Date: Thu, 16 Aug 2018 14:45:06 +0000 (UTC) From: Benedict Reuschling <bcr@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52137 - head/en_US.ISO8859-1/articles/pam Message-ID: <201808161445.w7GEj614023854@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bcr Date: Thu Aug 16 14:45:06 2018 New Revision: 52137 URL: https://svnweb.freebsd.org/changeset/doc/52137 Log: Cleanup of this file with regards to overlong lines, bad tag indent, and capitalization in titles as much as possible. Modified: head/en_US.ISO8859-1/articles/pam/article.xml Modified: head/en_US.ISO8859-1/articles/pam/article.xml ============================================================================== --- head/en_US.ISO8859-1/articles/pam/article.xml Thu Aug 16 13:55:09 2018 (r52136) +++ head/en_US.ISO8859-1/articles/pam/article.xml Thu Aug 16 14:45:06 2018 (r52137) @@ -34,9 +34,11 @@ - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. --> -<article xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:lang="en"> - <info><title>Pluggable Authentication Modules</title> - +<article xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" + xml:lang="en"> + <info> + <title>Pluggable Authentication Modules</title> <abstract> <para>This article describes the underlying principles and @@ -53,7 +55,13 @@ </copyright> <authorgroup> - <author><personname><firstname>Dag-Erling</firstname><surname>Smørgrav</surname></personname><contrib>Contributed by </contrib></author> + <author> + <personname> + <firstname>Dag-Erling</firstname> + <surname>Smørgrav</surname> + </personname> + <contrib>Contributed by </contrib> + </author> </authorgroup> <legalnotice xml:id="pam-legalnotice"> @@ -99,7 +107,7 @@ </section> <section xml:id="pam-terms"> - <title xml:id="pam-terms.title">Terms and conventions</title> + <title xml:id="pam-terms.title">Terms and Conventions</title> <section xml:id="pam-definitions"> <title xml:id="pam-definitions.title">Definitions</title> @@ -248,27 +256,26 @@ </section> <section xml:id="pam-usage-examples"> - <title xml:id="pam-usage-examples.title">Usage examples</title> + <title xml:id="pam-usage-examples.title">Usage Examples</title> <para>This section aims to illustrate the meanings of some of the terms defined above by way of a handful of simple examples.</para> <section> - <title>Client and server are one</title> + <title>Client and Server Are One</title> <para>This simple example shows <literal>alice</literal> &man.su.1;'ing to <literal>root</literal>.</para> -<screen>&prompt.user; <userinput>whoami</userinput> + <screen>&prompt.user; <userinput>whoami</userinput> alice &prompt.user; <userinput>ls -l `which su`</userinput> -r-sr-xr-x 1 root wheel 10744 Dec 6 19:06 /usr/bin/su &prompt.user; <userinput>su -</userinput> Password: <userinput>xi3kiune</userinput> &prompt.root; whoami -root -</screen> +root</screen> <itemizedlist> <listitem> @@ -283,7 +290,7 @@ root </listitem> <listitem> <para>The authentication token is - <literal>xi3kiune</literal>.</para> + <literal>xi3kiune</literal>.</para> </listitem> <listitem> <para>The arbitrator is <literal>root</literal>, which is @@ -293,7 +300,7 @@ root </section> <section> - <title>Client and server are separate</title> + <title>Client and Server Are Separate</title> <para>The example below shows <literal>eve</literal> try to initiate an &man.ssh.1; connection to @@ -301,7 +308,7 @@ root <literal>bob</literal>, and succeed. Bob should have chosen a better password!</para> -<screen>&prompt.user; <userinput>whoami</userinput> + <screen>&prompt.user; <userinput>whoami</userinput> eve &prompt.user; <userinput>ssh bob@login.example.com</userinput> bob@login.example.com's password: <userinput>god</userinput> @@ -329,7 +336,7 @@ Welcome to FreeBSD! </listitem> <listitem> <para>The authentication token is - <literal>god</literal>.</para> + <literal>god</literal>.</para> </listitem> <listitem> <para>Although this is not shown in this example, the @@ -339,12 +346,12 @@ Welcome to FreeBSD! </section> <section> - <title>Sample policy</title> + <title>Sample Policy</title> <para>The following is FreeBSD's default policy for <literal>sshd</literal>:</para> -<programlisting>sshd auth required pam_nologin.so no_warn + <programlisting>sshd auth required pam_nologin.so no_warn sshd auth required pam_unix.so no_warn try_first_pass sshd account required pam_login_access.so sshd account required pam_unix.so @@ -391,7 +398,7 @@ sshd password required pam_permit.so</programlisting> <section xml:id="pam-facilities-primitives"> <title xml:id="pam-facilities-primitives.title">Facilities and - primitives</title> + Primitives</title> <para>The PAM API offers six different authentication primitives grouped in four facilities, which are described below.</para> @@ -519,7 +526,8 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-module-versioning"> - <title xml:id="pam-module-versioning.title">Module Versioning</title> + <title xml:id="pam-module-versioning.title">Module + Versioning</title> <para>FreeBSD's original PAM implementation, based on Linux-PAM, did not use version numbers for PAM modules. @@ -537,15 +545,15 @@ sshd password required pam_permit.so</programlisting> modules.</para> <para>Although &solaris; PAM modules commonly have a version - number, they are not truly versioned, because the number is a - part of the module name and must be included in the + number, they are not truly versioned, because the number is + a part of the module name and must be included in the configuration.</para> </section> </section> <section xml:id="pam-chains-policies"> <title xml:id="pam-chains-policies.title">Chains and - policies</title> + Policies</title> <para>When a server initiates a PAM transaction, the PAM library tries to load a policy for the service specified in the @@ -577,8 +585,9 @@ sshd password required pam_permit.so</programlisting> rest of the chain is executed, but the request is ultimately denied.</para> - <para>This control flag was introduced by Sun in &solaris; 9 - (&sunos; 5.9), and is also supported by OpenPAM.</para> + <para>This control flag was introduced by Sun in &solaris; + 9 (&sunos; 5.9), and is also supported by + OpenPAM.</para> </listitem> </varlistentry> @@ -688,11 +697,11 @@ sshd password required pam_permit.so</programlisting> </listitem> <listitem> - <para>The server calls &man.pam.acct.mgmt.3; to verify that the - requested account is available and valid. If the password - is correct but has expired, &man.pam.acct.mgmt.3; will - return <literal>PAM_NEW_AUTHTOK_REQD</literal> instead of - <literal>PAM_SUCCESS</literal>.</para> + <para>The server calls &man.pam.acct.mgmt.3; to verify that + the requested account is available and valid. If the + password is correct but has expired, &man.pam.acct.mgmt.3; + will return <literal>PAM_NEW_AUTHTOK_REQD</literal> + instead of <literal>PAM_SUCCESS</literal>.</para> </listitem> <listitem> @@ -741,18 +750,18 @@ sshd password required pam_permit.so</programlisting> <title xml:id="pam-config.title">PAM Configuration</title> <section xml:id="pam-config-file"> - <title xml:id="pam-config-file.title">PAM policy files</title> + <title xml:id="pam-config-file.title">PAM Policy Files</title> <section xml:id="pam-config-pam.conf"> <title xml:id="pam-config-pam.conf.title">The - <filename>/etc/pam.conf</filename> file</title> + <filename>/etc/pam.conf</filename></title> <para>The traditional PAM policy file is <filename>/etc/pam.conf</filename>. This file contains all the PAM policies for your system. Each line of the file describes one step in a chain, as shown below:</para> -<programlisting>login auth required pam_nologin.so no_warn</programlisting> + <programlisting>login auth required pam_nologin.so no_warn</programlisting> <para>The fields are, in order: service name, facility name, control flag, module name, and module arguments. Any @@ -772,7 +781,7 @@ sshd password required pam_permit.so</programlisting> <section xml:id="pam-config-pam.d"> <title xml:id="pam-config-pam.d.title">The - <filename>/etc/pam.d</filename> directory</title> + <filename>/etc/pam.d</filename></title> <para>OpenPAM and Linux-PAM support an alternate configuration mechanism, which is the preferred mechanism in FreeBSD. In @@ -796,7 +805,7 @@ sshd password required pam_permit.so</programlisting> <literal>su</literal> and <literal>sudo</literal> services, one could do as follows:</para> -<screen>&prompt.root; <userinput>cd /etc/pam.d</userinput> + <screen>&prompt.root; <userinput>cd /etc/pam.d</userinput> &prompt.root; <userinput>ln -s su sudo</userinput></screen> <para>This works because the service name is determined from @@ -811,27 +820,28 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-config-file-order"> - <title xml:id="pam-config-file-order.title">The policy search - order</title> + <title xml:id="pam-config-file-order.title">The Policy Search + Order</title> <para>As we have seen above, PAM policies can be found in a number of places. What happens if policies for the same service exist in multiple places?</para> <para>It is essential to understand that PAM's configuration - system is centered on chains.<!-- XXX --></para> + system is centered on chains.</para> </section> </section> <section xml:id="pam-config-breakdown"> <title xml:id="pam-config-breakdown.title">Breakdown of a - configuration line</title> + Configuration Line</title> - <para>As explained in <xref linkend="pam-config-file"/>, each line in - <filename>/etc/pam.conf</filename> consists of four or more - fields: the service name, the facility name, the control flag, - the module name, and zero or more module arguments.</para> + <para>As explained in <xref linkend="pam-config-file"/>, each + line in <filename>/etc/pam.conf</filename> consists of four or + more fields: the service name, the facility name, the control + flag, the module name, and zero or more module + arguments.</para> <para>The service name is generally (though not always) the name of the application the statement applies to. If you are @@ -845,17 +855,18 @@ sshd password required pam_permit.so</programlisting> facility name.</para> <para>The facility is one of the four facility keywords - described in <xref linkend="pam-facilities-primitives"/>.</para> + described in <xref + linkend="pam-facilities-primitives"/>.</para> <para>Likewise, the control flag is one of the four keywords - described in <xref linkend="pam-chains-policies"/>, - describing how to interpret the return code from the module. - Linux-PAM supports an alternate syntax that lets you specify - the action to associate with each possible return code, but - this should be avoided as it is non-standard and closely tied - in with the way Linux-PAM dispatches service calls (which - differs greatly from the way &solaris; and OpenPAM do it.) - Unsurprisingly, OpenPAM does not support this syntax.</para> + described in <xref linkend="pam-chains-policies"/>, describing + how to interpret the return code from the module. Linux-PAM + supports an alternate syntax that lets you specify the action + to associate with each possible return code, but this should + be avoided as it is non-standard and closely tied in with the + way Linux-PAM dispatches service calls (which differs greatly + from the way &solaris; and OpenPAM do it.) Unsurprisingly, + OpenPAM does not support this syntax.</para> </section> <section xml:id="pam-policies"> @@ -882,7 +893,8 @@ sshd password required pam_permit.so</programlisting> the following table applies:</para> <table> - <title>PAM chain execution summary</title> + <title>PAM Chain Execution Summary</title> + <tgroup cols="4"> <colspec colwidth="1*" colname="type"/> <colspec colwidth="1*" colname="success"/> @@ -891,10 +903,12 @@ sshd password required pam_permit.so</programlisting> <thead> <row> <entry colname="type"/> - <entry colname="success"><literal>PAM_SUCCESS</literal></entry> - <entry colname="ignore"><literal>PAM_IGNORE</literal></entry> + <entry + colname="success"><literal>PAM_SUCCESS</literal></entry> + <entry + colname="ignore"><literal>PAM_IGNORE</literal></entry> <entry colname="other"><literal>other</literal></entry> - </row> + </row> </thead> <tbody> <row> @@ -903,24 +917,28 @@ sshd password required pam_permit.so</programlisting> <entry colname="ignore">-</entry> <entry colname="other">fail = true;</entry> </row> + <row> <entry colname="type">required</entry> <entry colname="success">-</entry> <entry colname="ignore">-</entry> <entry colname="other">fail = true;</entry> </row> + <row> <entry colname="type">requisite</entry> <entry colname="success">-</entry> <entry colname="ignore">-</entry> <entry colname="other">fail = true; break;</entry> </row> + <row> <entry colname="type">sufficient</entry> <entry colname="success">if (!fail) break;</entry> <entry colname="ignore">-</entry> <entry colname="other">-</entry> </row> + <row> <entry colname="type">optional</entry> <entry colname="success">-</entry> @@ -945,22 +963,21 @@ sshd password required pam_permit.so</programlisting> <literal>PAM_NEW_AUTHTOK_REQD</literal>.</para> <para>The second exception is that &man.pam.setcred.3; treats - <literal>binding</literal> and - <literal>sufficient</literal> modules as if they were - <literal>required</literal>.</para> + <literal>binding</literal> and <literal>sufficient</literal> + modules as if they were <literal>required</literal>.</para> <para>The third and final exception is that &man.pam.chauthtok.3; runs the entire chain twice (once for preliminary checks and once to actually set the password), and - in the preliminary phase it treats - <literal>binding</literal> and - <literal>sufficient</literal> modules as if they were + in the preliminary phase it treats <literal>binding</literal> + and <literal>sufficient</literal> modules as if they were <literal>required</literal>.</para> </section> </section> <section xml:id="pam-freebsd-modules"> - <title xml:id="pam-freebsd-modules.title">FreeBSD PAM Modules</title> + <title xml:id="pam-freebsd-modules.title">FreeBSD PAM + Modules</title> <section xml:id="pam-modules-deny"> <title xml:id="pam-modules-deny.title">&man.pam.deny.8;</title> @@ -995,29 +1012,32 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-modules-ftpusers"> - <title xml:id="pam-modules-ftpusers.title">&man.pam.ftpusers.8;</title> + <title + xml:id="pam-modules-ftpusers.title">&man.pam.ftpusers.8;</title> <para>The &man.pam.ftpusers.8; module</para> </section> <section xml:id="pam-modules-group"> - <title xml:id="pam-modules-group.title">&man.pam.group.8;</title> + <title + xml:id="pam-modules-group.title">&man.pam.group.8;</title> <para>The &man.pam.group.8; module accepts or rejects applicants on the basis of their membership in a particular file group (normally <literal>wheel</literal> for &man.su.1;). It is - primarily intended for maintaining the traditional behavior - of BSD &man.su.1;, but has many other uses, such as excluding + primarily intended for maintaining the traditional behavior of + BSD &man.su.1;, but has many other uses, such as excluding certain groups of users from a particular service.</para> </section> <section xml:id="pam-modules-guest"> - <title xml:id="pam-modules-guest.title">&man.pam.guest.8;</title> + <title + xml:id="pam-modules-guest.title">&man.pam.guest.8;</title> <para>The &man.pam.guest.8; module allows guest logins using fixed login names. Various requirements can be placed on the - password, but the default behavior is to allow any password - as long as the login name is that of a guest account. The + password, but the default behavior is to allow any password as + long as the login name is that of a guest account. The &man.pam.guest.8; module can easily be used to implement anonymous FTP logins.</para> </section> @@ -1035,13 +1055,15 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-modules-lastlog"> - <title xml:id="pam-modules-lastlog.title">&man.pam.lastlog.8;</title> + <title + xml:id="pam-modules-lastlog.title">&man.pam.lastlog.8;</title> <para>The &man.pam.lastlog.8; module</para> </section> <section xml:id="pam-modules-login-access"> - <title xml:id="pam-modules-login-access.title">&man.pam.login.access.8;</title> + <title + xml:id="pam-modules-login-access.title">&man.pam.login.access.8;</title> <para>The &man.pam.login.access.8; module provides an implementation of the account management primitive which @@ -1050,7 +1072,8 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-modules-nologin"> - <title xml:id="pam-modules-nologin.title">&man.pam.nologin.8;</title> + <title + xml:id="pam-modules-nologin.title">&man.pam.nologin.8;</title> <para>The &man.pam.nologin.8; module refuses non-root logins when <filename>/var/run/nologin</filename> exists. This file @@ -1066,14 +1089,15 @@ sshd password required pam_permit.so</programlisting> challenge-response mechanism where the response to each challenge is a direct function of the challenge and a passphrase, so the response can be easily computed <quote>just - in time</quote> by anyone possessing the passphrase, + in time</quote> by anyone possessing the passphrase, eliminating the need for password lists. Moreover, since &man.opie.4; never reuses a challenge that has been correctly answered, it is not vulnerable to replay attacks.</para> </section> <section xml:id="pam-modules-opieaccess"> - <title xml:id="pam-modules-opieaccess.title">&man.pam.opieaccess.8;</title> + <title + xml:id="pam-modules-opieaccess.title">&man.pam.opieaccess.8;</title> <para>The &man.pam.opieaccess.8; module is a companion module to &man.pam.opie.8;. Its purpose is to enforce the restrictions @@ -1091,13 +1115,15 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-modules-passwdqc"> - <title xml:id="pam-modules-passwdqc.title">&man.pam.passwdqc.8;</title> + <title + xml:id="pam-modules-passwdqc.title">&man.pam.passwdqc.8;</title> <para>The &man.pam.passwdqc.8; module</para> </section> <section xml:id="pam-modules-permit"> - <title xml:id="pam-modules-permit.title">&man.pam.permit.8;</title> + <title + xml:id="pam-modules-permit.title">&man.pam.permit.8;</title> <para>The &man.pam.permit.8; module is one of the simplest modules available; it responds to any request with @@ -1107,19 +1133,22 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-modules-radius"> - <title xml:id="pam-modules-radius.title">&man.pam.radius.8;</title> + <title + xml:id="pam-modules-radius.title">&man.pam.radius.8;</title> <para>The &man.pam.radius.8; module</para> </section> <section xml:id="pam-modules-rhosts"> - <title xml:id="pam-modules-rhosts.title">&man.pam.rhosts.8;</title> + <title + xml:id="pam-modules-rhosts.title">&man.pam.rhosts.8;</title> <para>The &man.pam.rhosts.8; module</para> </section> <section xml:id="pam-modules-rootok"> - <title xml:id="pam-modules-rootok.title">&man.pam.rootok.8;</title> + <title + xml:id="pam-modules-rootok.title">&man.pam.rootok.8;</title> <para>The &man.pam.rootok.8; module reports success if and only if the real user id of the process calling it (which is @@ -1130,7 +1159,8 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-modules-securetty"> - <title xml:id="pam-modules-securetty.title">&man.pam.securetty.8;</title> + <title + xml:id="pam-modules-securetty.title">&man.pam.securetty.8;</title> <para>The &man.pam.securetty.8; module</para> </section> @@ -1161,7 +1191,8 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-modules-tacplus"> - <title xml:id="pam-modules-tacplus.title">&man.pam.tacplus.8;</title> + <title + xml:id="pam-modules-tacplus.title">&man.pam.tacplus.8;</title> <para>The &man.pam.tacplus.8; module</para> </section> @@ -1182,9 +1213,10 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-appl-prog"> - <title xml:id="pam-appl-prog.title">PAM Application Programming</title> + <title xml:id="pam-appl-prog.title">PAM Application + Programming</title> - <para><!--XXX-->This section has not yet been written.</para> + <para>This section has not yet been written.</para> <!-- @@ -1202,26 +1234,28 @@ sshd password required pam_permit.so</programlisting> </section> <section xml:id="pam-module-prog"> - <title xml:id="pam-module-prog.title">PAM Module Programming</title> + <title xml:id="pam-module-prog.title">PAM Module + Programming</title> - <para><!--XXX-->This section has not yet been written.</para> + <para>This section has not yet been written.</para> </section> <appendix xml:id="pam-sample-appl"> - <title xml:id="pam-sample-appl.title">Sample PAM Application</title> + <title xml:id="pam-sample-appl.title">Sample PAM + Application</title> <para>The following is a minimal implementation of &man.su.1; using PAM. Note that it uses the OpenPAM-specific &man.openpam.ttyconv.3; conversation function, which is - prototyped in <filename>security/openpam.h</filename>. If you wish - build this application on a system with a different PAM library, - you will have to provide your own conversation function. A - robust conversation function is surprisingly difficult to - implement; the one presented in <xref linkend="pam-sample-conv"/> is a good - starting point, but should not be used in real-world - applications.</para> + prototyped in <filename>security/openpam.h</filename>. If you + wish build this application on a system with a different PAM + library, you will have to provide your own conversation + function. A robust conversation function is surprisingly + difficult to implement; the one presented in <xref + linkend="pam-sample-conv"/> is a good starting point, but + should not be used in real-world applications.</para> -<programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="su.c" parse="text"/></programlisting> + <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="su.c" parse="text"/></programlisting> </appendix> <appendix xml:id="pam-sample-module"> @@ -1245,50 +1279,71 @@ sshd password required pam_permit.so</programlisting> simplified version of OpenPAM's &man.openpam.ttyconv.3;. It is fully functional, and should give the reader a good idea of how a conversation function should behave, but it is far too simple - for real-world use. Even if you are not using OpenPAM, feel free - to download the source code and adapt &man.openpam.ttyconv.3; to - your uses; we believe it to be as robust as a tty-oriented - conversation function can reasonably get.</para> + for real-world use. Even if you are not using OpenPAM, feel + free to download the source code and adapt + &man.openpam.ttyconv.3; to your uses; we believe it to be as + robust as a tty-oriented conversation function can reasonably + get.</para> <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="converse.c" parse="text"/></programlisting> </appendix> <bibliography xml:id="pam-further"> - <info><title xml:id="pam-further.title">Further Reading</title> - + <info> + <title xml:id="pam-further.title">Further Reading</title> - <abstract> - <para>This is a list of documents relevant to PAM and related - issues. It is by no means complete.</para> - </abstract> + <abstract> + <para>This is a list of documents relevant to PAM and related + issues. It is by no means complete.</para> + </abstract> </info> <bibliodiv> <title>Papers</title> <biblioentry> - <citetitle><link xlink:href="http://www.sun.com/software/solaris/pam/pam.external.pdf">; - Making Login Services Independent of Authentication + <citetitle><link + xlink:href="http://www.sun.com/software/solaris/pam/pam.external.pdf">; + Making Login Services Independent of Authentication Technologies</link></citetitle> <authorgroup> - <author><personname><surname>Samar</surname><firstname>Vipin</firstname></personname></author> - <author><personname><surname>Lai</surname><firstname>Charlie</firstname></personname></author> + <author> + <personname> + <surname>Samar</surname> + <firstname>Vipin</firstname> + </personname> + </author> + <author> + <personname> + <surname>Lai</surname> + <firstname>Charlie</firstname> + </personname> + </author> </authorgroup> <orgname>Sun Microsystems</orgname> </biblioentry> <biblioentry> - <citetitle><link xlink:href="http://www.opengroup.org/pubs/catalog/p702.htm">X/Open - Single Sign-on Preliminary Specification</link></citetitle> + <citetitle><link + xlink:href="http://www.opengroup.org/pubs/catalog/p702.htm">X/Open + Single Sign-on Preliminary + Specification</link></citetitle> <orgname>The Open Group</orgname> <biblioid class="isbn">1-85912-144-6</biblioid> <pubdate>June 1997</pubdate> </biblioentry> <biblioentry> - <citetitle><link xlink:href="http://www.kernel.org/pub/linux/libs/pam/pre/doc/current-draft.txt">; - Pluggable Authentication Modules</link></citetitle> - <author><personname><surname>Morgan</surname><firstname>Andrew</firstname><othername role="mi">G.</othername></personname></author> + <citetitle><link + xlink:href="http://www.kernel.org/pub/linux/libs/pam/pre/doc/current-draft.txt">; + Pluggable Authentication Modules</link></citetitle> + <author> + <personname> + <surname>Morgan</surname> + <firstname>Andrew</firstname> + <othername role="mi">G.</othername> + </personname> + </author> <pubdate>1999-10-06</pubdate> </biblioentry> </bibliodiv> @@ -1297,28 +1352,46 @@ sshd password required pam_permit.so</programlisting> <title>User Manuals</title> <biblioentry> - <citetitle><link xlink:href="http://www.sun.com/software/solaris/pam/pam.admin.pdf">PAM - Administration</link></citetitle> + <citetitle><link + xlink:href="http://www.sun.com/software/solaris/pam/pam.admin.pdf">PAM + Administration</link></citetitle> <orgname>Sun Microsystems</orgname> </biblioentry> </bibliodiv> <bibliodiv> - <title>Related Web pages</title> + <title>Related Web Pages</title> <biblioentry> - <citetitle><link xlink:href="http://openpam.sourceforge.net/">OpenPAM homepage</link></citetitle> - <author><personname><surname>Smørgrav</surname><firstname>Dag-Erling</firstname></personname></author> + <citetitle><link + xlink:href="http://openpam.sourceforge.net/">OpenPAM + homepage</link></citetitle> + <author> + <personname> + <surname>Smørgrav</surname> + <firstname>Dag-Erling</firstname> + </personname> + </author> <orgname>ThinkSec AS</orgname> </biblioentry> <biblioentry> - <citetitle><link xlink:href="http://www.kernel.org/pub/linux/libs/pam/">Linux-PAM homepage</link></citetitle> - <author><personname><surname>Morgan</surname><firstname>Andrew</firstname><othername role="mi">G.</othername></personname></author> + <citetitle><link + xlink:href="http://www.kernel.org/pub/linux/libs/pam/">Linux-PAM + homepage</link></citetitle> + <author> + <personname> + <surname>Morgan</surname> + <firstname>Andrew</firstname> + <othername role="mi">G.</othername> + </personname> + </author> </biblioentry> <biblioentry> - <citetitle><link xlink:href="http://wwws.sun.com/software/solaris/pam/">Solaris PAM homepage</link></citetitle> + <citetitle><link + xlink:href="http://wwws.sun.com/software/solaris/pam/">Solaris + PAM homepage</link></citetitle> <orgname>Sun Microsystems</orgname> </biblioentry> </bibliodiv>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808161445.w7GEj614023854>