summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2014-03-30 05:11:58 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2014-04-02 08:54:35 (GMT)
commit8a97e7a877bd1e64636786fb4e749811e7963d6d (patch) (side-by-side diff)
tree4f53164dd43c62530ba1869f56ad33b0fb4db28a
parent55b38f5e11e9f11fe6ea9692722d4b86b9ae0be9 (diff)
downloadpam-modules-8a97e7a877bd1e64636786fb4e749811e7963d6d.tar.gz
pam-modules-8a97e7a877bd1e64636786fb4e749811e7963d6d.tar.bz2
Add manpages; remove invariant sections from pam-modules.texi
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--doc/.gitignore4
-rw-r--r--doc/Makefile.am44
-rw-r--r--doc/pam-modules.texi16
-rw-r--r--doc/pam_fshadow.8in223
-rw-r--r--doc/pam_log.8130
-rw-r--r--doc/pam_mysql.8in374
-rw-r--r--doc/pam_pgsql.8in365
-rw-r--r--doc/pam_regex.8181
-rw-r--r--doc/pam_umotd.8180
-rw-r--r--doc/pamck.1137
10 files changed, 1642 insertions, 12 deletions
diff --git a/doc/.gitignore b/doc/.gitignore
index 3cc99a1..8ae6011 100644
--- a/doc/.gitignore
+++ b/doc/.gitignore
@@ -1,5 +1,9 @@
Makefile
Makefile.in
+config.so
+pam_fshadow.8
+pam_mysql.8
+pam_pgsql.8
pam-modules.info*
stamp-vti
version.texi
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 99ac7d5..76df136 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -16,9 +16,51 @@
info_TEXINFOS=pam-modules.texi
pam_modules_TEXINFOS=fdl.texi macros.texi
+dist_man_MANS = pamck.1
+
+if PAM_COND_FSHADOW
+ dist_man_MANS += pam_fshadow.8
+endif
+if PAM_COND_REGEX
+ dist_man_MANS += pam_regex.8
+endif
+if PAM_COND_LOG
+ dist_man_MANS += pam_log.8
+endif
+#if PAM_COND_LDAPHOME
+# dist_man_MANS += pam_ldaphome.8
+#endif
+if PAM_COND_UMOTD
+ dist_man_MANS += pam_umotd.8
+endif
+if PAM_COND_MYSQL
+ dist_man_MANS += pam_mysql.8
+endif
+if PAM_COND_PGSQL
+ dist_man_MANS += pam_pgsql.8
+endif
+
+config.so: $(top_srcdir)/configure.ac $(top_srcdir)/doc/Makefile.am
+ $(AM_V_GEN){\
+ echo ".ds ET $(sysconfdir)"; \
+ } > config.so
+
+BUILD_MANS=pam_fshadow.8 pam_mysql.8 pam_pgsql.8
+CLEANFILES=$(BUILD_MANS) config.so
+
+pam_fshadow.8 pam_mysql.8 pam_pgsql.8: config.so
+
+.8in.8:
+ $(AM_V_GEN){\
+ echo '.\" -*- buffer-read-only: t -*- vi: set ro:';\
+ echo '.\" THIS FILE IS GENERATED AUTOMATICALLY; DO NOT EDIT!';\
+ soelim -I$(top_builddir)/doc $<;\
+ } > $@
EXTRA_DIST = \
- gendocs_template
+ gendocs_template\
+ pam_fshadow.8in\
+ pam_mysql.8in
clean-local:
rm -rf manual
diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi
index 7c2d881..35d31cb 100644
--- a/doc/pam-modules.texi
+++ b/doc/pam-modules.texi
@@ -46,15 +46,9 @@ Boston, MA 02110-1301, USA
Copyright @copyright{} 2005, 2007-2012, 2014 Sergey Poznyakoff
Permission is granted to copy, distribute and/or modify this document
-under the terms of the GNU Free Documentation License, Version 1.2 or
+under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
-Invariant Sections, with the Front-Cover texts being ``PAM-modules Manual'',
-and with the Back-Cover Texts as in (a) below. A copy of the license
-is included in the section entitled ``GNU Free Documentation License''.
-
-(a) The FSF's Back-Cover Text is: ``You have freedom to copy and modify
-this GNU Manual, like GNU software. Copies published by the Free
-Software Foundation raise funds for GNU development.''
+Invariant Sections, and no special Front- or Back- Cover texts/
@end copying
@titlepage
@@ -219,7 +213,7 @@ from which the @code{PAM_RUSER} entity is requesting service). That is
user. In some applications, @code{PAM_RHOST} may be @samp{NULL}.
@item ruser
-@code{PAM_RUSER}. The requesting entity: user's sername for a locally
+@code{PAM_RUSER}. The requesting entity: user's name for a locally
requesting user or a remote requesting user. In some cases,
@code{PAM_RUSER} may be @samp{NULL}.
@@ -496,7 +490,7 @@ This section summarizes all @command{pam_fshadow} command line options:
options, nopasswd}.
@opsummary{noshadow}
-@item nopasswd
+@item noshadow
Use only @file{passwd} for authentication. @xref{pam_fshadow common
options, noshadow}.
@@ -939,7 +933,7 @@ algorithm name in curly braces. This variable is @code{true} by
default.
@kwindex allow-md5-pass, @command{pam_mysql} configuration keyword
-@item allow-md5l-pass @var{bool}
+@item allow-md5-pass @var{bool}
The returned password may be encrypted using MySQL @code{md5}
function. This keyword is specific for @command{pam_mysql}.
diff --git a/doc/pam_fshadow.8in b/doc/pam_fshadow.8in
new file mode 100644
index 0000000..eb990d1
--- a/dev/null
+++ b/doc/pam_fshadow.8in
@@ -0,0 +1,223 @@
+.\" This file is part of PAM-Modules -*- nroff -*-
+.\" Copyright (C) 2001-2014 Sergey Poznyakoff
+.\"
+.\" PAM-Modules is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" PAM-Modules is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>.
+.so config.so
+.TH PAM_FSHADOW 8 "March 30, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.SH NAME
+pam_fshadow \- use alternative passwd and/or shadow files
+.SH SYNOPSIS
+.nh
+.na
+\fBpam_fshadow\fR\
+ [\fBbasic\fR|\fBextended\fR]\
+ [\fBignore\-case\fR|\fBicase\fR|\fBcase\fR]\
+ [\fBnopasswd\fR]\
+ [\fBnoshadow\fR]\
+ [\fBregex=\fIEXPR\fR]\
+ [\fBrevert\-index\fR]\
+ [\fBsysconfdir=\fIDIR\fR]\
+ [\fBuse_authtok\fR]\
+ [\fBdebug\fR[\fB=\fINUMBER\fR]]\
+ [\fBwaitdebug\fR]\
+ [\fBaudit\fR]
+.ad
+.hy
+.SH DESCRIPTION
+Authenticates the user against alternative \fBpasswd\fR and
+\fBshadow\fR files. There are two operation modes:
+\fBplain\fR mode, in which the module uses only
+one \fBpasswd\fR,\fBshadow\fR pair, and \fBvirtual domain\fR mode,
+which selects the pair to use based depending on the authentication
+token (the user name).
+.PP
+In plain mode, \fBpam_fshadow\fR checks the supplied user name and
+authentication token against the \fBpasswd\fR and \fBshadow\fR files
+located in the system configuration directory. The latter is set when
+configuring the package and defaults to \fB\*(ET\fR. Its
+location can be changed using the \fBsysconfdir\fR command line
+parameter.
+.PP
+The command line options \fBnopasswd\fR and \fBnoshadow\fR are
+provided to disable reading of either file. E.g. if \fBnoshadow\fR is
+given, the module will expect all authentication information to be
+stored in the \fBpasswd\fR file.
+.PP
+The \fBvirtual domain\fR mode select the \fBpasswd\fR,\fBshadow\fR
+pair to use depending on the user name. To that effect, the user name
+is first split into the \fBlocal\fR and \fBauthentication domain\fR
+parts using a regular expression supplied with the \fBregex\fR option.
+The configuration directory name is then constructed by concatenating the
+system configuration directory, a directory separator character (\fB/\fR),
+and the name of the authentication domain. The authentication then
+proceeds as described above for the plain mode. If the supplied user name
+does not match the regular expression, \fBpam_fshadow\fR falls back to
+the plain mode.
+.SH OPTIONS
+.TP
+\fBbasic\fR
+The argument to the \fBregex\fR option is a basic regular expression.
+.TP
+\fBextended\fR
+The argument to the \fBregex\fR option is a POSIX extended regular
+expression. This is the default.
+.TP
+\fBignore\-case\fR, \fBicase\fR
+Use case-insensitive regex matching.
+.TP
+Use case-sensitive regex matching (default).
+.TP
+\fBnopasswd\fR
+Use only \fBshadow\fR file for authentication.
+.TP
+\fBnoshadow\fR
+Use only \fBpasswd\fR file for authentication.
+.TP
+\fBregex=\fIEXPR\fR
+Defines a regular expression for splitting user name into the proper
+name and authentication domain. The expression must contain two
+parentesized groups. If it matches, the group 1 will be used to
+extract local user name and the group 2 will select the authentication
+domain. The \fBrevert\-index\fR option changes this behavior, causing
+group 1 to be used for authentication domain and group 2 for user
+name. For example:
+.RS
+.EX
+regex=(.*)@(.*)
+.EE
+.RE
+
+This regular expression will match user names like \fBsmith@domain\fR.
+.TP
+\fBrevert\-index\fR
+Use group #2 from the regular expression as the user name and group #1
+as the authentication domain.
+.TP
+\fBsysconfdir=\fIDIR\fR
+Use \fIDIR\fR as the system configuration directory, instead of the
+default \fB\*(ET\fR.
+.TP
+\fBuse_authtok\fR
+Do not prompt the user for password, take it from the saved
+authentication tokens.
+.TP
+\fBdebug\fR\fB=\fINUMBER\fR]
+Set debugging level (0 <= \fINUMBER\fR <= 100).
+.TP
+\fBwaitdebug\fR
+Wait for \fIN\fR seconds before starting up. This option is intended
+to facilitate attaching to the module with
+.BR gdb (1).
+It is available only if the package was configured with
+the \fB\-\-enable\-debug\fR option.
+.TP
+\fBaudit\fR
+Log auditing information.
+.SH MODULE TYPES PROVIDED
+.BR auth ,
+.BR session ,
+.BR account .
+.SH RETURN VALUES
+.TP
+.B PAM_SUCCESS
+Successful return.
+.TP
+.B PAM_AUTH_ERR
+Authentication failed.
+.TP
+.B PAM_AUTHINFO_UNAVAIL
+The input information is not sufficient.
+.TP
+.B PAM_AUTHTOK_RECOVER_ERR
+Failed to obtain stored authentication token. This code can be
+returned if \fBuse_authtok\fR was used.
+.TP
+.B PAM_SERVICE_ERR
+Can't open \fBpasswd\fR or \fBshadow\fR file, or get username or
+password.
+.TP
+.B PAM_USER_UNKNOWN
+Supplied username not found.
+.TP
+.B PAM_SYSTEM_ERR
+Out of memory.
+.SH EXAMPLES
+.nr step 1 1
+.IP \n[step].
+Plain mode. Use the file \fB/etc/ftpauth/shadow\fR for authentication.
+.PP
+.EX
+auth required pam_fshadow.so sysconfdir=/etc/ftpauth nopasswd
+.EE
+.IP \n+[step].
+Authenticate against files located in \fB/etc/authdomain\fR. E.g. if the
+supplied user name were \fBsmith@ftp\fR, it would use the files
+.B /etc/authdomain/ftp/passwd
+and
+.BR /etc/authdomain/ftp/shadow :
+.PP
+auth required pam_fshadow.so sysconfdir=/etc/authdomain regex=(.*)@(.*)
+.PP
+.EX
+.EE
+.SH NOTE
+This manpage is a short description of \fBpam_fshadow\fR. For a detailed
+discussion, including examples and usage recommendations, refer to the
+\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
+reader and the tar documentation are properly installed on your
+system, the command
+.PP
+.RS +4
+.B info pam-modules
+.RE
+.PP
+should give you access to the complete manual.
+.PP
+You can also view the manual using the info mode in
+.BR emacs (1),
+or find it in various formats online at
+.PP
+.RS +4
+.B http://www.gnu.org.ua/software/pam-modules/manual
+.RE
+.PP
+If any discrepancies occur between this manpage and the
+\fBPAM-modules Manual\fR, the later shall be considered the authoritative
+source.
+.SH "SEE ALSO"
+.BR pam.conf (5),
+.BR pam.d (5),
+.BR pam (8),
+.BR regex (7).
+.SH AUTHORS
+Sergey Poznyakoff <gray@gnu.org>
+.SH "BUG REPORTS"
+Report bugs to <bug\-pam\-modules@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2001-2014 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+
diff --git a/doc/pam_log.8 b/doc/pam_log.8
new file mode 100644
index 0000000..0554dba
--- a/dev/null
+++ b/doc/pam_log.8
@@ -0,0 +1,130 @@
+.\" This file is part of PAM-Modules -*- nroff -*-
+.\" Copyright (C) 2001-2014 Sergey Poznyakoff
+.\"
+.\" PAM-Modules is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" PAM-Modules is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>.
+.TH PAM_LOG 8 "March 28, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.SH NAME
+pam_log \- log messages to syslog
+.SH SYNOPSIS
+.nh
+.na
+\fBpam_log\fR [\fB\-audit\fR]\
+ [\fB\-debug\fR[\fB=\fILEVEL\fR]]\
+ [\fB\-noopen\fR]\
+ [\fB\-waitdebug\fR[\fB=\fISECONDS\fR]]\
+ [\fB\-pri=\fIFACILITY\fB.\fIPRIORITY\fR]\
+ [\fB\-tag=\fILABEL\fR] \fITEXT\fR...
+.ad
+.hy
+.SH DESCRIPTION
+Sends diagnostic text to syslog.
+.SH OPTIONS
+.TP
+\fB\-pri=\fIFACILITY\fB.\fIPRIORITY\fR
+Send text to the given syslog facility and priority. Valid values for
+\fIFACILITY\fR are:
+.BR user ,
+.BR daemon ,
+.BR auth ,
+.BR authpriv ", and "
+.BR local0 " through " local7 .
+Valid values for \fIPRIORITY\fR are:
+.BR emerg ,
+.BR alert ,
+.BR crit ,
+.BR err ,
+.BR warning ,
+.BR notice ,
+.BR info ", and "
+.BR debug .
+
+Either part can be omitted, in which case the following defaults are
+used: \fIFACILITY=\fBauthpriv\fR, \fIPRIORITY=\fBinfo\fR.
+.TP
+\fB\-tag=\fILABEL\fR
+Use \fILABEL\fR as the syslog tag, instead of the module name.
+.TP
+\fB\-debug\fR[\fB=\fINUMBER\fR]
+Set debugging level (0 <= \fINUMBER\fR <= 100).
+.TP
+\fB\-audit\fR
+Log auditing information.
+.TP
+\fB\-waitdebug=\fIN\fR
+Wait for \fIN\fR seconds before starting up. This option is intended
+to facilitate attaching to the module with
+.BR gdb (1).
+It is available only if the package was configured with
+the \fB\-\-enable\-debug\fR option.
+.SH MODULE TYPES PROVIDED
+All module types (\fBaccount\fR, \fBauth\fR, \fBpassword\fR and
+\fBsession\fR) are provided.
+.SH RETURN VALUES
+.TP
+.B PAM_IGNORE
+Ignore this module.
+.SH EXAMPLES
+.EX
+account requisite pam_log.so -tag FTP \\
+ -pri=daemon.info User ${user:-unknown} is granted FTP access
+.EE
+.SH NOTE
+This manpage is a short description of \fBpam_log\fR. For a detailed
+discussion, including examples and usage recommendations, refer to the
+\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
+reader and the tar documentation are properly installed on your
+system, the command
+.PP
+.RS +4
+.B info pam-modules
+.RE
+.PP
+should give you access to the complete manual.
+.PP
+You can also view the manual using the info mode in
+.BR emacs (1),
+or find it in various formats online at
+.PP
+.RS +4
+.B http://www.gnu.org.ua/software/pam-modules/manual
+.RE
+.PP
+If any discrepancies occur between this manpage and the
+\fBPAM-modules Manual\fR, the later shall be considered the authoritative
+source.
+.SH "SEE ALSO"
+.BR pam.conf (5),
+.BR pam.d (5),
+.BR pam (8).
+.SH AUTHORS
+Sergey Poznyakoff <gray@gnu.org>
+.SH "BUG REPORTS"
+Report bugs to <bug\-pam\-modules@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2001-2014 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+
diff --git a/doc/pam_mysql.8in b/doc/pam_mysql.8in
new file mode 100644
index 0000000..39506b6
--- a/dev/null
+++ b/doc/pam_mysql.8in
@@ -0,0 +1,374 @@
+.\" This file is part of PAM-Modules -*- nroff -*-
+.\" Copyright (C) 2001-2014 Sergey Poznyakoff
+.\"
+.\" PAM-Modules is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" PAM-Modules is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with PAM-Modules. If not, see
+.\" <http://www.gnu.org/licenses/>.
+.so config.so
+.TH PAM_MYSQL 8 "April 2, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.SH NAME
+pam_mysql \- authenticate using a MySQL database
+.SH SYNOPSIS
+.nh
+.na
+\fBpam_mysql\fR [\fBconfig=\fIFILE\fR]\
+ [\fBuse_authtok\fR]\
+ [\fBdebug\fR[\fB=\fINUMBER\fR]]\
+ [\fBwaitdebug\fR]\
+ [\fBaudit\fR]
+.ad
+.hy
+.SH DESCRIPTION
+Provides authentication and account management services via a MySQL
+database.
+.PP
+When used in the \fBauth\fR stack, the module first connects to the
+database using credentials supplied in the configuration file (see
+below). Then, it retrieves the value of the \fBpasswd\-query\fR
+configuration parameter and performs \fBPAM\fR item expansion over
+it. The resulting query is sent to the \fBSQL\fR server. If this
+query produces a non-empty result, the first column from the first
+tuple is used as encrypted user password and is compared with the
+supplied authentication token. If it matches, the user is
+authenticated successfully. The comparison includes the following
+checks, performed in that order until one of them returns match or the
+list is exhausted:
+.nr step 1 1
+.IP \n[step].
+Compare the retrieved password with the result of the system
+.BR crypt (3)
+function called with the authentication token and retrieved password
+as its arguments
+.IP \n+[step].
+Encrypt the authentication token using the
+.B MySQL
+password encoding algorithm and compare the result with the retrieved
+password.
+.IP \n+[step].
+Compare password with the MD5 sum of the authentication token.
+.IP \n+[step].
+Assume the password is encrypted using the
+.BR LDAP -style
+encoding and compare it accordingly.
+.IP \n+[step].
+Compare both strings literally. This check is performed only if
+the
+.B allow\-plaintext\-pass
+configuration parameter is set.
+.PP
+Any of these checks can be disabled using the corresponding
+configuration setting.
+.SH CONFIGURATION
+The configuration information is supplied in a file
+.BR \*(ET/pam_sql.conf .
+An alternative location can be given via the \fBconfig\fR command line
+option. The file is a usual UNIX-style configuration file with
+comments introduced by the \fB#\fR character. Long statements can be
+split across several physical lines of text by ending each line but
+the last with a backslash character.
+.PP
+The following statements are defined.
+.SS Database connection configuration
+.TP
+.BI host " NAME"
+Sets hostname or IP address of the MySQL server.
+
+If the database is listening on the local socket, the \fINAME\fR
+is the pathname of the local socket.
+.TP
+.BI port " NUMBER"
+Sets the MySQL port number. The default value is 3306.
+.TP
+.BI db " NAME"
+Sets the database name.
+.TP
+.BI login " NAME"
+Sets the database user name. The user must have \fBSELECT\fR
+privileges on tables in the authentication database.
+.TP
+.BI pass " TEXT"
+Sets password for database access.
+.SS Queries
+These statements define \fBSQL\fR queries used by the module. The
+argument of each statement is subject to
+.BR "PAM item expansion" ,
+which is described in detail in the following section.
+.TP
+.BI passwd\-query " QUERY"
+Defines \fBSQL\fR query to be used to obtain the user's password from the
+database.
+.TP
+.BI session\-start\-query " QUERY"
+Defines \fBSQL\fR query to be executed on session start.
+.TP
+.BI session\-stop\-query " QUERY"
+Defines \fBSQL\fR query to be executed on session termination.
+.TP
+.BI setenv\-query " QUERY"
+This query is available when the package is compiled with
+.B Linux PAM
+implementation. The data it selects from the database are then
+stored in the \fBPAM\fR environment. Only the first tuple returned
+is used; the column names are treated as environment variable names,
+and column values as their values.
+.SS Password encryption
+The variables in this subsections control how the module treats
+passwords returned by the
+.BR passwd\-query .
+Their argument is a boolean value: \fByes\fR, \fBtrue\fR or \fBt\fR,
+for true value and \fBno\fR, \fBfalse\fR or \fBf\fR, for false value.
+.TP
+.BI allow\-plaintext\-pass " BOOL"
+Controls whether the
+.B passwd\-query
+may return a plaintext password.
+.TP
+.BI allow\-ldap\-pass " BOOL"
+The returned password may be a
+.BR LDAP -style
+password hash, i.e. the hash value encoded as base-64 and prefixed
+with a hashing algorithm name in curly braces. This variable is
+\fBtrue\fR by default.
+.TP
+.BI allow\-md5-pass " BOOL"
+The returned password may be encrypted using \fBMySQL md5\fR
+function.
+.TP
+.BI allow\-mysql\-pass " BOOL"
+The returned password may be encrypted using \fBMySQL password\fR
+function.
+.SH PAM ITEM EXPANSION
+The query strings described in the previous section are subject to
+item expansion prior to being sent to the \fBMySQL\fR server. This
+feature is similar to the shell variable expansion. During item
+expansion, any occurrence of \fB$\fINAME\fR is replaced with the
+actual value of the \fBPAM\fR item \fINAME\fR. If the item in
+question is not defined, an empty string is substituted instead. A
+limited support for the shell-style default values is available:
+namely, the notation \fB${\fIITEM\fB:-\fIVALUE\fB}\fR expands to the
+value of \fBITEM\fR if it is set, and to \fIVALUE\fR otherwise.
+Notice, that \fIVALUE\fR must be a literal value (string or numeric).
+.PP
+The following table lists valid \fBPAM\fR item names:
+.TP
+.B service
+.BR PAM_SERVICE .
+The service name (identifies the \fBPAM\fR stack that will be used).
+.TP
+.B user
+.BR PAM_USER .
+The username of the entity under whose identity service will be given.
+.TP
+.B tty
+.BR PAM_TTY .
+The terminal name: prefixed by \fB/dev/\fR if it is a device file; for
+graphical, X-based, applications the value for this item is usually
+the \fB$DISPLAY\fR environment variable.
+.TP
+.B rhost
+.BR PAM_RHOST .
+The requesting hostname (the hostname of the machine
+from which the \fBPAM_RUSER\fR entity is requesting service). That is
+\fBPAM_RUSER@PAM_RHOST\fR identifies the requesting user. In some
+applications, \fBPAM_RHOST\fR may be \fBNULL\fR.
+.TP
+.B ruser
+.BR PAM_RUSER .
+The requesting entity: user's name for a locally requesting user or a
+remote requesting user. In some cases, \fBPAM_RUSER\fR may be \fBNULL\fR.
+.TP
+.B prompt
+.BR PAM_USER_PROMPT .
+The string used when prompting for a user's name. The default value
+for this string is:
+.sp
+.nh
+.na
+.B Please enter username:
+.ad
+.hy
+.TP
+.B password
+.BR PAM_AUTHTOK .
+The authentication token (often a password).
+.SH OPTIONS
+.TP
+.BI config= FILE
+Read configuration from \fIFILE\fR instead of
+.BR \*(ET/pam_sql.conf .
+.TP
+\fBuse_authtok\fR
+Do not prompt the user for password, take it from the saved
+authentication tokens.
+.TP
+\fBdebug\fR\fB=\fINUMBER\fR]
+Set debugging level (0 <= \fINUMBER\fR <= 100).
+.TP
+\fBwaitdebug\fR
+Wait for \fIN\fR seconds before starting up. This option is intended
+to facilitate attaching to the module with
+.BR gdb (1).
+It is available only if the package was configured with
+the \fB\-\-enable\-debug\fR option.
+.TP
+\fBaudit\fR
+Log auditing information.
+.SH MODULE TYPES PROVIDED
+.BR auth ,
+.BR session .
+.SH RETURN VALUES
+.TP
+.B PAM_SUCCESS
+Successful termination
+.TP
+.B PAM_AUTH_ERR
+Authentication failed.
+.TP
+.B PAM_USER_UNKNOWN
+Supplied username not found.
+.TP
+.B PAM_AUTHTOK_RECOVER_ERR
+Failed to obtain stored authentication token. This code can be
+returned if \fBuse_authtok\fR was used.
+.TP
+.B PAM_SERVICE_ERR
+Some configuration or internal module error: required configuration
+parameter is missing, etc.
+.SH EXAMPLES
+.SS Simple authentication
+This example assumes the authentication table of the following
+structure:
+.PP
+.EX
+CREATE TABLE auth (
+ user char(32),
+ passwd char(128),
+ PRIMARY KEY (user_name)
+);
+.PP
+The configuration file will look like:
+.PP
+.EX
+# Authentication data
+host localhost
+db userdb
+login test
+pass guessme
+# Retrieve password from the database.
+passwd-query SELECT passwd\\
+ FROM auth\
+ WHERE user='${user}'
+.EE
+.SS Accounting
+This example assumes the accounting table of the following structure:
+.PP
+.EX
+CREATE TABLE acct (
+ type int, -- 0 for active session, 1 for a terminated one
+ user char(32), -- user name
+ host char(256), -- remote host name
+ tty char(16), -- tty name
+ service char(32),-- PAM service name
+ ts datetime, -- timestamp
+ duration int, -- duration of the session if type==1
+ primary key (user,host,service,tty)
+);
+.EE
+.PP
+The correspondig configuration statements (without the database
+credentials part) are:
+.EX
+session-start-query INSERT INTO acct\\
+ (type, user, service, tty, host, ts)\\
+ VALUES(0, $user, $service, $tty, $rhost, now())
+session-stop-query UPDATE acct\\
+ SET type=1, duration=now()-ts\\
+ WHERE user='$user'\\
+ AND host='$host'\\
+ AND service='$service'\\
+ AND tty='$tty'
+.EE
+.SS Setting the Environment
+This example assumes the following table structure:
+.PP
+.EX
+CREATE TABLE userprop (
+ user varchar(32),
+ dir varchar(128),
+ uid int,
+ gid int
+);
+.EE
+.PP
+The following
+.B setenv\-query
+statement will set the \fBPAM\fR environment variables
+.BR home ,
+.BR uid ", and"
+.BR gid :
+.PP
+.EX
+setenv-query SELECT dir as home, uid, gid\\
+ FROM userprop\\
+ WHERE username='$user'
+.EE
+.SH NOTE
+This manpage is a short description of \fBpam_mysql\fR. For a detailed
+discussion, including examples and usage recommendations, refer to the
+\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
+reader and the tar documentation are properly installed on your
+system, the command
+.PP
+.RS +4
+.B info pam-modules
+.RE
+.PP
+should give you access to the complete manual.
+.PP
+You can also view the manual using the info mode in
+.BR emacs (1),
+or find it in various formats online at
+.PP
+.RS +4
+.B http://www.gnu.org.ua/software/pam-modules/manual
+.RE
+.PP
+If any discrepancies occur between this manpage and the
+\fBPAM-modules Manual\fR, the later shall be considered the authoritative
+source.
+.SH "SEE ALSO"
+.BR pam_pgsql (8),
+.BR pam.conf (5),
+.BR pam.d (5),
+.BR pam (8).
+.SH AUTHORS
+Sergey Poznyakoff <gray@gnu.org>
+.SH "BUG REPORTS"
+Report bugs to <bug\-pam\-modules@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2001-2014 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+
diff --git a/doc/pam_pgsql.8in b/doc/pam_pgsql.8in
new file mode 100644
index 0000000..6aa39bf
--- a/dev/null
+++ b/doc/pam_pgsql.8in
@@ -0,0 +1,365 @@
+.\" This file is part of PAM-Modules -*- nroff -*-
+.\" Copyright (C) 2001-2014 Sergey Poznyakoff
+.\"
+.\" PAM-Modules is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" PAM-Modules is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with PAM-Modules. If not, see
+.\" <http://www.gnu.org/licenses/>.
+.so config.so
+.TH PAM_PGSQL 8 "April 2, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.SH NAME
+pam_pgsql \- authenticate using a PostgreSQL database
+.SH SYNOPSIS
+.nh
+.na
+\fBpam_pgsql\fR [\fBconfig=\fIFILE\fR]\
+ [\fBuse_authtok\fR]\
+ [\fBdebug\fR[\fB=\fINUMBER\fR]]\
+ [\fBwaitdebug\fR]\
+ [\fBaudit\fR]
+.ad
+.hy
+.SH DESCRIPTION
+Provides authentication and account management services via a PostgreSQL
+database.
+.PP
+When used in the \fBauth\fR stack, the module first connects to the
+database using credentials supplied in the configuration file (see
+below). Then, it retrieves the value of the \fBpasswd\-query\fR
+configuration parameter and performs \fBPAM\fR item expansion over
+it. The resulting query is sent to the \fBSQL\fR server. If this
+query produces a non-empty result, the first column from the first
+tuple is used as encrypted user password and is compared with the
+supplied authentication token. If it matches, the user is
+authenticated successfully. The comparison includes the following
+checks, performed in that order until one of them returns match or the
+list is exhausted:
+.nr step 1 1
+.IP \n[step].
+Compare the retrieved password with the result of the system
+.BR crypt (3)
+function called with the authentication token and retrieved password
+as its arguments
+.IP \n+[step].
+Compare password with the MD5 sum of the authentication token.
+.IP \n+[step].
+Assume the password is encrypted using the
+.BR LDAP -style
+encoding and compare it accordingly.
+.IP \n+[step].
+Compare both strings literally. This check is performed only if
+the
+.B allow\-plaintext\-pass
+configuration parameter is set.
+.PP
+Any of these checks can be disabled using the corresponding
+configuration setting.
+.SH CONFIGURATION
+The configuration information is supplied in a file
+.BR \*(ET/pam_sql.conf .
+An alternative location can be given via the \fBconfig\fR command line
+option. The file is a usual UNIX-style configuration file with
+comments introduced by the \fB#\fR character. Long statements can be
+split across several physical lines of text by ending each line but
+the last with a backslash character.
+.PP
+The following statements are defined.
+.SS Database connection configuration
+.TP
+.BI host " NAME"
+Sets hostname or IP address of the PostgreSQL server.
+
+If the database is listening on the local socket, the \fINAME\fR
+is the pathname of the local socket.
+.TP
+.BI port " NUMBER"
+Sets the PostgreSQL port number. The default value is 5432.
+.TP
+.BI db " NAME"
+Sets the database name.
+.TP
+.BI login " NAME"
+Sets the database user name. The user must have \fBSELECT\fR
+privileges on tables in the database.
+.TP
+.BI pass " TEXT"
+Sets password for database access.
+.SS Queries
+These statements define \fBSQL\fR queries used by the module. The
+argument of each statement is subject to
+.BR "PAM item expansion" ,
+which is described in detail in the following section.
+.TP
+.BI passwd\-query " QUERY"
+Defines \fBSQL\fR query to be used to obtain the user's password from the
+database.
+.TP
+.BI session\-start\-query " QUERY"
+Defines \fBSQL\fR query to be executed on session start.
+.TP
+.BI session\-stop\-query " QUERY"
+Defines \fBSQL\fR query to be executed on session termination.
+.TP
+.BI setenv\-query " QUERY"
+This query is available when the package is compiled with
+.B Linux PAM
+implementation. The data it selects from the database are then
+stored in the \fBPAM\fR environment. Only the first tuple returned
+is used; the column names are treated as environment variable names,
+and column values as their values.
+.SS Password encryption
+The variables in this subsections control how the module treats
+passwords returned by the
+.BR passwd\-query .
+Their argument is a boolean value: \fByes\fR, \fBtrue\fR or \fBt\fR,
+for true value and \fBno\fR, \fBfalse\fR or \fBf\fR, for false value.
+.TP
+.BI allow\-plaintext\-pass " BOOL"
+Controls whether the
+.B passwd\-query
+may return a plaintext password.
+.TP
+.BI allow\-ldap\-pass " BOOL"
+The returned password may be a
+.BR LDAP -style
+password hash, i.e. the hash value encoded as base-64 and prefixed
+with a hashing algorithm name in curly braces. This variable is
+\fBtrue\fR by default.
+.TP
+.BI allow\-md5-pass " BOOL"
+The returned password may be encrypted using \fBPostgreSQL md5\fR
+function.
+.SH PAM ITEM EXPANSION
+The query strings described in the previous section are subject to
+item expansion prior to being sent to the \fBPostgreSQL\fR server. This
+feature is similar to the shell variable expansion. During item
+expansion, any occurrence of \fB$\fINAME\fR is replaced with the
+actual value of the \fBPAM\fR item \fINAME\fR. If the item in
+question is not defined, an empty string is substituted instead. A
+limited support for the shell-style default values is available:
+namely, the notation \fB${\fIITEM\fB:-\fIVALUE\fB}\fR expands to the
+value of \fBITEM\fR if it is set, and to \fIVALUE\fR otherwise.
+Notice, that \fIVALUE\fR must be a literal value (string or numeric).
+.PP
+The following table lists valid \fBPAM\fR item names:
+.TP
+.B service
+.BR PAM_SERVICE .
+The service name (identifies the \fBPAM\fR stack that will be used).
+.TP
+.B user
+.BR PAM_USER .
+The username of the entity under whose identity service will be given.
+.TP
+.B tty
+.BR PAM_TTY .
+The terminal name: prefixed by \fB/dev/\fR if it is a device file; for
+graphical, X-based, applications the value for this item is usually
+the \fB$DISPLAY\fR environment variable.
+.TP
+.B rhost
+.BR PAM_RHOST .
+The requesting hostname (the hostname of the machine
+from which the \fBPAM_RUSER\fR entity is requesting service). That is
+\fBPAM_RUSER@PAM_RHOST\fR identifies the requesting user. In some
+applications, \fBPAM_RHOST\fR may be \fBNULL\fR.
+.TP
+.B ruser
+.BR PAM_RUSER .
+The requesting entity: user's name for a locally requesting user or a
+remote requesting user. In some cases, \fBPAM_RUSER\fR may be \fBNULL\fR.
+.TP
+.B prompt
+.BR PAM_USER_PROMPT .
+The string used when prompting for a user's name. The default value
+for this string is:
+.sp
+.nh
+.na
+.B Please enter username:
+.ad
+.hy
+.TP
+.B password
+.BR PAM_AUTHTOK .
+The authentication token (often a password).
+.SH OPTIONS
+.TP
+.BI config= FILE
+Read configuration from \fIFILE\fR instead of
+.BR \*(ET/pam_sql.conf .
+.TP
+\fBuse_authtok\fR
+Do not prompt the user for password, take it from the saved
+authentication tokens.
+.TP
+\fBdebug\fR\fB=\fINUMBER\fR]
+Set debugging level (0 <= \fINUMBER\fR <= 100).
+.TP
+\fBwaitdebug\fR
+Wait for \fIN\fR seconds before starting up. This option is intended
+to facilitate attaching to the module with
+.BR gdb (1).
+It is available only if the package was configured with
+the \fB\-\-enable\-debug\fR option.
+.TP
+\fBaudit\fR
+Log auditing information.
+.SH MODULE TYPES PROVIDED
+.BR auth ,
+.BR session .
+.SH RETURN VALUES
+.TP
+.B PAM_SUCCESS
+Successful termination
+.TP
+.B PAM_AUTH_ERR
+Authentication failed.
+.TP
+.B PAM_USER_UNKNOWN
+Supplied username not found.
+.TP
+.B PAM_AUTHTOK_RECOVER_ERR
+Failed to obtain stored authentication token. This code can be
+returned if \fBuse_authtok\fR was used.
+.TP
+.B PAM_SERVICE_ERR
+Some configuration or internal module error: required configuration
+parameter is missing, etc.
+.SH EXAMPLES
+.SS Simple authentication
+This example assumes the authentication table of the following
+structure:
+.PP
+.EX
+CREATE TABLE auth (
+ user char(32),
+ passwd char(128),
+ PRIMARY KEY (user_name)
+);
+.PP
+The configuration file will look like:
+.PP
+.EX
+# Authentication data
+host localhost
+db userdb
+login test
+pass guessme
+# Retrieve password from the database.
+passwd-query SELECT passwd\\
+ FROM auth\
+ WHERE user='${user}'
+.EE
+.SS Accounting
+This example assumes the accounting table of the following structure:
+.PP
+.EX
+CREATE TABLE acct (
+ type int, -- 0 for active session, 1 for a terminated one
+ user char(32), -- user name
+ host char(256), -- remote host name
+ tty char(16), -- tty name
+ service char(32),-- PAM service name
+ ts datetime, -- timestamp
+ duration int, -- duration of the session if type==1
+ primary key (user,host,service,tty)
+);
+.EE
+.PP
+The correspondig configuration statements (without the database
+credentials part) are:
+.EX
+session-start-query INSERT INTO acct\\
+ (type, user, service, tty, host, ts)\\
+ VALUES(0, $user, $service, $tty, $rhost, now())
+session-stop-query UPDATE acct\\
+ SET type=1, duration=now()-ts\\
+ WHERE user='$user'\\
+ AND host='$host'\\
+ AND service='$service'\\
+ AND tty='$tty'
+.EE
+.SS Setting the Environment
+This example assumes the following table structure:
+.PP
+.EX
+CREATE TABLE userprop (
+ user varchar(32),
+ dir varchar(128),
+ uid int,
+ gid int
+);
+.EE
+.PP
+The following
+.B setenv\-query
+statement will set the \fBPAM\fR environment variables
+.BR home ,
+.BR uid ", and"
+.BR gid :
+.PP
+.EX
+setenv-query SELECT dir as home, uid, gid\\
+ FROM userprop\\
+ WHERE username='$user'
+.EE
+.SH NOTE
+This manpage is a short description of \fBpam_pgsql\fR. For a detailed
+discussion, including examples and usage recommendations, refer to the
+\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
+reader and the tar documentation are properly installed on your
+system, the command
+.PP
+.RS +4
+.B info pam-modules
+.RE
+.PP
+should give you access to the complete manual.
+.PP
+You can also view the manual using the info mode in
+.BR emacs (1),
+or find it in various formats online at
+.PP
+.RS +4
+.B http://www.gnu.org.ua/software/pam-modules/manual
+.RE
+.PP
+If any discrepancies occur between this manpage and the
+\fBPAM-modules Manual\fR, the later shall be considered the authoritative
+source.
+.SH "SEE ALSO"
+.BR pam_mysql (8),
+.BR pam.conf (5),
+.BR pam.d (5),
+.BR pam (8).
+.SH AUTHORS
+Sergey Poznyakoff <gray@gnu.org>
+.SH "BUG REPORTS"
+Report bugs to <bug\-pam\-modules@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2001-2014 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+
diff --git a/doc/pam_regex.8 b/doc/pam_regex.8
new file mode 100644
index 0000000..6033feb
--- a/dev/null
+++ b/doc/pam_regex.8
@@ -0,0 +1,181 @@
+.\" This file is part of PAM-Modules -*- nroff -*-
+.\" Copyright (C) 2001-2014 Sergey Poznyakoff
+.\"
+.\" PAM-Modules is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" PAM-Modules is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>.
+.TH PAM_REGEX 8 "March 28, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.SH NAME
+pam_regex \- authentication using regular expressions
+.SH SYNOPSIS
+.nh
+.na
+\fBpam_regex\fR [\fBsense=\fISENSE\fR]\
+ [\fBuser=\fINAME\fR]\
+ [\fBregex=\fIEXPRESSION\fR]\
+ [\fBbasic\fR|\fBextended\fR] [\fBcase\fR|\fBignore\-case\fR|\fBicase\fR]\
+ [\fBtransform=\fIS-EXPR\fR]\
+ [\fBdebug\fR[\fB=\fINUMBER\fR]]\
+ [\fBwaitdebug\fR]\
+ [\fBaudit\fR]
+.ad
+.hy
+.SH DESCRIPTION
+A general-purpose tool for authentication using regular expressions.
+It can be used to control access depending on whether the user name
+matches a given regular expression or to modify user name as per
+a sed-like expression, so that subsequent modules see the modified
+name.
+.SH OPTIONS
+.TP
+\fBregex=\fIEXPRESSION\fR
+Compare user name with \fIEXPRESSION\fR. By default the argument is
+treated as an extended regular expression with case-sensitive
+matching.
+
+When this option is used, \fBpam_regex\fR allows only login
+attempts with user names that match the given expression. See the
+\fBsensed\fR option to revert that behavior.
+.TP
+\fBsense=allow\fR|\fBdeny\fR
+What to do if the user name matches the expression given by the
+\fBregex\fR option. The value \fBallow\fR (the default) instructs the
+module to return \fBPAM_SUCCESS\fR, the \fBdeny\fR instructs it to
+return \fBPAM_AUTH_ERR\fR.
+.TP
+\fBtransform=\fIS-EXPR\fR
+Transform the user name using a sed-like expression. The argument
+should have the following form:
+.RS
+.EX
+s/\fIregexp\fR/\fIrepl\fR/[\fIflags\fR]
+.EE
+.RE
+
+See
+.BR sed (1),
+for a detailed description. Supported \fIflags\fR are:
+\fBg\fR, to apply the replacement to all matches, not
+just the first, \fBi\fR, to use case-insensitive matching,
+and \fBx\fR, which indicates that \fIregexp\fR is an extended
+POSIX regular expression. A decimal number in the \fIflags\fR field
+indicates the ordinal number of the match to be replaced. Using it
+together with \fBg\fR results in undefined behavior.
+
+Any delimiter can be used in lieue of the slash, the only requirement being
+that it be used consistently throughout the expression.
+.TP
+\fBbasic\fR
+Use basic regular expressions.
+.TP
+\fBcase\fR
+Use case-sensitive regular expressions (default).
+.TP
+\fBextended\fR
+Use extended regular expressions (default).
+.TP
+\fBignore-case\fR or \fBicase\fR
+Use case-insensitive regular expressions.
+.TP
+\fBuser=\fINAME\fR
+Upon successful matching, set \fBPAM\fR user name to \fBSTRING\fR.
+.TP
+\fBdebug\fR[\fB=\fINUMBER\fR]
+Set debugging level (0 <= \fINUMBER\fR <= 100).
+.TP
+\fBaudit\fR
+Log auditing information.
+.TP
+\fBwaitdebug=\fIN\fR
+Wait for \fIN\fR seconds before starting up. This option is intended
+to facilitate attaching to the module with
+.BR gdb (1).
+It is available only if the package was configured with
+the \fB\-\-enable\-debug\fR option.
+.SH MODULE TYPES PROVIDED
+.B auth
+.SH RETURN VALUES
+.TP
+.B PAM_SUCCESS
+Successful return.
+.TP
+.B PAM_AUTH_ERR
+Authentication failed.
+.TP
+.B PAM_AUTHINFO_UNAVAIL
+The input information is not sufficient.
+.SH EXAMPLES
+.nr step 1 1
+.IP \n[step].
+Deny access to users with login name containig the \fB@\fR sign.
+.PP
+.EX
+auth required pam_regex.so sense=deny regex=.*@.*
+.EE
+.IP \n+[step].
+Convert the user name to lower case and remove anything starting from
+the \fB@\fR character:
+.PP
+.EX
+auth required pam_regex.so extended transform=s/.*/\L&/g;s/@.*//
+.EE
+.SH NOTE
+This manpage is a short description of \fBpam_regex\fR. For a detailed
+discussion, including examples and usage recommendations, refer to the
+\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
+reader and the tar documentation are properly installed on your
+system, the command
+.PP
+.RS +4
+.B info pam-modules
+.RE
+.PP
+should give you access to the complete manual.
+.PP
+You can also view the manual using the info mode in
+.BR emacs (1),
+or find it in various formats online at
+.PP
+.RS +4
+.B http://www.gnu.org.ua/software/pam-modules/manual
+.RE
+.PP
+If any discrepancies occur between this manpage and the
+\fBPAM-modules Manual\fR, the later shall be considered the authoritative
+source.
+.SH "SEE ALSO"
+.BR pam.conf (5),
+.BR pam.d (5),
+.BR pam (8),
+.BR regex (7),
+.BR sed (1).
+.SH AUTHORS
+Sergey Poznyakoff <gray@gnu.org>
+.SH "BUG REPORTS"
+Report bugs to <bug\-pam\-modules@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2001-2014 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+
diff --git a/doc/pam_umotd.8 b/doc/pam_umotd.8
new file mode 100644
index 0000000..4970279
--- a/dev/null
+++ b/doc/pam_umotd.8
@@ -0,0 +1,180 @@
+.\" This file is part of PAM-Modules -*- nroff -*-
+.\" Copyright (C) 2001-2014 Sergey Poznyakoff
+.\"
+.\" PAM-Modules is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" PAM-Modules is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>.
+.TH PAM_UMOTD 8 "April 2, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.SH NAME
+pam_umotd \- display a message of the day
+.SH SYNOPSIS
+.nh
+.na
+\fBpam_umotd\fR [\fBfile=\fIFILENAME\fR]\
+ [\fBtimeout=\fIN\fR]\
+ [\fBmax\-size=\fIN\fR]\
+ [\fBmax\-la=\fIN\fR]\
+ [\fBdebug\fR[\fB=\fINUMBER\fR]]\
+ [\fBwaitdebug\fR]\
+ [\fBaudit\fR]\
+ [\fBexec\fR [\fIARGS\fR]...]
+.ad
+.hy
+.SH DESCRIPTION
+Displays a user-specific message of the day. The text can be taken
+either from a disk file, or read from the standard output of a program
+launched for that purpose.
+
+This module is Linux-specific.
+
+\fBPam_umotd\fR is normally started as part of the \fBsession\fR stack.
+.SH OPTIONS
+.TP
+\fBfile=\fIFILENAME\fR
+Read and display text from the file \fIFILENAME\fR.
+.TP
+.B exec
+Execute a program and display its output. The rest of arguments
+after this parameter are taken to be the program name and its
+command line arguments. The arguments are subject to \fBitem
+expansion\fR, during which any occurrence of \fB$\fINAME\fR is
+replaced by the value of the \fBPAM\fR item \fINAME\fR. A limited
+support for the shell-style default values is available: namely, the
+notation \fB${\fIITEM\fB:\-\fIVALUE\fB}\fR expands to the value of
+\fIITEM\fR if it is set, and to \fIVALUE\fR otherwise. Notice, that
+\fIVALUE\fR must be a literal value (string or numeric). Valid item
+names are:
+.RS
+.TP
+.B service
+.BR PAM_SERVICE .
+The service name (identifies the \fBPAM\fR stack that will be used).
+.TP
+.B user
+.BR PAM_USER .
+The username of the entity under whose identity service will be given.
+.TP
+.B tty
+.BR PAM_TTY .
+The terminal name: prefixed by \fB/dev/\fR if it is a device file; for
+graphical, X-based, applications the value for this item is usually
+the \fB$DISPLAY\fR environment variable.
+.TP
+.B rhost
+.BR PAM_RHOST .
+The requesting hostname (the hostname of the machine
+from which the \fBPAM_RUSER\fR entity is requesting service). That is
+\fBPAM_RUSER@PAM_RHOST\fR identifies the requesting user. In some
+applications, \fBPAM_RHOST\fR may be \fBNULL\fR.
+.TP
+.B ruser
+.BR PAM_RUSER .
+The requesting entity: user's name for a locally requesting user or a
+remote requesting user. In some cases, \fBPAM_RUSER\fR may be \fBNULL\fR.
+.TP
+.B prompt
+.BR PAM_USER_PROMPT .
+The string used when prompting for a user's name. The default value
+for this string is \fBPlease enter username: \fR.
+.TP
+.B password
+.BR PAM_AUTHTOK .
+The authentication token (often a password).
+.RE
+.TP
+\fBtimeout=\fIN\fR
+Limit the execution time of the program started via the \fBexec\fR
+option to \fBN\fR seconds. The default value is 10.
+.TP
+.B
+\fBmax\-size=\fIN\fR
+Limit the output size to \fIN\fR bytes. Default is 2000.
+.TP
+\fBmax\-la=\fID\fR
+Exit immediately if the 5-minute load average is greater than or
+equal to \fID\fR (a floating-point number).
+.TP
+\fBdebug\fR[\fB=\fINUMBER\fR]
+Set debugging level (0 <= \fINUMBER\fR <= 100).
+.TP
+\fBaudit\fR
+Log auditing information.
+.TP
+\fBwaitdebug=\fIN\fR
+Wait for \fIN\fR seconds before starting up. This option is intended
+to facilitate attaching to the module with
+.BR gdb (1).
+It is available only if the package was configured with
+the \fB\-\-enable\-debug\fR option.
+.SH MODULE TYPES PROVIDED
+.B session
+.SH RETURN VALUES
+.TP
+.B PAM_IGNORE
+Ignore this module
+.TP
+.B PAM_SERVICE_ERR
+Unable to read the file (if the \fBfile=\fR option is given) or
+execute the program (if \fBexec\fR is given).
+.SH EXAMPLES
+.EX
+session optional pam_umotd.so file=/etc/motd
+.EE
+.SH NOTE
+This manpage is a short description of \fBpam_umotd\fR. For a detailed
+discussion, including examples and usage recommendations, refer to the
+\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
+reader and the tar documentation are properly installed on your
+system, the command
+.PP
+.RS +4
+.B info pam-modules
+.RE
+.PP
+should give you access to the complete manual.
+.PP
+You can also view the manual using the info mode in
+.BR emacs (1),
+or find it in various formats online at
+.PP
+.RS +4
+.B http://www.gnu.org.ua/software/pam-modules/manual
+.RE
+.PP
+If any discrepancies occur between this manpage and the
+\fBPAM-modules Manual\fR, the later shall be considered the authoritative
+source.
+.SH "SEE ALSO"
+.BR pam.conf (5),
+.BR pam.d (5),
+.BR pam (8).
+.SH AUTHORS
+Sergey Poznyakoff <gray@gnu.org>
+.SH "BUG REPORTS"
+Report bugs to <bug\-pam\-modules@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2001-2014 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+
diff --git a/doc/pamck.1 b/doc/pamck.1
new file mode 100644
index 0000000..428d8fa
--- a/dev/null
+++ b/doc/pamck.1
@@ -0,0 +1,137 @@
+.\" This file is part of PAM-Modules -*- nroff -*-
+.\" Copyright (C) 2001-2014 Sergey Poznyakoff
+.\"
+.\" PAM-Modules is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" PAM-Modules is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>.
+.TH PAMCK 1 "March 31, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.SH NAME
+pamck \- test PAM stack
+.SH SYNOPSIS
+.nh
+.na
+\fBpamck\fR [\fB\-hv\fR] [\fB\-s\fR \fISERVICE\fR]\
+ [\fB\-g\fR \fIGROUP\fR] \fIUSER\fR [\fIPASSWORD\fR]
+.ad
+.hy
+.SH DESCRIPTION
+Tests the functionality of \fBPAM\fR stack.
+.SH OPTIONS
+.TP
+.B \-h
+Print short help summary and exit.
+.TP
+.B \-v
+Print program version and copyright information and exit.
+.TP
+\fB\-s\fR \fISERVICE\fR
+Select service name to use. Default group is \fBcheck\fR.
+.TP
+\fB\-g\fR \fIGROUP\fR
+Select \fBPAM\fR management group to check. Allowed arguments are:
+.RS
+.TP
+.B auth
+Authentication group. Call \fBpam_authenticate\fR.
+.TP
+.B acct
+Account management. Call \fBpam_acct_mgmt\fR.
+.TP
+.B open
+Session management. Call \fBpam_open_session\fR.
+.TP
+.B close
+Session management. Call \fBpam_close_session\fR.
+.TP
+.B pass
+Password management. Call \fBpam_chauthtok\fR.
+.RE
+.SH EXIT CODES
+.TP
+.B 0
+Successful termination.
+.TP
+.B 1
+Invalid command line usage.
+.TP
+.B 2
+\fBPAM\fR stack returned error.
+.SH EXAMPLES
+.nr step 1 1
+.IP \n[step].
+Test if the user \fBsmith\fR can be authenticated using the
+\fBcheck\fR service. The program will ask for password interactively:
+.PP
+.EX
+pamck smith
+.EE
+.IP \n+[step].
+Same as above, but supply password on the command line:
+.PP
+.EX
+pamck smith guessme
+.EE
+.IP \n+[step].
+Check if the user \fBsmith\fR authenticates using the \fBftp\fR service.
+.PP
+.EX
+pamck -s ftp smith
+.EE
+.SH NOTE
+This manpage is a short description of \fBpamck\fR. For a detailed
+discussion, including examples and usage recommendations, refer to the
+\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
+reader and the tar documentation are properly installed on your
+system, the command
+.PP
+.RS +4
+.B info pam-modules
+.RE
+.PP
+should give you access to the complete manual.
+.PP
+You can also view the manual using the info mode in
+.BR emacs (1),
+or find it in various formats online at
+.PP
+.RS +4
+.B http://www.gnu.org.ua/software/pam-modules/manual
+.RE
+.PP
+If any discrepancies occur between this manpage and the
+\fBPAM-modules Manual\fR, the later shall be considered the authoritative
+source.
+.SH "SEE ALSO"
+.BR pam.conf (5),
+.BR pam.d (5),
+.BR pam (8).
+.SH AUTHORS
+Sergey Poznyakoff <gray@gnu.org>
+.SH "BUG REPORTS"
+Report bugs to <bug\-pam\-modules@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2001-2014 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+

Return to:

Send suggestions and report system problems to the System administrator.