules</title>
-
+<article xmlns="http://docbook.org/ns/docbook"
+ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
+ xml:lang="en">
+ <info>
+ <title>Pluggable Authentication Modules</title>
<abstract>
<para>This article describes the underlying principles and
@@ -53,7 +55,13 @@
</copyright>
<authorgroup>
- <author><personname><firstname>Dag-Erling</firstname><surname>Smørgrav</surname></personname><contrib>Contributed by </contrib></author>
+ <author>
+ <personname>
+ <firstname>Dag-Erling</firstname>
+ <surname>Smørgrav</surname>
+ </personname>
+ <contrib>Contributed by </contrib>
+ </author>
</authorgroup>
<legalnotice xml:id="pam-legalnotice">
@@ -99,7 +107,7 @@
</section>
<section xml:id="pam-terms">
- <title xml:id="pam-terms.title">Terms and conventions</title>
+ <title xml:id="pam-terms.title">Terms and Conventions</title>
<section xml:id="pam-definitions">
<title xml:id="pam-definitions.title">Definitions</title>
@@ -248,27 +256,26 @@
</section>
<section xml:id="pam-usage-examples">
- <title xml:id="pam-usage-examples.title">Usage examples</title>
+ <title xml:id="pam-usage-examples.title">Usage Examples</title>
<para>This section aims to illustrate the meanings of some of
the terms defined above by way of a handful of simple
examples.</para>
<section>
- <title>Client and server are one</title>
+ <title>Client and Server Are One</title>
<para>This simple example shows <literal>alice</literal>
&man.su.1;'ing to <literal>root</literal>.</para>
-<screen>&prompt.user; <userinput>whoami</userinput>
+ <screen>&prompt.user; <userinput>whoami</userinput>
alice
&prompt.user; <userinput>ls -l `which su`</userinput>
-r-sr-xr-x 1 root wheel 10744 Dec 6 19:06 /usr/bin/su
&prompt.user; <userinput>su -</userinput>
Password: <userinput>xi3kiune</userinput>
&prompt.root; whoami
-root
-</screen>
+root</screen>
<itemizedlist>
<listitem>
@@ -283,7 +290,7 @@ root
</listitem>
<listitem>
<para>The authentication token is
- <literal>xi3kiune</literal>.</para>
+ <literal>xi3kiune</literal>.</para>
</listitem>
<listitem>
<para>The arbitrator is <literal>root</literal>, which is
@@ -293,7 +300,7 @@ root
</section>
<section>
- <title>Client and server are separate</title>
+ <title>Client and Server Are Separate</title>
<para>The example below shows <literal>eve</literal> try to
initiate an &man.ssh.1; connection to
@@ -301,7 +308,7 @@ root
<literal>bob</literal>, and succeed. Bob should have chosen
a better password!</para>
-<screen>&prompt.user; <userinput>whoami</userinput>
+ <screen>&prompt.user; <userinput>whoami</userinput>
eve
&prompt.user; <userinput>ssh bob at login.example.com</userinput>
bob at login.example.com's password: <userinput>god</userinput>
@@ -329,7 +336,7 @@ Welcome to FreeBSD!
</listitem>
<listitem>
<para>The authentication token is
- <literal>god</literal>.</para>
+ <literal>god</literal>.</para>
</listitem>
<listitem>
<para>Although this is not shown in this example, the
@@ -339,12 +346,12 @@ Welcome to FreeBSD!
</section>
<section>
- <title>Sample policy</title>
+ <title>Sample Policy</title>
<para>The following is FreeBSD's default policy for
<literal>sshd</literal>:</para>
-<programlisting>sshd auth required pam_nologin.so no_warn
+ <programlisting>sshd auth required pam_nologin.so no_warn
sshd auth required pam_unix.so no_warn try_first_pass
sshd account required pam_login_access.so
sshd account required pam_unix.so
@@ -391,7 +398,7 @@ sshd password required pam_permit.so</programlisting>
<section xml:id="pam-facilities-primitives">
<title xml:id="pam-facilities-primitives.title">Facilities and
- primitives</title>
+ Primitives</title>
<para>The PAM API offers six different authentication primitives
grouped in four facilities, which are described below.</para>
@@ -519,7 +526,8 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-module-versioning">
- <title xml:id="pam-module-versioning.title">Module Versioning</title>
+ <title xml:id="pam-module-versioning.title">Module
+ Versioning</title>
<para>FreeBSD's original PAM implementation, based on
Linux-PAM, did not use version numbers for PAM modules.
@@ -537,15 +545,15 @@ sshd password required pam_permit.so</programlisting>
modules.</para>
<para>Although &solaris; PAM modules commonly have a version
- number, they are not truly versioned, because the number is a
- part of the module name and must be included in the
+ number, they are not truly versioned, because the number is
+ a part of the module name and must be included in the
configuration.</para>
</section>
</section>
<section xml:id="pam-chains-policies">
<title xml:id="pam-chains-policies.title">Chains and
- policies</title>
+ Policies</title>
<para>When a server initiates a PAM transaction, the PAM library
tries to load a policy for the service specified in the
@@ -577,8 +585,9 @@ sshd password required pam_permit.so</programlisting>
rest of the chain is executed, but the request is
ultimately denied.</para>
- <para>This control flag was introduced by Sun in &solaris; 9
- (&sunos; 5.9), and is also supported by OpenPAM.</para>
+ <para>This control flag was introduced by Sun in &solaris;
+ 9 (&sunos; 5.9), and is also supported by
+ OpenPAM.</para>
</listitem>
</varlistentry>
@@ -688,11 +697,11 @@ sshd password required pam_permit.so</programlisting>
</listitem>
<listitem>
- <para>The server calls &man.pam.acct.mgmt.3; to verify that the
- requested account is available and valid. If the password
- is correct but has expired, &man.pam.acct.mgmt.3; will
- return <literal>PAM_NEW_AUTHTOK_REQD</literal> instead of
- <literal>PAM_SUCCESS</literal>.</para>
+ <para>The server calls &man.pam.acct.mgmt.3; to verify that
+ the requested account is available and valid. If the
+ password is correct but has expired, &man.pam.acct.mgmt.3;
+ will return <literal>PAM_NEW_AUTHTOK_REQD</literal>
+ instead of <literal>PAM_SUCCESS</literal>.</para>
</listitem>
<listitem>
@@ -741,18 +750,18 @@ sshd password required pam_permit.so</programlisting>
<title xml:id="pam-config.title">PAM Configuration</title>
<section xml:id="pam-config-file">
- <title xml:id="pam-config-file.title">PAM policy files</title>
+ <title xml:id="pam-config-file.title">PAM Policy Files</title>
<section xml:id="pam-config-pam.conf">
<title xml:id="pam-config-pam.conf.title">The
- <filename>/etc/pam.conf</filename> file</title>
+ <filename>/etc/pam.conf</filename></title>
<para>The traditional PAM policy file is
<filename>/etc/pam.conf</filename>. This file contains all
the PAM policies for your system. Each line of the file
describes one step in a chain, as shown below:</para>
-<programlisting>login auth required pam_nologin.so no_warn</programlisting>
+ <programlisting>login auth required pam_nologin.so no_warn</programlisting>
<para>The fields are, in order: service name, facility name,
control flag, module name, and module arguments. Any
@@ -772,7 +781,7 @@ sshd password required pam_permit.so</programlisting>
<section xml:id="pam-config-pam.d">
<title xml:id="pam-config-pam.d.title">The
- <filename>/etc/pam.d</filename> directory</title>
+ <filename>/etc/pam.d</filename></title>
<para>OpenPAM and Linux-PAM support an alternate configuration
mechanism, which is the preferred mechanism in FreeBSD. In
@@ -796,7 +805,7 @@ sshd password required pam_permit.so</programlisting>
<literal>su</literal> and <literal>sudo</literal> services,
one could do as follows:</para>
-<screen>&prompt.root; <userinput>cd /etc/pam.d</userinput>
+ <screen>&prompt.root; <userinput>cd /etc/pam.d</userinput>
&prompt.root; <userinput>ln -s su sudo</userinput></screen>
<para>This works because the service name is determined from
@@ -811,27 +820,28 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-config-file-order">
- <title xml:id="pam-config-file-order.title">The policy search
- order</title>
+ <title xml:id="pam-config-file-order.title">The Policy Search
+ Order</title>
<para>As we have seen above, PAM policies can be found in a
number of places. What happens if policies for the same
service exist in multiple places?</para>
<para>It is essential to understand that PAM's configuration
- system is centered on chains.<!-- XXX --></para>
+ system is centered on chains.</para>
</section>
</section>
<section xml:id="pam-config-breakdown">
<title xml:id="pam-config-breakdown.title">Breakdown of a
- configuration line</title>
+ Configuration Line</title>
- <para>As explained in <xref linkend="pam-config-file"/>, each line in
- <filename>/etc/pam.conf</filename> consists of four or more
- fields: the service name, the facility name, the control flag,
- the module name, and zero or more module arguments.</para>
+ <para>As explained in <xref linkend="pam-config-file"/>, each
+ line in <filename>/etc/pam.conf</filename> consists of four or
+ more fields: the service name, the facility name, the control
+ flag, the module name, and zero or more module
+ arguments.</para>
<para>The service name is generally (though not always) the name
of the application the statement applies to. If you are
@@ -845,17 +855,18 @@ sshd password required pam_permit.so</programlisting>
facility name.</para>
<para>The facility is one of the four facility keywords
- described in <xref linkend="pam-facilities-primitives"/>.</para>
+ described in <xref
+ linkend="pam-facilities-primitives"/>.</para>
<para>Likewise, the control flag is one of the four keywords
- described in <xref linkend="pam-chains-policies"/>,
- describing how to interpret the return code from the module.
- Linux-PAM supports an alternate syntax that lets you specify
- the action to associate with each possible return code, but
- this should be avoided as it is non-standard and closely tied
- in with the way Linux-PAM dispatches service calls (which
- differs greatly from the way &solaris; and OpenPAM do it.)
- Unsurprisingly, OpenPAM does not support this syntax.</para>
+ described in <xref linkend="pam-chains-policies"/>, describing
+ how to interpret the return code from the module. Linux-PAM
+ supports an alternate syntax that lets you specify the action
+ to associate with each possible return code, but this should
+ be avoided as it is non-standard and closely tied in with the
+ way Linux-PAM dispatches service calls (which differs greatly
+ from the way &solaris; and OpenPAM do it.) Unsurprisingly,
+ OpenPAM does not support this syntax.</para>
</section>
<section xml:id="pam-policies">
@@ -882,7 +893,8 @@ sshd password required pam_permit.so</programlisting>
the following table applies:</para>
<table>
- <title>PAM chain execution summary</title>
+ <title>PAM Chain Execution Summary</title>
+
<tgroup cols="4">
<colspec colwidth="1*" colname="type"/>
<colspec colwidth="1*" colname="success"/>
@@ -891,10 +903,12 @@ sshd password required pam_permit.so</programlisting>
<thead>
<row>
<entry colname="type"/>
- <entry colname="success"><literal>PAM_SUCCESS</literal></entry>
- <entry colname="ignore"><literal>PAM_IGNORE</literal></entry>
+ <entry
+ colname="success"><literal>PAM_SUCCESS</literal></entry>
+ <entry
+ colname="ignore"><literal>PAM_IGNORE</literal></entry>
<entry colname="other"><literal>other</literal></entry>
- </row>
+ </row>
</thead>
<tbody>
<row>
@@ -903,24 +917,28 @@ sshd password required pam_permit.so</programlisting>
<entry colname="ignore">-</entry>
<entry colname="other">fail = true;</entry>
</row>
+
<row>
<entry colname="type">required</entry>
<entry colname="success">-</entry>
<entry colname="ignore">-</entry>
<entry colname="other">fail = true;</entry>
</row>
+
<row>
<entry colname="type">requisite</entry>
<entry colname="success">-</entry>
<entry colname="ignore">-</entry>
<entry colname="other">fail = true; break;</entry>
</row>
+
<row>
<entry colname="type">sufficient</entry>
<entry colname="success">if (!fail) break;</entry>
<entry colname="ignore">-</entry>
<entry colname="other">-</entry>
</row>
+
<row>
<entry colname="type">optional</entry>
<entry colname="success">-</entry>
@@ -945,22 +963,21 @@ sshd password required pam_permit.so</programlisting>
<literal>PAM_NEW_AUTHTOK_REQD</literal>.</para>
<para>The second exception is that &man.pam.setcred.3; treats
- <literal>binding</literal> and
- <literal>sufficient</literal> modules as if they were
- <literal>required</literal>.</para>
+ <literal>binding</literal> and <literal>sufficient</literal>
+ modules as if they were <literal>required</literal>.</para>
<para>The third and final exception is that
&man.pam.chauthtok.3; runs the entire chain twice (once for
preliminary checks and once to actually set the password), and
- in the preliminary phase it treats
- <literal>binding</literal> and
- <literal>sufficient</literal> modules as if they were
+ in the preliminary phase it treats <literal>binding</literal>
+ and <literal>sufficient</literal> modules as if they were
<literal>required</literal>.</para>
</section>
</section>
<section xml:id="pam-freebsd-modules">
- <title xml:id="pam-freebsd-modules.title">FreeBSD PAM Modules</title>
+ <title xml:id="pam-freebsd-modules.title">FreeBSD PAM
+ Modules</title>
<section xml:id="pam-modules-deny">
<title xml:id="pam-modules-deny.title">&man.pam.deny.8;</title>
@@ -995,29 +1012,32 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-modules-ftpusers">
- <title xml:id="pam-modules-ftpusers.title">&man.pam.ftpusers.8;</title>
+ <title
+ xml:id="pam-modules-ftpusers.title">&man.pam.ftpusers.8;</title>
<para>The &man.pam.ftpusers.8; module</para>
</section>
<section xml:id="pam-modules-group">
- <title xml:id="pam-modules-group.title">&man.pam.group.8;</title>
+ <title
+ xml:id="pam-modules-group.title">&man.pam.group.8;</title>
<para>The &man.pam.group.8; module accepts or rejects applicants
on the basis of their membership in a particular file group
(normally <literal>wheel</literal> for &man.su.1;). It is
- primarily intended for maintaining the traditional behavior
- of BSD &man.su.1;, but has many other uses, such as excluding
+ primarily intended for maintaining the traditional behavior of
+ BSD &man.su.1;, but has many other uses, such as excluding
certain groups of users from a particular service.</para>
</section>
<section xml:id="pam-modules-guest">
- <title xml:id="pam-modules-guest.title">&man.pam.guest.8;</title>
+ <title
+ xml:id="pam-modules-guest.title">&man.pam.guest.8;</title>
<para>The &man.pam.guest.8; module allows guest logins using
fixed login names. Various requirements can be placed on the
- password, but the default behavior is to allow any password
- as long as the login name is that of a guest account. The
+ password, but the default behavior is to allow any password as
+ long as the login name is that of a guest account. The
&man.pam.guest.8; module can easily be used to implement
anonymous FTP logins.</para>
</section>
@@ -1035,13 +1055,15 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-modules-lastlog">
- <title xml:id="pam-modules-lastlog.title">&man.pam.lastlog.8;</title>
+ <title
+ xml:id="pam-modules-lastlog.title">&man.pam.lastlog.8;</title>
<para>The &man.pam.lastlog.8; module</para>
</section>
<section xml:id="pam-modules-login-access">
- <title xml:id="pam-modules-login-access.title">&man.pam.login.access.8;</title>
+ <title
+ xml:id="pam-modules-login-access.title">&man.pam.login.access.8;</title>
<para>The &man.pam.login.access.8; module provides an
implementation of the account management primitive which
@@ -1050,7 +1072,8 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-modules-nologin">
- <title xml:id="pam-modules-nologin.title">&man.pam.nologin.8;</title>
+ <title
+ xml:id="pam-modules-nologin.title">&man.pam.nologin.8;</title>
<para>The &man.pam.nologin.8; module refuses non-root logins
when <filename>/var/run/nologin</filename> exists. This file
@@ -1066,14 +1089,15 @@ sshd password required pam_permit.so</programlisting>
challenge-response mechanism where the response to each
challenge is a direct function of the challenge and a
passphrase, so the response can be easily computed <quote>just
- in time</quote> by anyone possessing the passphrase,
+ in time</quote> by anyone possessing the passphrase,
eliminating the need for password lists. Moreover, since
&man.opie.4; never reuses a challenge that has been correctly
answered, it is not vulnerable to replay attacks.</para>
</section>
<section xml:id="pam-modules-opieaccess">
- <title xml:id="pam-modules-opieaccess.title">&man.pam.opieaccess.8;</title>
+ <title
+ xml:id="pam-modules-opieaccess.title">&man.pam.opieaccess.8;</title>
<para>The &man.pam.opieaccess.8; module is a companion module to
&man.pam.opie.8;. Its purpose is to enforce the restrictions
@@ -1091,13 +1115,15 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-modules-passwdqc">
- <title xml:id="pam-modules-passwdqc.title">&man.pam.passwdqc.8;</title>
+ <title
+ xml:id="pam-modules-passwdqc.title">&man.pam.passwdqc.8;</title>
<para>The &man.pam.passwdqc.8; module</para>
</section>
<section xml:id="pam-modules-permit">
- <title xml:id="pam-modules-permit.title">&man.pam.permit.8;</title>
+ <title
+ xml:id="pam-modules-permit.title">&man.pam.permit.8;</title>
<para>The &man.pam.permit.8; module is one of the simplest
modules available; it responds to any request with
@@ -1107,19 +1133,22 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-modules-radius">
- <title xml:id="pam-modules-radius.title">&man.pam.radius.8;</title>
+ <title
+ xml:id="pam-modules-radius.title">&man.pam.radius.8;</title>
<para>The &man.pam.radius.8; module</para>
</section>
<section xml:id="pam-modules-rhosts">
- <title xml:id="pam-modules-rhosts.title">&man.pam.rhosts.8;</title>
+ <title
+ xml:id="pam-modules-rhosts.title">&man.pam.rhosts.8;</title>
<para>The &man.pam.rhosts.8; module</para>
</section>
<section xml:id="pam-modules-rootok">
- <title xml:id="pam-modules-rootok.title">&man.pam.rootok.8;</title>
+ <title
+ xml:id="pam-modules-rootok.title">&man.pam.rootok.8;</title>
<para>The &man.pam.rootok.8; module reports success if and only
if the real user id of the process calling it (which is
@@ -1130,7 +1159,8 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-modules-securetty">
- <title xml:id="pam-modules-securetty.title">&man.pam.securetty.8;</title>
+ <title
+ xml:id="pam-modules-securetty.title">&man.pam.securetty.8;</title>
<para>The &man.pam.securetty.8; module</para>
</section>
@@ -1161,7 +1191,8 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-modules-tacplus">
- <title xml:id="pam-modules-tacplus.title">&man.pam.tacplus.8;</title>
+ <title
+ xml:id="pam-modules-tacplus.title">&man.pam.tacplus.8;</title>
<para>The &man.pam.tacplus.8; module</para>
</section>
@@ -1182,9 +1213,10 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-appl-prog">
- <title xml:id="pam-appl-prog.title">PAM Application Programming</title>
+ <title xml:id="pam-appl-prog.title">PAM Application
+ Programming</title>
- <para><!--XXX-->This section has not yet been written.</para>
+ <para>This section has not yet been written.</para>
<!--
@@ -1202,26 +1234,28 @@ sshd password required pam_permit.so</programlisting>
</section>
<section xml:id="pam-module-prog">
- <title xml:id="pam-module-prog.title">PAM Module Programming</title>
+ <title xml:id="pam-module-prog.title">PAM Module
+ Programming</title>
- <para><!--XXX-->This section has not yet been written.</para>
+ <para>This section has not yet been written.</para>
</section>
<appendix xml:id="pam-sample-appl">
- <title xml:id="pam-sample-appl.title">Sample PAM Application</title>
+ <title xml:id="pam-sample-appl.title">Sample PAM
+ Application</title>
<para>The following is a minimal implementation of &man.su.1;
using PAM. Note that it uses the OpenPAM-specific
&man.openpam.ttyconv.3; conversation function, which is
- prototyped in <filename>security/openpam.h</filename>. If you wish
- build this application on a system with a different PAM library,
- you will have to provide your own conversation function. A
- robust conversation function is surprisingly difficult to
- implement; the one presented in <xref linkend="pam-sample-conv"/> is a good
- starting point, but should not be used in real-world
- applications.</para>
+ prototyped in <filename>security/openpam.h</filename>. If you
+ wish build this application on a system with a different PAM
+ library, you will have to provide your own conversation
+ function. A robust conversation function is surprisingly
+ difficult to implement; the one presented in <xref
+ linkend="pam-sample-conv"/> is a good starting point, but
+ should not be used in real-world applications.</para>
-<programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="su.c" parse="text"/></programlisting>
+ <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="su.c" parse="text"/></programlisting>
</appendix>
<appendix xml:id="pam-sample-module">
@@ -1245,50 +1279,71 @@ sshd password required pam_permit.so</programlisting>
simplified version of OpenPAM's &man.openpam.ttyconv.3;. It is
fully functional, and should give the reader a good idea of how
a conversation function should behave, but it is far too simple
- for real-world use. Even if you are not using OpenPAM, feel free
- to download the source code and adapt &man.openpam.ttyconv.3; to
- your uses; we believe it to be as robust as a tty-oriented
- conversation function can reasonably get.</para>
+ for real-world use. Even if you are not using OpenPAM, feel
+ free to download the source code and adapt
+ &man.openpam.ttyconv.3; to your uses; we believe it to be as
+ robust as a tty-oriented conversation function can reasonably
+ get.</para>
<programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="converse.c" parse="text"/></programlisting>
</appendix>
<bibliography xml:id="pam-further">
- <info><title xml:id="pam-further.title">Further Reading</title>
-
+ <info>
+ <title xml:id="pam-further.title">Further Reading</title>
- <abstract>
- <para>This is a list of documents relevant to PAM and related
- issues. It is by no means complete.</para>
- </abstract>
+ <abstract>
+ <para>This is a list of documents relevant to PAM and related
+ issues. It is by no means complete.</para>
+ </abstract>
</info>
<bibliodiv>
<title>Papers</title>
<biblioentry>
- <citetitle><link xlink:href="http://www.sun.com/software/solaris/pam/pam.external.pdf">
- Making Login Services Independent of Authentication
+ <citetitle><link
+ xlink:href="http://www.sun.com/software/solaris/pam/pam.external.pdf">
+ Making Login Services Independent of Authentication
Technologies</link></citetitle>
<authorgroup>
- <author><personname><surname>Samar</surname><firstname>Vipin</firstname></personname></author>
- <author><personname><surname>Lai</surname><firstname>Charlie</firstname></personname></author>
+ <author>
+ <personname>
+ <surname>Samar</surname>
+ <firstname>Vipin</firstname>
+ </personname>
+ </author>
+ <author>
+ <personname>
+ <surname>Lai</surname>
+ <firstname>Charlie</firstname>
+ </personname>
+ </author>
</authorgroup>
<orgname>Sun Microsystems</orgname>
</biblioentry>
<biblioentry>
- <citetitle><link xlink:href="http://www.opengroup.org/pubs/catalog/p702.htm">X/Open
- Single Sign-on Preliminary Specification</link></citetitle>
+ <citetitle><link
+ xlink:href="http://www.opengroup.org/pubs/catalog/p702.htm">X/Open
+ Single Sign-on Preliminary
+ Specification</link></citetitle>
<orgname>The Open Group</orgname>
<biblioid class="isbn">1-85912-144-6</biblioid>
<pubdate>June 1997</pubdate>
</biblioentry>
<biblioentry>
- <citetitle><link xlink:href="http://www.kernel.org/pub/linux/libs/pam/pre/doc/current-draft.txt">
- Pluggable Authentication Modules</link></citetitle>
- <author><personname><surname>Morgan</surname><firstname>Andrew</firstname><othername role="mi">G.</othername></personname></author>
+ <citetitle><link
+ xlink:href="http://www.kernel.org/pub/linux/libs/pam/pre/doc/current-draft.txt">
+ Pluggable Authentication Modules</link></citetitle>
+ <author>
+ <personname>
+ <surname>Morgan</surname>
+ <firstname>Andrew</firstname>
+ <othername role="mi">G.</othername>
+ </personname>
+ </author>
<pubdate>1999-10-06</pubdate>
</biblioentry>
</bibliodiv>
@@ -1297,28 +1352,46 @@ sshd password required pam_permit.so</programlisting>
<title>User Manuals</title>
<biblioentry>
- <citetitle><link xlink:href="http://www.sun.com/software/solaris/pam/pam.admin.pdf">PAM
- Administration</link></citetitle>
+ <citetitle><link
+ xlink:href="http://www.sun.com/software/solaris/pam/pam.admin.pdf">PAM
+ Administration</link></citetitle>
<orgname>Sun Microsystems</orgname>
</biblioentry>
</bibliodiv>
<bibliodiv>
- <title>Related Web pages</title>
+ <title>Related Web Pages</title>
<biblioentry>
- <citetitle><link xlink:href="http://openpam.sourceforge.net/">OpenPAM homepage</link></citetitle>
- <author><personname><surname>Smørgrav</surname><firstname>Dag-Erling</firstname></personname></author>
+ <citetitle><link
+ xlink:href="http://openpam.sourceforge.net/">OpenPAM
+ homepage</link></citetitle>
+ <author>
+ <personname>
+ <surname>Smørgrav</surname>
+ <firstname>Dag-Erling</firstname>
+ </personname>
+ </author>
<orgname>ThinkSec AS</orgname>
</biblioentry>
<biblioentry>
- <citetitle><link xlink:href="http://www.kernel.org/pub/linux/libs/pam/">Linux-PAM homepage</link></citetitle>
- <author><personname><surname>Morgan</surname><firstname>Andrew</firstname><othername role="mi">G.</othername></personname></author>
+ <citetitle><link
+ xlink:href="http://www.kernel.org/pub/linux/libs/pam/">Linux-PAM
+ homepage</link></citetitle>
+ <author>
+ <personname>
+ <surname>Morgan</surname>
+ <firstname>Andrew</firstname>
+ <othername role="mi">G.</othername>
+ </personname>
+ </author>
</biblioentry>
<biblioentry>
- <citetitle><link xlink:href="http://wwws.sun.com/software/solaris/pam/">Solaris PAM homepage</link></citetitle>
+ <citetitle><link
+ xlink:href="http://wwws.sun.com/software/solaris/pam/">Solaris
+ PAM homepage</link></citetitle>
<orgname>Sun Microsystems</orgname>
</biblioentry>
</bibliodiv>
More information about the svn-doc-head
mailing list