[gentoo-commits] proj/devmanual:master commit in: tasks-reference/pam/

[gentoo-commits] proj/devmanual:master commit in: tasks-reference/pam/

[Göktürk Yüksek]

commit:     b910c781110ada38d6063098d04775ac8bfd77c2
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 25 18:10:47 2019 +0000
Commit:     Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
CommitDate: Thu Dec 26 21:53:02 2019 +0000
URL:        https://gitweb.gentoo.org/proj/devmanual.git/commit/?id=b910c781

tasks-reference/pam: remove needless pam section

Closes: https://github.com/gentoo/devmanual/pull/128
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Signed-off-by: Göktürk Yüksek <gokturk <AT> gentoo.org>

 tasks-reference/pam/text.xml | 36 ++++--------------------------------
 1 file changed, 4 insertions(+), 32 deletions(-)

diff --git a/tasks-reference/pam/text.xml b/tasks-reference/pam/text.xml
index 6aa04d6..62c8ec0 100644
--- a/tasks-reference/pam/text.xml
+++ b/tasks-reference/pam/text.xml
@@ -16,14 +16,6 @@ With PAM, a program just needs to require authentication for a given login class
 (defined in a <c>pam.d</c> file), and PAM framework will take care of calling the
 modules which will provide authentication.
 </p>
-
-<p>
-There are different PAM implementations. Gentoo Linux, by default, uses the
-Linux-PAM implementation which is installed via <c>sys-libs/pam</c>; FreeBSD and
-NetBSD (and hence Gentoo/FreeBSD) use OpenPAM, which is a minimal version.  The
-different implementations can provide different authentication modules, and can
-differ in some details of the configuration.
-</p>
 </body>
 
 <section>
@@ -89,7 +81,7 @@ The statement is composed of 3 or 4 tokens:
     the module, but this creates problems because not all the systems install the
     modules in the same place: Linux-PAM on Gentoo is generally set up to load
     them from <c>/lib/security</c>, but for example on AMD64 this become
-    <c>/lib64/security</c>, and on OpenPAM they are just in <c>/usr/lib(64)</c>. The
+    <c>/lib64/security</c>. The
     result is that providing the full path will lead to non-working <c>pamd</c>
     files, and the right way to handle this is just states the module name <d /> the
     PAM implementation will take care of finding the module.
@@ -99,16 +91,6 @@ The statement is composed of 3 or 4 tokens:
     passed to the module. These are module-dependent.
   </li>
 </ul>
-
-<p>
-As the number and the type of modules shipped with the implementation depends on
-the implementations themselves (Linux-PAM provides a full working set of
-modules, OpenPAM doesn't provide modules at all, and it's the operating system
-which provides them, as FreeBSD or NetBSD do), there are just a few modules
-which can be used directly in <c>pamd</c> files without the risk of providing a
-non-working configuration file:
-</p>
-
 <ul>
   <li>
     <c>pam_deny.so</c>, <c>pam_permit.so</c> <d /> they just report a failure or a success
@@ -163,25 +145,15 @@ completely non-portable. It is not used in all the implementations of Linux-PAM
 
 <p>
 A solution came when AltLinux developers added a new instruction for the control
-token: <e>include</e>. That control token can be used on Linux-PAM 0.78 and on
-OpenPAM to do the same as a <c>required pam_stack.so</c>, replacing the module name
+token: <e>include</e>. That control token can be used since Linux-PAM 0.78
+to do the same as a <c>required pam_stack.so</c>, replacing the module name
 with the name of the login class to mimic.
 </p>
 
 <p>
 In this way, instead of loading a module which in turn reloads pam, the option
 is parsed directly by the PAM implementation which loads the other login class
-and takes care of executing it, and the same syntax is valid on both Linux-PAM
-and OpenPAM systems.
-</p>
-
-<p>
-New packages (and new versions of old packages) should then use the <c>include</c>
-directive instead of <c>pam_stack.so</c> module, but to do that they need to depend
-on a later version of <c>sys-libs/pam</c> or on <c>sys-libs/openpam</c> (note: openpam
-is for now just on G/FreeBSD's project overlay) <d /> to resolve this,
-<c>virtual/pam</c> is set up to add the right dependency for the use of the include
-directive.
+and takes care of executing it.
 </p>
 
 </body>

[gentoo-commits] proj/devmanual:master commit in: tasks-reference/pam/

[Ulrich Müller]

commit:     99d7d8ac6d177e0d13282ebf43887ae36a2c4452
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 21 04:07:03 2021 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Wed Apr  7 17:28:15 2021 +0000
URL:        https://gitweb.gentoo.org/proj/devmanual.git/commit/?id=99d7d8ac

tasks-reference/pam: slight grammar tweak

Signed-off-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 tasks-reference/pam/text.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks-reference/pam/text.xml b/tasks-reference/pam/text.xml
index 62c8ec0..5cdf6ba 100644
--- a/tasks-reference/pam/text.xml
+++ b/tasks-reference/pam/text.xml
@@ -7,7 +7,7 @@
 <p>
 PAM (Pluggable Authentication Modules) is a mechanism which allows different
 applications to authenticate using various specified parameters, using for
-example a passwd/shadow file, a Kerberos server, an LDAP server or an a NT
+example a passwd/shadow file, a Kerberos server, an LDAP server, or an NT
 Domain server (using Samba).
 </p>
 
@@ -115,7 +115,7 @@ The statement is composed of 3 or 4 tokens:
 
 <p>
 There are also other modules which can be used for more complex authentication
-against a database (mysql or postgresql), against an LDAP directory or against
+against a database (mysql or postgresql), against an LDAP directory, or against
 an NT domain (using samba). This is useful on thin or fat clients where the
 users have an unique login for all the machines.  Another place where this is
 useful is a cluster of servers which needs to authenticate against a single