Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2015-07-21 13:23:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam" Changes: -------- --- /work/SRC/openSUSE:Factory/pam/pam.changes 2015-05-06 11:21:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new/pam.changes 2015-07-21 13:23:05.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Jun 26 09:39:42 CEST 2015 - [email protected] + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- Old: ---- Linux-PAM-1.2.0-docs.tar.bz2 Linux-PAM-1.2.0.tar.bz2 New: ---- Linux-PAM-1.2.1-docs.tar.bz2 Linux-PAM-1.2.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam.spec ++++++ --- /var/tmp/diff_new_pack.707L8i/_old 2015-07-21 13:23:06.000000000 +0200 +++ /var/tmp/diff_new_pack.707L8i/_new 2015-07-21 13:23:07.000000000 +0200 @@ -33,7 +33,7 @@ %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # -Version: 1.2.0 +Version: 1.2.1 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause ++++++ Linux-PAM-1.2.0-docs.tar.bz2 -> Linux-PAM-1.2.1-docs.tar.bz2 ++++++ Files old/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.pdf and new/Linux-PAM-1.2.1/doc/adg/Linux-PAM_ADG.pdf differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.txt new/Linux-PAM-1.2.1/doc/adg/Linux-PAM_ADG.txt --- old/Linux-PAM-1.2.0/doc/adg/Linux-PAM_ADG.txt 2015-03-24 14:08:22.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/adg/Linux-PAM_ADG.txt 2015-06-22 14:32:48.000000000 +0200 @@ -198,8 +198,8 @@ pam_chauthtok(), although some applications are not suited to this task (ftp for example) and in this case the application should deny access to the user. -PAM is also capable of setting and deleting the users credentials with the call -pam_setcred(). This function should always be called after the user is +PAM is also capable of setting and deleting the user's credentials with the +call pam_setcred(). This function should always be called after the user is authenticated and before service is offered to the user. By convention, this should be the last call to the PAM library before the PAM session is opened. What exactly a credential is, is not well defined. However, some examples are @@ -849,7 +849,7 @@ 3.1.9.1. DESCRIPTION -The pam_acct_mgmt function is used to determine if the users account is valid. +The pam_acct_mgmt function is used to determine if the user's account is valid. It checks for authentication token and account expiration and verifies access restrictions. It is typically called after the user has been authenticated. @@ -922,7 +922,7 @@ PAM_CHANGE_EXPIRED_AUTHTOK - This argument indicates to the modules that the users authentication token + This argument indicates to the modules that the user's authentication token (password) should only be changed if it has expired. If this argument is not passed, the application requires that all authentication tokens are to be changed. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/adg/html/adg-interface-by-app-expected.html new/Linux-PAM-1.2.1/doc/adg/html/adg-interface-by-app-expected.html --- old/Linux-PAM-1.2.0/doc/adg/html/adg-interface-by-app-expected.html 2015-03-24 14:08:24.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/adg/html/adg-interface-by-app-expected.html 2015-06-22 14:32:50.000000000 +0200 @@ -460,7 +460,7 @@ User is not known to an authentication module. </p></dd></dl></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="adg-pam_acct_mgmt"></a>3.1.9. Account validation management</h3></div></div></div><div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <security/pam_appl.h></pre><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">int <b class="fsfunc">pam_acct_mgmt</b>(</code></td><td><var class="pdparam">pamh</var>, </td><td> </td></tr><tr><td> </td><td><var class="pdparam">flags</var><code>)</code>;</td><td> </td></tr></table><div class="paramdef-list"><code>pam_handle_t *<var class="pdparam">pamh</var></code>;<br><code>int <var class="pdparam">flags</var></code>;</div><div class="funcprototype-spacer"> </div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="adg-pam_acct_mgmt-description"></a>3.1.9.1. DESCRIPTION</h4></div></div></div><p> The <code class="function">pam_acct_mgmt</code> function is used to determine - if the users account is valid. It checks for authentication token + if the user's account is valid. It checks for authentication token and account expiration and verifies access restrictions. It is typically called after the user has been authenticated. </p><p> @@ -503,7 +503,7 @@ </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_SILENT</span></dt><dd><p> Do not emit any messages. </p></dd><dt><span class="term">PAM_CHANGE_EXPIRED_AUTHTOK</span></dt><dd><p> - This argument indicates to the modules that the users + This argument indicates to the modules that the user's authentication token (password) should only be changed if it has expired. If this argument is not passed, the application requires diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/adg/html/adg-overview.html new/Linux-PAM-1.2.1/doc/adg/html/adg-overview.html --- old/Linux-PAM-1.2.0/doc/adg/html/adg-overview.html 2015-03-24 14:08:23.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/adg/html/adg-overview.html 2015-06-22 14:32:50.000000000 +0200 @@ -90,7 +90,7 @@ are not suited to this task (<span class="command"><strong>ftp</strong></span> for example) and in this case the application should deny access to the user. </p><p> - PAM is also capable of setting and deleting the users credentials with + PAM is also capable of setting and deleting the user's credentials with the call <code class="function">pam_setcred()</code>. This function should always be called after the user is authenticated and before service is offered to the user. By convention, this should be the last call Files old/Linux-PAM-1.2.0/doc/mwg/Linux-PAM_MWG.pdf and new/Linux-PAM-1.2.1/doc/mwg/Linux-PAM_MWG.pdf differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/mwg/Linux-PAM_MWG.txt new/Linux-PAM-1.2.1/doc/mwg/Linux-PAM_MWG.txt --- old/Linux-PAM-1.2.0/doc/mwg/Linux-PAM_MWG.txt 2015-03-24 14:08:31.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/mwg/Linux-PAM_MWG.txt 2015-06-22 14:32:57.000000000 +0200 @@ -1292,7 +1292,7 @@ PAM_CHANGE_EXPIRED_AUTHTOK - This argument indicates to the module that the users authentication token + This argument indicates to the module that the user's authentication token (password) should only be changed if it has expired. This flag is optional and must be combined with one of the following two flags. Note, however, the following two options are mutually exclusive. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/mwg/html/mwg-expected-of-module-chauthtok.html new/Linux-PAM-1.2.1/doc/mwg/html/mwg-expected-of-module-chauthtok.html --- old/Linux-PAM-1.2.0/doc/mwg/html/mwg-expected-of-module-chauthtok.html 2015-03-24 14:08:33.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/mwg/html/mwg-expected-of-module-chauthtok.html 2015-06-22 14:32:59.000000000 +0200 @@ -15,7 +15,7 @@ </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_SILENT</span></dt><dd><p> Do not emit any messages. </p></dd><dt><span class="term">PAM_CHANGE_EXPIRED_AUTHTOK</span></dt><dd><p> - This argument indicates to the module that the users + This argument indicates to the module that the user's authentication token (password) should only be changed if it has expired. This flag is optional and <span class="emphasis"><em>must</em></span> be combined with one of the Files old/Linux-PAM-1.2.0/doc/sag/Linux-PAM_SAG.pdf and new/Linux-PAM-1.2.1/doc/sag/Linux-PAM_SAG.pdf differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/sag/Linux-PAM_SAG.txt new/Linux-PAM-1.2.1/doc/sag/Linux-PAM_SAG.txt --- old/Linux-PAM-1.2.0/doc/sag/Linux-PAM_SAG.txt 2015-03-25 13:58:23.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/sag/Linux-PAM_SAG.txt 2015-06-22 14:32:30.000000000 +0200 @@ -1489,7 +1489,8 @@ expose_authtok During authentication the calling command can read the password from stdin - (3). + (3). Only first PAM_MAX_RESP_SIZE bytes of a password are provided to the + command. log=file @@ -2363,7 +2364,7 @@ maxsyslogins maximum number of all logins on system; user is not allowed to log-in - if total number of all users' logins is greater than specified number + if total number of all user logins is greater than specified number (this limit does not apply to user with uid=0) priority @@ -2775,7 +2776,7 @@ dir=maildir - Look for the users' mail in an alternative location defined by maildir/ + Look for the user's mail in an alternative location defined by maildir/ <login>. The default location for mail is /var/mail/<login>. Note, if the supplied maildir is prefixed by a '~', the directory is interpreted as indicating a file in the user's home directory. @@ -3726,7 +3727,7 @@ 6.30.1. DESCRIPTION -pam_shells is a PAM module that only allows access to the system if the users +pam_shells is a PAM module that only allows access to the system if the user's shell is listed in /etc/shells. It also checks if /etc/shells is a plain file and not world writable. @@ -3747,7 +3748,7 @@ PAM_SUCCESS - The users login shell was listed as valid shell in /etc/shells. + The user's login shell was listed as valid shell in /etc/shells. PAM_SERVICE_ERR @@ -3930,11 +3931,11 @@ pam_tally comes in two parts: pam_tally.so and pam_tally. The former is the PAM module and the latter, a stand-alone program. pam_tally is an (optional) application which can be used to interrogate and manipulate the counter file. -It can display users' counts, set individual counts, or clear all counts. -Setting artificially high counts may be useful for blocking users without -changing their passwords. For example, one might find it useful to clear all -counts every midnight from a cron job. The faillog(8) command can be used -instead of pam_tally to to maintain the counter file. +It can display user counts, set individual counts, or clear all counts. Setting +artificially high counts may be useful for blocking users without changing +their passwords. For example, one might find it useful to clear all counts +every midnight from a cron job. The faillog(8) command can be used instead of +pam_tally to to maintain the counter file. Normally, failed attempts to access root will not cause the root account to become blocked, to prevent denial-of-service: if your users aren't given shell @@ -4094,10 +4095,10 @@ pam_tally2 comes in two parts: pam_tally2.so and pam_tally2. The former is the PAM module and the latter, a stand-alone program. pam_tally2 is an (optional) application which can be used to interrogate and manipulate the counter file. -It can display users' counts, set individual counts, or clear all counts. -Setting artificially high counts may be useful for blocking users without -changing their passwords. For example, one might find it useful to clear all -counts every midnight from a cron job. +It can display user counts, set individual counts, or clear all counts. Setting +artificially high counts may be useful for blocking users without changing +their passwords. For example, one might find it useful to clear all counts +every midnight from a cron job. Normally, failed attempts to access root will not cause the root account to become blocked, to prevent denial-of-service: if your users aren't given shell @@ -4584,6 +4585,10 @@ suppress this temporary shielding and may be needed for use with certain applications. +The maximum length of a password supported by the pam_unix module via the +helper binary is PAM_MAX_RESP_SIZE - currently 512 bytes. The rest of the +password provided by the conversation function to the module will be ignored. + The password component of this module performs the task of updating the user's password. The default encryption hash is taken from the ENCRYPT_METHOD variable from /etc/login.defs @@ -4604,6 +4609,11 @@ A little more extreme than debug. +quiet + + Turns off informational messages namely messages about session open and + close via syslog(3). + nullok The default action of this module is to not permit the user access to a @@ -4719,7 +4729,7 @@ auth required pam_unix.so # Ensure users account and password are still active account required pam_unix.so -# Change the users password, but at first check the strength +# Change the user's password, but at first check the strength # with pam_cracklib(8) password required pam_cracklib.so retry=3 minlen=6 difok=3 password required pam_unix.so use_authtok nullok md5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_exec.html new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_exec.html --- old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_exec.html 2015-03-25 13:58:28.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_exec.html 2015-06-22 14:32:35.000000000 +0200 @@ -43,7 +43,8 @@ <code class="option">expose_authtok</code> </span></dt><dd><p> During authentication the calling command can read - the password from <span class="citerefentry"><span class="refentrytitle">stdin</span>(3)</span>. + the password from <span class="citerefentry"><span class="refentrytitle">stdin</span>(3)</span>. Only first <span class="emphasis"><em>PAM_MAX_RESP_SIZE</em></span> + bytes of a password are provided to the command. </p></dd><dt><span class="term"> <code class="option">log=<em class="replaceable"><code>file</code></em></code> </span></dt><dd><p> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_limits.html new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_limits.html --- old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_limits.html 2015-03-25 13:58:28.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_limits.html 2015-06-22 14:32:35.000000000 +0200 @@ -93,7 +93,7 @@ <code class="option"><item></code> </span></dt><dd><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">core</code></span></dt><dd><p>limits the core file size (KB)</p></dd><dt><span class="term"><code class="option">data</code></span></dt><dd><p>maximum data size (KB)</p></dd><dt><span class="term"><code class="option">fsize</code></span></dt><dd><p>maximum filesize (KB)</p></dd><dt><span class="term"><code class="option">memlock</code></span></dt><dd><p>maximum locked-in-memory address space (KB)</p></dd><dt><span class="term"><code class="option">nofile</code></span></dt><dd><p>maximum number of open file descriptors</p></dd><dt><span class="term"><code class="option">rss</code></span></dt><dd><p>maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher)</p></dd><dt><span class="term"><code class="option">stack</code></span></dt><dd><p>maximum stack size (KB)</p></dd><dt><span class="term"><code class="option">cpu</code></span></dt><dd><p>maximum CPU time (minutes)</p></dd><dt><span class="term"><code class="option">nproc</code></span></dt><dd><p>maximum number of processes</p></dd><dt><span class="term"><code class="option">as</code></span></dt><dd><p>address space limit (KB)</p></dd><dt><span class="term"><code class="option">maxlogins</code></span></dt><dd><p>maximum number of logins for this user (this limit does not apply to user with <span class="emphasis"><em>uid=0</em></span>)</p></dd><dt><span class="term"><code class="option">maxsyslogins</code></span></dt><dd><p>maximum number of all logins on system; user is not - allowed to log-in if total number of all users' logins is + allowed to log-in if total number of all user logins is greater than specified number (this limit does not apply to user with <span class="emphasis"><em>uid=0</em></span>)</p></dd><dt><span class="term"><code class="option">priority</code></span></dt><dd><p>the priority to run user process with (negative values boost process priority)</p></dd><dt><span class="term"><code class="option">locks</code></span></dt><dd><p>maximum locked files (Linux 2.4 and higher)</p></dd><dt><span class="term"><code class="option">sigpending</code></span></dt><dd><p>maximum number of pending signals (Linux 2.6 and higher)</p></dd><dt><span class="term"><code class="option">msgqueue</code></span></dt><dd><p>maximum memory used by POSIX message queues (bytes) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_mail.html new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_mail.html --- old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_mail.html 2015-03-25 13:58:28.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_mail.html 2015-06-22 14:32:35.000000000 +0200 @@ -41,7 +41,7 @@ </p></dd><dt><span class="term"> <code class="option">dir=<em class="replaceable"><code>maildir</code></em></code> </span></dt><dd><p> - Look for the users' mail in an alternative location defined by + Look for the user's mail in an alternative location defined by <code class="filename">maildir/<login></code>. The default location for mail is <code class="filename">/var/mail/<login></code>. Note, if the supplied diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_shells.html new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_shells.html --- old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_shells.html 2015-03-25 13:58:29.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_shells.html 2015-06-22 14:32:35.000000000 +0200 @@ -1,6 +1,6 @@ <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>6.30. pam_shells - check for valid login shell</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-module-reference.html" title="Chapter 6. A reference guide for available modules"><link rel="prev" href="sag-pam_selinux.html" title="6.29. pam_selinux - set the default security context"><link rel="next" href="sag-pam_succeed_if.html" title="6.31. pam_succeed_if - test account characteristics"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.30. pam_shells - check for valid login shell</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-pam_selinux.html">Prev</a> </td><th width="60%" align="center">Chapter 6. A reference guide for available modules</th><td width="20%" align="right"> <a accesskey="n" href="sag-pam_succeed_if.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-pam_shells"></a>6.30. pam_shells - check for valid login shell</h2></div></div></div><div class="cmdsynopsis"><p><code class="command">pam_shells.so</code> </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_shells-description"></a>6.30.1. DESCRIPTION</h3></div></div></div><p> pam_shells is a PAM module that only allows access to the - system if the users shell is listed in <code class="filename">/etc/shells</code>. + system if the user's shell is listed in <code class="filename">/etc/shells</code>. </p><p> It also checks if <code class="filename">/etc/shells</code> is a plain file and not world writable. @@ -10,7 +10,7 @@ </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_shells-return_values"></a>6.30.4. RETURN VALUES</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p> Access to the system was denied. </p></dd><dt><span class="term">PAM_SUCCESS</span></dt><dd><p> - The users login shell was listed as valid shell in + The user's login shell was listed as valid shell in <code class="filename">/etc/shells</code>. </p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p> The module was not able to get the name of the user. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_tally.html new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_tally.html --- old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_tally.html 2015-03-25 13:58:29.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_tally.html 2015-06-22 14:32:35.000000000 +0200 @@ -46,7 +46,7 @@ <span class="command"><strong>pam_tally</strong></span>. The former is the PAM module and the latter, a stand-alone program. <span class="command"><strong>pam_tally</strong></span> is an (optional) application which can be used to interrogate and - manipulate the counter file. It can display users' counts, set + manipulate the counter file. It can display user counts, set individual counts, or clear all counts. Setting artificially high counts may be useful for blocking users without changing their passwords. For example, one might find it useful to clear all counts diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_tally2.html new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_tally2.html --- old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_tally2.html 2015-03-25 13:58:29.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_tally2.html 2015-06-22 14:32:35.000000000 +0200 @@ -39,7 +39,7 @@ <span class="command"><strong>pam_tally2</strong></span>. The former is the PAM module and the latter, a stand-alone program. <span class="command"><strong>pam_tally2</strong></span> is an (optional) application which can be used to interrogate and - manipulate the counter file. It can display users' counts, set + manipulate the counter file. It can display user counts, set individual counts, or clear all counts. Setting artificially high counts may be useful for blocking users without changing their passwords. For example, one might find it useful to clear all counts diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_unix.html new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_unix.html --- old/Linux-PAM-1.2.0/doc/sag/html/sag-pam_unix.html 2015-03-25 13:58:29.000000000 +0100 +++ new/Linux-PAM-1.2.1/doc/sag/html/sag-pam_unix.html 2015-06-22 14:32:35.000000000 +0200 @@ -38,6 +38,11 @@ argument can be used to suppress this temporary shielding and may be needed for use with certain applications. </p><p> + The maximum length of a password supported by the pam_unix module + via the helper binary is <span class="emphasis"><em>PAM_MAX_RESP_SIZE</em></span> + - currently 512 bytes. The rest of the password provided by the + conversation function to the module will be ignored. + </p><p> The password component of this module performs the task of updating the user's password. The default encryption hash is taken from the <span class="emphasis"><em>ENCRYPT_METHOD</em></span> variable from @@ -59,6 +64,12 @@ </span></dt><dd><p> A little more extreme than debug. </p></dd><dt><span class="term"> + <code class="option">quiet</code> + </span></dt><dd><p> + Turns off informational messages namely messages about + session open and close via + <span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>. + </p></dd><dt><span class="term"> <code class="option">nullok</code> </span></dt><dd><p> The default action of this module is to not permit the @@ -178,7 +189,7 @@ auth required pam_unix.so # Ensure users account and password are still active account required pam_unix.so -# Change the users password, but at first check the strength +# Change the user's password, but at first check the strength # with pam_cracklib(8) password required pam_cracklib.so retry=3 minlen=6 difok=3 password required pam_unix.so use_authtok nullok md5 ++++++ Linux-PAM-1.2.0-docs.tar.bz2 -> Linux-PAM-1.2.1.tar.bz2 ++++++ ++++ 287587 lines of diff (skipped)
