diff --git a/Linux-PAM-docu-generated.diff b/Linux-PAM-docu-generated.diff
index 99b7bd0..cb7870f 100644
--- a/Linux-PAM-docu-generated.diff
+++ b/Linux-PAM-docu-generated.diff
@@ -1,74 +1,17 @@
---- Linux-PAM-1.0.2-old/doc/man/pam_getenv.3 2008-04-16 11:09:52.000000000 +0200
-+++ Linux-PAM-1.0.2/doc/man/pam_getenv.3 2008-08-29 14:06:54.000000000 +0200
-@@ -1,11 +1,11 @@
- .\" Title: pam_getenv
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM Manual
- .\"
--.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_GETENV" "3" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
-@@ -27,8 +27,9 @@
- \fBpam_getenv\fR
- function searches the PAM environment list as associated with the handle
- \fIpamh\fR
--for a string that matches the string pointed to by
--\fIname\fR\. The return values are of the form: "\fIname=value\fR"\.
-+for an item that matches the string pointed to by
-+\fIname\fR
-+and returns the value of the environment variable\.
- .SH "RETURN VALUES"
- .PP
- The
---- Linux-PAM-1.0.2-old/doc/man/pam_prompt.3 2008-04-16 11:09:59.000000000 +0200
-+++ Linux-PAM-1.0.2/doc/man/pam_prompt.3 2008-08-29 14:06:55.000000000 +0200
-@@ -1,11 +1,11 @@
- .\" Title: pam_prompt
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM Manual
- .\"
--.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_PROMPT" "3" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
-@@ -27,7 +27,9 @@
- .PP
- The
- \fBpam_prompt\fR
--function constructs a message from the specified format string and arguments and passes it to
-+function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\. Upon successful return,
-+\fIresponse\fR
-+is set to point to a string returned from the conversation function\. This string is allocated on heap and should be freed\.
- .SH "RETURN VALUES"
- .PP
- PAM_BUF_ERR
--- Linux-PAM-1.0.2-old/modules/pam_access/pam_access.8 2008-04-16 11:06:35.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_access/pam_access.8 2008-08-29 14:04:27.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_access/pam_access.8 2008-10-17 13:01:19.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_access
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_ACCESS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ACCESS" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_ACCESS" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -97,24 +40,38 @@
\fBpam\fR(8)\.
.SH "AUTHORS"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8
--- Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 2008-04-16 11:06:38.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 2008-08-29 14:04:30.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 2008-10-17 13:01:23.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_cracklib
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_CRACKLIB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_CRACKLIB" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_CRACKLIB" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
-@@ -157,7 +157,7 @@
+@@ -69,12 +69,6 @@
+ Is the new password a rotated version of the old password?
+ .RE
+ .PP
+-Already used
+-.RS 4
+-Was the password used in the past? Previously used passwords are to be found in
+-\fI/etc/security/opasswd\fR\.
+-.RE
+-.PP
+ This module with no arguments will work well for standard unix password encryption\. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\.\.\. In addition, the default action is to allow passwords as small as 5 characters in length\. For a md5 systems it can be a good idea to increase the required minimum size of a password\. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\.
+ .SH "OPTIONS"
+ .PP
+@@ -157,7 +151,7 @@
\fBminlen\fR
less than 10\.
.sp
@@ -123,7 +80,7 @@
.RE
.PP
\fBlcredit=\fR\fB\fIN\fR\fR
-@@ -212,11 +212,11 @@
+@@ -212,11 +206,11 @@
.RS 4
Path to the cracklib dictionaries\.
.RE
@@ -138,7 +95,7 @@
.SH "RETURN VALUES"
.PP
.PP
-@@ -302,7 +302,7 @@
+@@ -302,7 +296,7 @@
.PP
\fBpam.conf\fR(5),
@@ -147,9 +104,22 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/README Linux-PAM-1.0.2/modules/pam_cracklib/README
--- Linux-PAM-1.0.2-old/modules/pam_cracklib/README 2008-04-16 11:06:39.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_cracklib/README 2008-08-29 14:04:32.000000000 +0200
-@@ -129,7 +129,7 @@
++++ Linux-PAM-1.0.2/modules/pam_cracklib/README 2008-10-17 13:01:24.000000000 +0200
+@@ -51,11 +51,6 @@
+
+ Is the new password a rotated version of the old password?
+
+-Already used
+-
+- Was the password used in the past? Previously used passwords are to be
+- found in /etc/security/opasswd.
+-
+ This module with no arguments will work well for standard unix password
+ encryption. With md5 encryption, passwords can be longer than 8 characters and
+ the default settings for this module can make it hard for the user to choose a
+@@ -129,7 +124,7 @@
will count +1 towards meeting the current minlen value. The default for
ucredit is 1 which is the recommended value for minlen less than 10.
@@ -158,20 +128,21 @@
for a new password.
lcredit=N
+diff -urN Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8
--- Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 2008-04-16 11:06:41.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 2008-08-29 14:04:34.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 2008-10-17 13:01:26.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_debug
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_DEBUG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_DEBUG" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_DEBUG" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -203,20 +174,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8
--- Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 2008-04-16 11:06:44.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 2008-08-29 14:04:37.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 2008-10-17 13:01:29.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_deny
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_DENY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_DENY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_DENY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -246,20 +218,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8
--- Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 2008-04-16 11:06:47.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 2008-08-29 14:04:40.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 2008-10-17 13:01:31.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_echo
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_ECHO" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ECHO" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_ECHO" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -288,20 +261,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_env/pam_env.8 Linux-PAM-1.0.2/modules/pam_env/pam_env.8
--- Linux-PAM-1.0.2-old/modules/pam_env/pam_env.8 2008-04-16 11:06:52.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_env/pam_env.8 2008-08-29 14:04:44.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_env/pam_env.8 2008-10-17 13:01:34.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_env
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_ENV" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ENV" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_ENV" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -339,8 +313,9 @@
\fBpam\fR(8)\.
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_env/README Linux-PAM-1.0.2/modules/pam_env/README
--- Linux-PAM-1.0.2-old/modules/pam_env/README 2008-04-16 11:06:53.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_env/README 2008-08-29 14:04:45.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_env/README 2008-10-17 13:01:36.000000000 +0200
@@ -11,7 +11,7 @@
By default rules for (un)setting of variables is taken from the config file /
etc/security/pam_env.conf if no other file is specified.
@@ -350,20 +325,21 @@
(/etc/environment by default). You can change the default file to parse, with
the envfile flag and turn it on or off by setting the readenv flag to 1 or 0
respectively.
+diff -urN Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8
--- Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 2008-04-16 11:09:09.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 2008-08-29 14:06:39.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 2008-10-17 13:01:38.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_exec
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_EXEC" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_EXEC" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_EXEC" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -395,20 +371,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8
--- Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 2008-04-16 11:09:21.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 2008-08-29 14:06:50.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 2008-10-17 13:01:41.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_faildelay
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_FAILDELAY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_FAILDELAY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_FAILDELAY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -435,20 +412,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8
--- Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 2008-04-16 11:06:56.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 2008-08-29 14:04:48.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 2008-10-17 13:01:45.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_filter
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_FILTER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_FILTER" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_FILTER" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -480,20 +458,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8
--- Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 2008-04-16 11:07:01.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 2008-08-29 14:04:51.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 2008-10-17 13:01:47.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_ftp
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_FTP" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_FTP" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_FTP" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -520,20 +499,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_group/pam_group.8 Linux-PAM-1.0.2/modules/pam_group/pam_group.8
--- Linux-PAM-1.0.2-old/modules/pam_group/pam_group.8 2008-04-16 11:07:06.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_group/pam_group.8 2008-08-29 14:04:55.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_group/pam_group.8 2008-10-17 13:01:50.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_group
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_GROUP" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_GROUP" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_GROUP" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -560,20 +540,21 @@
\fBpam\fR(8)\.
.SH "AUTHORS"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8
--- Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 2008-04-16 11:07:09.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 2008-08-29 14:04:58.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 2008-10-17 13:01:54.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_issue
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_ISSUE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_ISSUE" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_ISSUE" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -600,20 +581,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8
--- Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 2008-04-16 11:07:12.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 2008-08-29 14:05:02.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 2008-10-17 13:01:57.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_keyinit
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_KEYINIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_KEYINIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_KEYINIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -640,28 +622,50 @@
\fBpam\fR(8)
\fBkeyctl\fR(1)
.SH "AUTHOR"
+diff -urN Linux-PAM-1.0.2-old/modules/pam_lastlog/pam_lastlog.8 Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8
--- Linux-PAM-1.0.2-old/modules/pam_lastlog/pam_lastlog.8 2008-04-16 11:07:16.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 2008-08-29 14:05:05.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 2008-10-17 13:02:00.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_lastlog
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_LASTLOG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_LASTLOG" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_LASTLOG" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
-@@ -62,11 +62,11 @@
+@@ -14,7 +14,7 @@
+ pam_lastlog - PAM module to display date of last login
+ .SH "SYNOPSIS"
+ .HP 15
+-\fBpam_lastlog\.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp]
++\fBpam_lastlog\.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed]
+ .SH "DESCRIPTION"
+ .PP
+ pam_lastlog is a PAM module to display a line of information about the last login of the user\. In addition, the module maintains the
+@@ -62,11 +62,23 @@
.RS 4
Don\'t update the wtmp entry\.
.RE
-.SH "MODULE SERVICES PROVIDED"
++.PP
++\fBnoupdate\fR
++.RS 4
++Don\'t update any file\.
++.RE
++.PP
++\fBshowfailed\fR
++.RS 4
++Display number of failed login attempts and the date of the last failed attempt from btmp\. The date is not displayed when
++\fBnodate\fR
++is specified\.
++.RE
+.SH "MODULE TYPES PROVIDED"
.PP
Only the
@@ -671,7 +675,7 @@
.SH "RETURN VALUES"
.PP
.PP
-@@ -106,7 +106,7 @@
+@@ -106,7 +118,7 @@
.PP
\fBpam.conf\fR(5),
@@ -680,20 +684,40 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_lastlog/README Linux-PAM-1.0.2/modules/pam_lastlog/README
+--- Linux-PAM-1.0.2-old/modules/pam_lastlog/README 2008-04-16 11:07:17.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_lastlog/README 2008-10-17 13:02:01.000000000 +0200
+@@ -43,6 +43,15 @@
+
+ Don't update the wtmp entry.
+
++noupdate
++
++ Don't update any file.
++
++showfailed
++
++ Display number of failed login attempts and the date of the last failed
++ attempt from btmp. The date is not displayed when nodate is specified.
++
+ EXAMPLES
+
+ Add the following line to /etc/pam.d/login to display the last login time of an
+diff -urN Linux-PAM-1.0.2-old/modules/pam_limits/pam_limits.8 Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8
--- Linux-PAM-1.0.2-old/modules/pam_limits/pam_limits.8 2008-04-16 11:07:20.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 2008-08-29 14:05:09.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 2008-10-17 13:02:03.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_limits
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_LIMITS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_LIMITS" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_LIMITS" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -720,20 +744,21 @@
\fBpam\fR(8)\.
.SH "AUTHORS"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8
--- Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 2008-04-16 11:07:24.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 2008-08-29 14:05:12.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 2008-10-17 13:02:06.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_listfile
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_LISTFILE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_LISTFILE" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_LISTFILE" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -765,20 +790,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8
--- Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 2008-04-16 11:07:27.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 2008-08-29 14:05:16.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 2008-10-17 13:02:09.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_localuser
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_LOCALUSER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_LOCALUSER" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_LOCALUSER" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -808,20 +834,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8
--- Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 2008-04-16 11:09:18.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 2008-08-29 14:06:47.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 2008-10-17 13:02:11.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_loginuid
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_LOGINUID" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_LOGINUID" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_LOGINUID" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -849,23 +876,33 @@
\fBpam\fR(8),
\fBauditctl\fR(8),
\fBauditd\fR(8)
+diff -urN Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8
--- Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 2008-04-16 11:07:30.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 2008-08-29 14:05:19.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 2008-10-17 13:02:14.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_mail
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_MAIL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_MAIL" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_MAIL" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
+@@ -14,7 +14,7 @@
+ pam_mail - Inform about available mail
+ .SH "SYNOPSIS"
+ .HP 12
+-\fBpam_mail\.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quit] [standard]
++\fBpam_mail\.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quiet] [standard]
+ .SH "DESCRIPTION"
+ .PP
+ The pam_mail PAM module provides the "you have new mail" service to the user\. It can be plugged into any application that has credential or session hooks\. It gives a single message indicating the
@@ -87,13 +87,13 @@
.RS 4
Old style "You have\.\.\." format which doesn\'t show the mail spool being used\. This also implies "empty"\.
@@ -893,20 +930,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_mkhomedir/pam_mkhomedir.8 Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8
--- Linux-PAM-1.0.2-old/modules/pam_mkhomedir/pam_mkhomedir.8 2008-04-16 11:07:34.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 2008-08-29 14:05:22.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 2008-10-17 13:02:17.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_mkhomedir
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_MKHOMEDIR" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_MKHOMEDIR" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_MKHOMEDIR" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -933,20 +971,21 @@
\fBpam\fR(8)\.
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8
--- Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 2008-04-16 11:07:37.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 2008-08-29 14:05:26.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 2008-10-17 13:02:20.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_motd
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_MOTD" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_MOTD" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_MOTD" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -973,20 +1012,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_namespace/namespace.conf.5 Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5
--- Linux-PAM-1.0.2-old/modules/pam_namespace/namespace.conf.5 2008-04-16 11:09:13.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 2008-08-29 14:06:43.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 2008-10-17 13:02:24.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: namespace.conf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "NAMESPACE\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "NAMESPACE\.CONF" "5" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "NAMESPACE\.CONF" "5" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -999,20 +1039,21 @@
.PP
The
\fI/etc/security/namespace\.conf\fR
+diff -urN Linux-PAM-1.0.2-old/modules/pam_namespace/pam_namespace.8 Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8
--- Linux-PAM-1.0.2-old/modules/pam_namespace/pam_namespace.8 2008-04-16 11:09:14.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 2008-08-29 14:06:45.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 2008-10-17 13:02:25.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_namespace
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_NAMESPACE" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_NAMESPACE" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_NAMESPACE" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1049,20 +1090,21 @@
\fBmount\fR(8),
\fBpam\fR(8)\.
.SH "AUTHORS"
+diff -urN Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8
--- Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 2008-04-16 11:07:40.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 2008-08-29 14:05:29.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 2008-10-17 13:02:27.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_nologin
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_NOLOGIN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_NOLOGIN" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_NOLOGIN" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1091,20 +1133,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8
--- Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 2008-04-16 11:07:43.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 2008-08-29 14:05:32.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 2008-10-17 13:02:30.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_permit
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_PERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_PERMIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_PERMIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1136,20 +1179,86 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_pwhistory/README Linux-PAM-1.0.2/modules/pam_pwhistory/README
+--- Linux-PAM-1.0.2-old/modules/pam_pwhistory/README 1970-01-01 01:00:00.000000000 +0100
++++ Linux-PAM-1.0.2/modules/pam_pwhistory/README 2008-10-17 13:02:33.000000000 +0200
+@@ -0,0 +1,61 @@
++pam_pwhistory — PAM module to remember last passwords
++
++━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
++
++DESCRIPTION
++
++This module saves the last passwords for each user in order to force password
++change history and keep the user from alternating between the same password too
++frequently.
++
++This module does not work togehter with kerberos. In general, it does not make
++much sense to use this module in conjuction with NIS or LDAP, since the old
++passwords are stored on the local machine and are not available on another
++machine for password history checking.
++
++OPTIONS
++
++debug
++
++ Turns on debugging via syslog(3).
++
++use_authtok
++
++ When password changing enforce the module to use the new password provided
++ by a previously stacked password module (this is used in the example of the
++ stacking of the pam_cracklib module documented below).
++
++enforce_for_root
++
++ If this option is set, the check is enforced for root, too.
++
++remember=N
++
++ The last N passwords for each user are saved in /etc/security/opasswd. The
++ default is 10.
++
++retry=N
++
++ Prompt user at most N times before returning with error. The default is 1.
++
++EXAMPLES
++
++An example password section would be:
++
++#%PAM-1.0
++password required pam_pwhistory.so
++password required pam_unix.so use_authtok
++
++
++In combination with pam_cracklib:
++
++#%PAM-1.0
++password required pam_cracklib.so retry=3
++password required pam_pwhistory.so use_authtok
++password required pam_unix.so use_authtok
++
++
++AUTHOR
++
++pam_pwhistory was written by Thorsten Kukuk
++
+diff -urN Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8
--- Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 2008-04-16 11:07:46.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 2008-08-29 14:05:36.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 2008-10-17 13:02:34.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_rhosts
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_RHOSTS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_RHOSTS" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_RHOSTS" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1176,20 +1285,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8
--- Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 2008-04-16 11:07:49.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 2008-08-29 14:05:39.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 2008-10-17 13:02:37.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_rootok
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_ROOTOK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_ROOTOK" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_ROOTOK" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1216,20 +1326,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8
--- Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 2008-04-16 11:07:52.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 2008-08-29 14:05:42.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 2008-10-17 13:02:40.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_securetty
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_SECURETTY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SECURETTY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_SECURETTY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1265,20 +1376,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_selinux/pam_selinux.8 Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8
--- Linux-PAM-1.0.2-old/modules/pam_selinux/pam_selinux.8 2008-04-16 11:07:56.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 2008-08-29 14:05:46.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 2008-10-17 13:02:43.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_selinux
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_SELINUX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SELINUX" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_SELINUX" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1310,8 +1422,9 @@
.RE
.SH "MODULE SERVICES PROVIDED"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_selinux/README Linux-PAM-1.0.2/modules/pam_selinux/README
--- Linux-PAM-1.0.2-old/modules/pam_selinux/README 2008-04-16 11:07:55.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_selinux/README 2008-08-29 14:05:45.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_selinux/README 2008-10-17 13:02:42.000000000 +0200
@@ -48,10 +48,21 @@
Attempt to ask the user for a custom security context role. If MLS is on
ask also for sensitivity level.
@@ -1336,20 +1449,21 @@
EXAMPLES
+diff -urN Linux-PAM-1.0.2-old/modules/pam_sepermit/pam_sepermit.8 Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8
--- Linux-PAM-1.0.2-old/modules/pam_sepermit/pam_sepermit.8 2008-04-16 11:07:59.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 2008-08-29 14:05:49.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 2008-10-17 13:02:46.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_sepermit
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_SEPERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SEPERMIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_SEPERMIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1370,20 +1484,21 @@
.SH "RETURN VALUES"
.PP
PAM_AUTH_ERR
+diff -urN Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8
--- Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 2008-04-16 11:08:01.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 2008-08-29 14:05:51.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 2008-10-17 13:02:48.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_shells
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_SHELLS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SHELLS" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_SHELLS" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1413,20 +1528,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_succeed_if/pam_succeed_if.8 Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8
--- Linux-PAM-1.0.2-old/modules/pam_succeed_if/pam_succeed_if.8 2008-04-16 11:08:05.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 2008-08-29 14:05:55.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 2008-10-17 13:02:51.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_succeed_if
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM
.\" Source: Linux-PAM
.\"
-.TH "PAM_SUCCEED_IF" "8" "04/16/2008" "Linux-PAM" "Linux\-PAM"
-+.TH "PAM_SUCCEED_IF" "8" "08/29/2008" "Linux-PAM" "Linux\-PAM"
++.TH "PAM_SUCCEED_IF" "8" "10/17/2008" "Linux-PAM" "Linux\-PAM"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1455,20 +1571,21 @@
.RE
.SH "EXAMPLES"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8
--- Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 2008-04-16 11:08:10.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 2008-08-29 14:05:59.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 2008-10-17 13:02:55.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_tally
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_TALLY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_TALLY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_TALLY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1533,8 +1650,9 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/README Linux-PAM-1.0.2/modules/pam_tally/README
--- Linux-PAM-1.0.2-old/modules/pam_tally/README 2008-04-16 11:08:11.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_tally/README 2008-08-29 14:06:00.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_tally/README 2008-10-17 13:02:56.000000000 +0200
@@ -25,7 +25,7 @@
GLOBAL OPTIONS
@@ -1559,20 +1677,399 @@
AUTH OPTIONS
Authentication phase first checks if user should be denied access and if
+diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/modules/pam_tally2/pam_tally2.8
+--- Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 1970-01-01 01:00:00.000000000 +0100
++++ Linux-PAM-1.0.2/modules/pam_tally2/pam_tally2.8 2008-10-17 13:02:59.000000000 +0200
+@@ -0,0 +1,224 @@
++.\" Title: pam_tally2
++.\" Author:
++.\" Generator: DocBook XSL Stylesheets v1.73.2
++.\" Date: 10/17/2008
++.\" Manual: Linux-PAM Manual
++.\" Source: Linux-PAM Manual
++.\"
++.TH "PAM_TALLY2" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.\" disable hyphenation
++.nh
++.\" disable justification (adjust text to left margin only)
++.ad l
++.SH "NAME"
++pam_tally2 - The login counter (tallying) module
++.SH "SYNOPSIS"
++.HP 14
++\fBpam_tally2\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [audit] [silent] [no_log_info]
++.HP 11
++\fBpam_tally2\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet]
++.SH "DESCRIPTION"
++.PP
++This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\.
++.PP
++pam_tally2 comes in two parts:
++\fBpam_tally2\.so\fR
++and
++\fBpam_tally2\fR\. The former is the PAM module and the latter, a stand\-alone program\.
++\fBpam_tally2\fR
++is an (optional) application which can be used to interrogate and manipulate the counter file\. It can display users\' counts, set individual counts, or clear all counts\. Setting artificially high counts may be useful for blocking users without changing their passwords\. For example, one might find it useful to clear all counts every midnight from a cron job\.
++.PP
++Normally, failed attempts to access
++\fIroot\fR
++will
++\fBnot\fR
++cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\'t given shell accounts and root may only login via
++\fBsu\fR
++or at the machine console (not telnet/rsh, etc), this is safe\.
++.SH "OPTIONS"
++.PP
++GLOBAL OPTIONS
++.RS 4
++This can be used for
++\fIauth\fR
++and
++\fIaccount\fR
++module types\.
++.PP
++\fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR
++.RS 4
++If something weird happens (like unable to open the file), return with
++\fBPAM_SUCESS\fR
++if
++\fBonerr=\fR\fB\fIsucceed\fR\fR
++is given, else with the corresponding PAM error code\.
++.RE
++.PP
++\fBfile=\fR\fB\fI/path/to/counter\fR\fR
++.RS 4
++File where to keep counts\. Default is
++\fI/var/log/tallylog\fR\.
++.RE
++.PP
++\fBaudit\fR
++.RS 4
++Will log the user name into the system log if the user is not found\.
++.RE
++.PP
++\fBsilent\fR
++.RS 4
++Don\'t print informative messages\.
++.RE
++.PP
++\fBno_log_info\fR
++.RS 4
++Don\'t log informative messages via
++\fBsyslog\fR(3)\.
++.RE
++.RE
++.PP
++AUTH OPTIONS
++.RS 4
++Authentication phase first increments attempted login counter and checks if user should be denied access\. If the user is authenticated and the login process continues on call to
++\fBpam_setcred\fR(3)
++it resets the attempts counter\.
++.PP
++\fBdeny=\fR\fB\fIn\fR\fR
++.RS 4
++Deny access if tally for this user exceeds
++\fIn\fR\.
++.RE
++.PP
++\fBlock_time=\fR\fB\fIn\fR\fR
++.RS 4
++Always deny for
++\fIn\fR
++seconds after failed attempt\.
++.RE
++.PP
++\fBunlock_time=\fR\fB\fIn\fR\fR
++.RS 4
++Allow access after
++\fIn\fR
++seconds after failed attempt\. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\.
++.RE
++.PP
++\fBmagic_root\fR
++.RS 4
++If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like
++\fBsu\fR, otherwise this argument should be omitted\.
++.RE
++.PP
++\fBno_lock_time\fR
++.RS 4
++Do not use the \.fail_locktime field in
++\fI/var/log/faillog\fR
++for this user\.
++.RE
++.PP
++\fBno_reset\fR
++.RS 4
++Don\'t reset count on successful entry, only decrement\.
++.RE
++.PP
++\fBeven_deny_root\fR
++.RS 4
++Root account can become unavailable\.
++.RE
++.PP
++\fBroot_unlock_time=\fR\fB\fIn\fR\fR
++.RS 4
++This option implies
++\fBeven_deny_root\fR
++option\. Allow access after
++\fIn\fR
++seconds to root acccount after failed attempt\. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\.
++.RE
++.RE
++.PP
++ACCOUNT OPTIONS
++.RS 4
++Account phase resets attempts counter if the user is
++\fBnot\fR
++magic root\. This phase can be used optionaly for services which don\'t call
++\fBpam_setcred\fR(3)
++correctly or if the reset should be done regardless of the failure of the account phase of other modules\.
++.PP
++\fBmagic_root\fR
++.RS 4
++If the module is invoked by a user with uid=0 the counter is not changed\. The sys\-admin should use this for user launched services, like
++\fBsu\fR, otherwise this argument should be omitted\.
++.RE
++.RE
++.SH "MODULE TYPES PROVIDED"
++.PP
++The
++\fBauth\fR
++and
++\fBaccount\fR
++module types are provided\.
++.SH "RETURN VALUES"
++.PP
++PAM_AUTH_ERR
++.RS 4
++A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\.
++.RE
++.PP
++PAM_SUCCESS
++.RS 4
++Everything was successfull\.
++.RE
++.PP
++PAM_USER_UNKNOWN
++.RS 4
++User not known\.
++.RE
++.SH "NOTES"
++.PP
++pam_tally2 is not compatible with the old pam_tally faillog file format\. This is caused by requirement of compatibility of the tallylog file format between 32bit and 64bit architectures on multiarch systems\.
++.PP
++There is no setuid wrapper for access to the data file such as when the
++\fBpam_tally2\.so\fR
++module is called from xscreensaver\. As this would make it impossible to share PAM configuration with such services the following workaround is used: If the data file cannot be opened because of insufficient permissions (\fBEPERM\fR) the module returns
++\fBPAM_IGNORE\fR\.
++.SH "EXAMPLES"
++.PP
++Add the following line to
++\fI/etc/pam\.d/login\fR
++to lock the account after 4 failed logins\. Root account will be locked as well\. The accounts will be automatically unlocked after 20 minutes\. The module does not have to be called in the account phase because the
++\fBlogin\fR
++calls
++\fBpam_setcred\fR(3)
++correctly\.
++.sp
++.RS 4
++.nf
++auth required pam_securetty\.so
++auth required pam_tally2\.so deny=4 even_deny_root unlock_time=1200
++auth required pam_env\.so
++auth required pam_unix\.so
++auth required pam_nologin\.so
++account required pam_unix\.so
++password required pam_unix\.so
++session required pam_limits\.so
++session required pam_unix\.so
++session required pam_lastlog\.so nowtmp
++session optional pam_mail\.so standard
++
++.fi
++.RE
++.SH "FILES"
++.PP
++\fI/var/log/tallylog\fR
++.RS 4
++failure count logging file
++.RE
++.SH "SEE ALSO"
++.PP
++
++\fBpam.conf\fR(5),
++\fBpam.d\fR(5),
++\fBpam\fR(8)
++.SH "AUTHOR"
++.PP
++pam_tally was written by Tim Baverstock and Tomas Mraz\.
+diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/README Linux-PAM-1.0.2/modules/pam_tally2/README
+--- Linux-PAM-1.0.2-old/modules/pam_tally2/README 1970-01-01 01:00:00.000000000 +0100
++++ Linux-PAM-1.0.2/modules/pam_tally2/README 2008-10-17 13:03:00.000000000 +0200
+@@ -0,0 +1,146 @@
++pam_tally2 — The login counter (tallying) module
++
++━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
++
++DESCRIPTION
++
++This module maintains a count of attempted accesses, can reset count on
++success, can deny access if too many attempts fail.
++
++pam_tally2 comes in two parts: pam_tally2.so and pam_tally2. The former is the
++PAM module and the latter, a stand-alone program. pam_tally2 is an (optional)
++application which can be used to interrogate and manipulate the counter file.
++It can display users' counts, set individual counts, or clear all counts.
++Setting artificially high counts may be useful for blocking users without
++changing their passwords. For example, one might find it useful to clear all
++counts every midnight from a cron job.
++
++Normally, failed attempts to access root will not cause the root account to
++become blocked, to prevent denial-of-service: if your users aren't given shell
++accounts and root may only login via su or at the machine console (not telnet/
++rsh, etc), this is safe.
++
++OPTIONS
++
++GLOBAL OPTIONS
++
++ This can be used for auth and account module types.
++
++ onerr=[fail|succeed]
++
++ If something weird happens (like unable to open the file), return with
++ PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM
++ error code.
++
++ file=/path/to/counter
++
++ File where to keep counts. Default is /var/log/tallylog.
++
++ audit
++
++ Will log the user name into the system log if the user is not found.
++
++ silent
++
++ Don't print informative messages.
++
++ no_log_info
++
++ Don't log informative messages via syslog(3).
++
++AUTH OPTIONS
++
++ Authentication phase first increments attempted login counter and checks if
++ user should be denied access. If the user is authenticated and the login
++ process continues on call to pam_setcred(3) it resets the attempts counter.
++
++ deny=n
++
++ Deny access if tally for this user exceeds n.
++
++ lock_time=n
++
++ Always deny for n seconds after failed attempt.
++
++ unlock_time=n
++
++ Allow access after n seconds after failed attempt. If this option is
++ used the user will be locked out for the specified amount of time after
++ he exceeded his maximum allowed attempts. Otherwise the account is
++ locked until the lock is removed by a manual intervention of the system
++ administrator.
++
++ magic_root
++
++ If the module is invoked by a user with uid=0 the counter is not
++ incremented. The sys-admin should use this for user launched services,
++ like su, otherwise this argument should be omitted.
++
++ no_lock_time
++
++ Do not use the .fail_locktime field in /var/log/faillog for this user.
++
++ no_reset
++
++ Don't reset count on successful entry, only decrement.
++
++ even_deny_root
++
++ Root account can become unavailable.
++
++ root_unlock_time=n
++
++ This option implies even_deny_root option. Allow access after n seconds
++ to root acccount after failed attempt. If this option is used the root
++ user will be locked out for the specified amount of time after he
++ exceeded his maximum allowed attempts.
++
++ACCOUNT OPTIONS
++
++ Account phase resets attempts counter if the user is not magic root. This
++ phase can be used optionaly for services which don't call pam_setcred(3)
++ correctly or if the reset should be done regardless of the failure of the
++ account phase of other modules.
++
++ magic_root
++
++ If the module is invoked by a user with uid=0 the counter is not
++ changed. The sys-admin should use this for user launched services, like
++ su, otherwise this argument should be omitted.
++
++NOTES
++
++pam_tally2 is not compatible with the old pam_tally faillog file format. This
++is caused by requirement of compatibility of the tallylog file format between
++32bit and 64bit architectures on multiarch systems.
++
++There is no setuid wrapper for access to the data file such as when the
++pam_tally2.so module is called from xscreensaver. As this would make it
++impossible to share PAM configuration with such services the following
++workaround is used: If the data file cannot be opened because of insufficient
++permissions (EPERM) the module returns PAM_IGNORE.
++
++EXAMPLES
++
++Add the following line to /etc/pam.d/login to lock the account after 4 failed
++logins. Root account will be locked as well. The accounts will be automatically
++unlocked after 20 minutes. The module does not have to be called in the account
++phase because the login calls pam_setcred(3) correctly.
++
++auth required pam_securetty.so
++auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200
++auth required pam_env.so
++auth required pam_unix.so
++auth required pam_nologin.so
++account required pam_unix.so
++password required pam_unix.so
++session required pam_limits.so
++session required pam_unix.so
++session required pam_lastlog.so nowtmp
++session optional pam_mail.so standard
++
++
++AUTHOR
++
++pam_tally was written by Tim Baverstock and Tomas Mraz.
++
+diff -urN Linux-PAM-1.0.2-old/modules/pam_time/pam_time.8 Linux-PAM-1.0.2/modules/pam_time/pam_time.8
--- Linux-PAM-1.0.2-old/modules/pam_time/pam_time.8 2008-04-16 11:08:15.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_time/pam_time.8 2008-08-29 14:06:03.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_time/pam_time.8 2008-10-17 13:03:02.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_time
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_TIME" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_TIME" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_TIME" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1599,20 +2096,21 @@
\fBpam\fR(8)\.
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_tty_audit/pam_tty_audit.8 Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8
--- Linux-PAM-1.0.2-old/modules/pam_tty_audit/pam_tty_audit.8 2008-04-16 11:08:21.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 2008-08-29 14:06:06.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 2008-10-17 13:03:05.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_tty_audit
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_TTY_AUDIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_TTY_AUDIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_TTY_AUDIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1630,20 +2128,21 @@
.SH "RETURN VALUES"
.PP
PAM_SESSION_ERR
+diff -urN Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8
--- Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 2008-04-16 11:08:27.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 2008-08-29 14:06:10.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 2008-10-17 13:03:08.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_umask
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_UMASK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_UMASK" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_UMASK" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1670,20 +2169,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8
--- Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 2008-04-16 11:08:40.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 2008-08-29 14:06:21.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 2008-10-17 13:03:17.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_unix
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_UNIX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_UNIX" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_UNIX" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1712,20 +2212,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8
--- Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 2008-04-16 11:08:48.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 2008-08-29 14:06:25.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 2008-10-17 13:03:20.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_userdb
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_USERDB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_USERDB" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_USERDB" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1755,20 +2256,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8
--- Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 2008-04-16 11:08:53.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 2008-08-29 14:06:28.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 2008-10-17 13:03:23.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_warn
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_WARN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_WARN" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_WARN" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1800,20 +2302,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8
--- Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 2008-04-16 11:08:57.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 2008-08-29 14:06:31.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 2008-10-17 13:03:26.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_wheel
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_WHEEL" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_WHEEL" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1842,20 +2345,21 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8
--- Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 2008-04-16 11:09:03.000000000 +0200
-+++ Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 2008-08-29 14:06:35.000000000 +0200
++++ Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 2008-10-17 13:03:30.000000000 +0200
@@ -1,11 +1,11 @@
.\" Title: pam_xauth
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1
-.\" Date: 04/16/2008
+.\" Generator: DocBook XSL Stylesheets v1.73.2
-+.\" Date: 08/29/2008
++.\" Date: 10/17/2008
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_XAUTH" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_XAUTH" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_XAUTH" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -1882,3 +2386,62 @@
\fBpam\fR(8)
.SH "AUTHOR"
.PP
+diff -urN Linux-PAM-1.0.2-old/doc/man//pam_getenv.3 Linux-PAM-1.0.2/doc/man//pam_getenv.3
+--- Linux-PAM-1.0.2-old/doc/man//pam_getenv.3 2008-04-16 11:09:52.000000000 +0200
++++ Linux-PAM-1.0.2/doc/man//pam_getenv.3 2008-10-17 13:03:34.000000000 +0200
+@@ -1,11 +1,11 @@
+ .\" Title: pam_getenv
+ .\" Author:
+-.\" Generator: DocBook XSL Stylesheets v1.73.1
+-.\" Date: 04/16/2008
++.\" Generator: DocBook XSL Stylesheets v1.73.2
++.\" Date: 10/17/2008
+ .\" Manual: Linux-PAM Manual
+ .\" Source: Linux-PAM Manual
+ .\"
+-.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_GETENV" "3" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" disable hyphenation
+ .nh
+ .\" disable justification (adjust text to left margin only)
+@@ -27,8 +27,9 @@
+ \fBpam_getenv\fR
+ function searches the PAM environment list as associated with the handle
+ \fIpamh\fR
+-for a string that matches the string pointed to by
+-\fIname\fR\. The return values are of the form: "\fIname=value\fR"\.
++for an item that matches the string pointed to by
++\fIname\fR
++and returns the value of the environment variable\.
+ .SH "RETURN VALUES"
+ .PP
+ The
+diff -urN Linux-PAM-1.0.2-old/doc/man//pam_prompt.3 Linux-PAM-1.0.2/doc/man//pam_prompt.3
+--- Linux-PAM-1.0.2-old/doc/man//pam_prompt.3 2008-04-16 11:09:59.000000000 +0200
++++ Linux-PAM-1.0.2/doc/man//pam_prompt.3 2008-10-17 13:03:35.000000000 +0200
+@@ -1,11 +1,11 @@
+ .\" Title: pam_prompt
+ .\" Author:
+-.\" Generator: DocBook XSL Stylesheets v1.73.1
+-.\" Date: 04/16/2008
++.\" Generator: DocBook XSL Stylesheets v1.73.2
++.\" Date: 10/17/2008
+ .\" Manual: Linux-PAM Manual
+ .\" Source: Linux-PAM Manual
+ .\"
+-.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_PROMPT" "3" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" disable hyphenation
+ .nh
+ .\" disable justification (adjust text to left margin only)
+@@ -27,7 +27,9 @@
+ .PP
+ The
+ \fBpam_prompt\fR
+-function constructs a message from the specified format string and arguments and passes it to
++function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\. Upon successful return,
++\fIresponse\fR
++is set to point to a string returned from the conversation function\. This string is allocated on heap and should be freed\.
+ .SH "RETURN VALUES"
+ .PP
+ PAM_BUF_ERR
diff --git a/pam.changes b/pam.changes
index a0bc560..a432f7a 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de
+
+- Add pam_tally2
+- Regenerate Documentation
+
-------------------------------------------------------------------
Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de
diff --git a/pam.spec b/pam.spec
index b8d91f0..9c0bee6 100644
--- a/pam.spec
+++ b/pam.spec
@@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later
Group: System/Libraries
AutoReqProv: on
Version: 1.0.2
-Release: 9
+Release: 10
Summary: A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2
Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2
@@ -58,6 +58,8 @@ Patch7: pam_mail.diff
Patch8: pam_tally-fdleak.diff
Patch9: pam_pwhistory-0.1.diff
Patch10: pam_lastlog.diff
+Patch11: pam_tally2.diff
+Patch12: pam_cracklib-no-pwhistory.diff
%description
PAM (Pluggable Authentication Modules) is a system security tool that
@@ -111,6 +113,9 @@ building both PAM-aware applications and modules for use with PAM.
%patch9 -p0
chmod 755 modules/pam_pwhistory/tst-pam_pwhistory
%patch10 -p0
+%patch11 -p1
+chmod 755 modules/pam_tally2/tst-pam_tally2
+%patch12 -p0
%build
aclocal -I m4 --install --force
@@ -283,6 +288,7 @@ rm -rf $RPM_BUILD_ROOT
/%{_lib}/security/pam_stress.so
/%{_lib}/security/pam_succeed_if.so
/%{_lib}/security/pam_tally.so
+/%{_lib}/security/pam_tally2.so
/%{_lib}/security/pam_time.so
/%{_lib}/security/pam_tty_audit.so
/%{_lib}/security/pam_umask.so
@@ -296,6 +302,7 @@ rm -rf $RPM_BUILD_ROOT
/%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so
/sbin/pam_tally
+/sbin/pam_tally2
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
%attr(0700,root,root) /sbin/unix_update
@@ -317,6 +324,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libpam_misc.so
%changelog
+* Fri Oct 17 2008 kukuk@suse.de
+- Add pam_tally2
+- Regenerate Documentation
* Sat Oct 11 2008 kukuk@suse.de
- Enhance pam_lastlog with status output
- Add pam_pwhistory as tech preview
diff --git a/pam_cracklib-no-pwhistory.diff b/pam_cracklib-no-pwhistory.diff
new file mode 100644
index 0000000..174cef5
--- /dev/null
+++ b/pam_cracklib-no-pwhistory.diff
@@ -0,0 +1,88 @@
+--- modules/pam_cracklib/pam_cracklib.8.xml
++++ modules/pam_cracklib/pam_cracklib.8.xml 2008/10/17 10:25:35
+@@ -111,15 +111,6 @@
+
+
+
+-
+- Already used
+-
+-
+- Was the password used in the past? Previously used passwords
+- are to be found in /etc/security/opasswd.
+-
+-
+-
+
+
+ This module with no arguments will work well for standard unix
+--- modules/pam_cracklib/pam_cracklib.c
++++ modules/pam_cracklib/pam_cracklib.c 2008/10/17 10:26:56
+@@ -472,43 +472,6 @@
+ }
+
+
+-#define OLD_PASSWORDS_FILE "/etc/security/opasswd"
+-
+-static const char * check_old_password(const char *forwho, const char *newpass)
+-{
+- static char buf[16384];
+- char *s_luser, *s_uid, *s_npas, *s_pas;
+- const char *msg = NULL;
+- FILE *opwfile;
+-
+- opwfile = fopen(OLD_PASSWORDS_FILE, "r");
+- if (opwfile == NULL)
+- return NULL;
+-
+- while (fgets(buf, 16380, opwfile)) {
+- if (!strncmp(buf, forwho, strlen(forwho))) {
+- char *sptr;
+- buf[strlen(buf)-1] = '\0';
+- s_luser = strtok_r(buf, ":,", &sptr);
+- s_uid = strtok_r(NULL, ":,", &sptr);
+- s_npas = strtok_r(NULL, ":,", &sptr);
+- s_pas = strtok_r(NULL, ":,", &sptr);
+- while (s_pas != NULL) {
+- if (!strcmp(crypt(newpass, s_pas), s_pas)) {
+- msg = _("has been already used");
+- break;
+- }
+- s_pas = strtok_r(NULL, ":,", &sptr);
+- }
+- break;
+- }
+- }
+- fclose(opwfile);
+-
+- return msg;
+-}
+-
+-
+ static int _pam_unix_approve_pass(pam_handle_t *pamh,
+ unsigned int ctrl,
+ struct cracklib_options *opt,
+@@ -516,7 +479,6 @@
+ const char *pass_new)
+ {
+ const char *msg = NULL;
+- const void *user;
+ int retval;
+
+ if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
+@@ -532,15 +494,6 @@
+ * checking this would be the place
+ */
+ msg = password_check(opt, pass_old, pass_new);
+- if (!msg) {
+- retval = pam_get_item(pamh, PAM_USER, &user);
+- if (retval != PAM_SUCCESS || user == NULL) {
+- if (ctrl & PAM_DEBUG_ARG)
+- pam_syslog(pamh,LOG_ERR,"Can not get username");
+- return PAM_AUTHTOK_ERR;
+- }
+- msg = check_old_password(user, pass_new);
+- }
+
+ if (msg) {
+ if (ctrl & PAM_DEBUG_ARG)
diff --git a/pam_tally2.diff b/pam_tally2.diff
new file mode 100644
index 0000000..ef6a93c
--- /dev/null
+++ b/pam_tally2.diff
@@ -0,0 +1,1622 @@
+diff -up pam/configure.in.pt2 pam/configure.in
+--- pam/configure.in.pt2 2008-10-16 16:12:18.000000000 +0200
++++ pam/configure.in 2008-10-15 10:28:46.000000000 +0200
+@@ -548,6 +548,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
+ modules/pam_sepermit/Makefile \
+ modules/pam_shells/Makefile modules/pam_stress/Makefile \
+ modules/pam_succeed_if/Makefile modules/pam_tally/Makefile \
++ modules/pam_tally2/Makefile \
+ modules/pam_time/Makefile modules/pam_tty_audit/Makefile \
+ modules/pam_umask/Makefile \
+ modules/pam_unix/Makefile modules/pam_userdb/Makefile \
+diff -up pam/modules/Makefile.am.pt2 pam/modules/Makefile.am
+--- pam/modules/Makefile.am.pt2 2008-10-16 16:12:18.000000000 +0200
++++ pam/modules/Makefile.am 2008-10-15 10:28:13.000000000 +0200
+@@ -9,7 +9,7 @@ SUBDIRS = pam_access pam_cracklib pam_de
+ pam_mkhomedir pam_motd pam_namespace pam_nologin \
+ pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
+ pam_selinux pam_sepermit pam_shells pam_stress \
+- pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \
++ pam_succeed_if pam_tally pam_tally2 pam_time pam_tty_audit pam_umask \
+ pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+
+ CLEANFILES = *~
+diff -up pam/modules/pam_tally2/tallylog.h.pt2 pam/modules/pam_tally2/tallylog.h
+--- pam/modules/pam_tally2/tallylog.h.pt2 2008-10-15 12:14:21.000000000 +0200
++++ pam/modules/pam_tally2/tallylog.h 2008-02-27 17:08:50.000000000 +0100
+@@ -0,0 +1,52 @@
++/*
++ * Copyright 2006, Red Hat, Inc.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. Neither the name of Red Hat, Inc. nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++/*
++ * tallylog.h - login failure data file format
++ *
++ * The new login failure file is not compatible with the old faillog(8) format
++ * Each record in the file represents a separate UID and the file
++ * is indexed in that fashion.
++ */
++
++
++#ifndef _TALLYLOG_H
++#define _TALLYLOG_H
++
++#include
++
++struct tallylog {
++ char fail_line[52]; /* rhost or tty of last failure */
++ uint16_t reserved; /* reserved for future use */
++ uint16_t fail_cnt; /* failures since last success */
++ uint64_t fail_time; /* time of last failure */
++};
++/* 64 bytes / entry */
++
++#endif
+diff -up pam/modules/pam_tally2/pam_tally.c.pt2 pam/modules/pam_tally2/pam_tally.c
+--- pam/modules/pam_tally2/pam_tally.c.pt2 2008-10-15 12:14:21.000000000 +0200
++++ pam/modules/pam_tally2/pam_tally.c 2008-10-15 12:07:54.000000000 +0200
+@@ -0,0 +1,985 @@
++/*
++ * pam_tally.c
++ *
++ */
++
++
++/* By Tim Baverstock , Multi Media Machine Ltd.
++ * 5 March 1997
++ *
++ * Stuff stolen from pam_rootok and pam_listfile
++ *
++ * Changes by Tomas Mraz 5 January 2005, 26 January 2006
++ * Audit option added for Tomas patch by Sebastien Tricaud 13 January 2005
++ * Portions Copyright 2006, Red Hat, Inc.
++ * Portions Copyright 1989 - 1993, Julianne Frances Haugh
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#include "config.h"
++
++#if defined(MAIN) && defined(MEMORY_DEBUG)
++# undef exit
++#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */
++
++#include
++#include
++#include
++#include
++#include
++#include
++#include
++#include
++#include
++#include
++#ifdef HAVE_LIBAUDIT
++#include
++#endif
++
++#include
++#include
++#include
++#include "tallylog.h"
++
++#ifndef TRUE
++#define TRUE 1L
++#define FALSE 0L
++#endif
++
++#ifndef HAVE_FSEEKO
++#define fseeko fseek
++#endif
++
++/*
++ * here, we make a definition for the externally accessible function
++ * in this file (this definition is required for static a module
++ * but strongly encouraged generally) it is used to instruct the
++ * modules include file to define the function prototypes.
++ */
++
++#ifndef MAIN
++#define PAM_SM_AUTH
++#define PAM_SM_ACCOUNT
++/* #define PAM_SM_SESSION */
++/* #define PAM_SM_PASSWORD */
++
++#include
++#include
++#endif
++#include
++
++/*---------------------------------------------------------------------*/
++
++#define DEFAULT_LOGFILE "/var/log/tallylog"
++#define MODULE_NAME "pam_tally2"
++
++#define tally_t uint16_t
++#define TALLY_HI ((tally_t)~0L)
++
++struct tally_options {
++ const char *filename;
++ tally_t deny;
++ long lock_time;
++ long unlock_time;
++ long root_unlock_time;
++ unsigned int ctrl;
++};
++
++#define PHASE_UNKNOWN 0
++#define PHASE_AUTH 1
++#define PHASE_ACCOUNT 2
++#define PHASE_SESSION 3
++
++#define OPT_MAGIC_ROOT 01
++#define OPT_FAIL_ON_ERROR 02
++#define OPT_DENY_ROOT 04
++#define OPT_QUIET 040
++#define OPT_AUDIT 0100
++#define OPT_NOLOGNOTICE 0400
++
++
++/*---------------------------------------------------------------------*/
++
++/* some syslogging */
++
++#ifdef MAIN
++#define pam_syslog tally_log
++static void
++tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED,
++ const char *fmt, ...)
++{
++ va_list args;
++
++ va_start(args, fmt);
++ fprintf(stderr, "%s: ", MODULE_NAME);
++ vfprintf(stderr, fmt, args);
++ fprintf(stderr,"\n");
++ va_end(args);
++}
++
++#define pam_modutil_getpwnam(pamh, user) getpwnam(user)
++#endif
++
++/*---------------------------------------------------------------------*/
++
++/* --- Support function: parse arguments --- */
++
++#ifndef MAIN
++
++static void
++log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv)
++{
++ if ( phase != PHASE_AUTH ) {
++ pam_syslog(pamh, LOG_ERR,
++ "option %s allowed in auth phase only", argv);
++ }
++}
++
++static int
++tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
++ int phase, int argc, const char **argv)
++{
++ memset(opts, 0, sizeof(*opts));
++ opts->filename = DEFAULT_LOGFILE;
++ opts->ctrl = OPT_FAIL_ON_ERROR;
++ opts->root_unlock_time = -1;
++
++ for ( ; argc-- > 0; ++argv ) {
++
++ if ( ! strncmp( *argv, "file=", 5 ) ) {
++ const char *from = *argv + 5;
++ if ( *from!='/' ) {
++ pam_syslog(pamh, LOG_ERR,
++ "filename not /rooted; %s", *argv);
++ return PAM_AUTH_ERR;
++ }
++ opts->filename = from;
++ }
++ else if ( ! strcmp( *argv, "onerr=fail" ) ) {
++ opts->ctrl |= OPT_FAIL_ON_ERROR;
++ }
++ else if ( ! strcmp( *argv, "onerr=succeed" ) ) {
++ opts->ctrl &= ~OPT_FAIL_ON_ERROR;
++ }
++ else if ( ! strcmp( *argv, "magic_root" ) ) {
++ opts->ctrl |= OPT_MAGIC_ROOT;
++ }
++ else if ( ! strcmp( *argv, "even_deny_root_account" ) ||
++ ! strcmp( *argv, "even_deny_root" ) ) {
++ log_phase_no_auth(pamh, phase, *argv);
++ opts->ctrl |= OPT_DENY_ROOT;
++ }
++ else if ( ! strncmp( *argv, "deny=", 5 ) ) {
++ log_phase_no_auth(pamh, phase, *argv);
++ if ( sscanf((*argv)+5,"%hu",&opts->deny) != 1 ) {
++ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
++ return PAM_AUTH_ERR;
++ }
++ }
++ else if ( ! strncmp( *argv, "lock_time=", 10 ) ) {
++ log_phase_no_auth(pamh, phase, *argv);
++ if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) {
++ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
++ return PAM_AUTH_ERR;
++ }
++ }
++ else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) {
++ log_phase_no_auth(pamh, phase, *argv);
++ if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) {
++ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
++ return PAM_AUTH_ERR;
++ }
++ }
++ else if ( ! strncmp( *argv, "root_unlock_time=", 17 ) ) {
++ log_phase_no_auth(pamh, phase, *argv);
++ if ( sscanf((*argv)+17,"%ld",&opts->root_unlock_time) != 1 ) {
++ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
++ return PAM_AUTH_ERR;
++ }
++ opts->ctrl |= OPT_DENY_ROOT; /* even_deny_root implied */
++ }
++ else if ( ! strcmp( *argv, "quiet" ) ||
++ ! strcmp ( *argv, "silent")) {
++ opts->ctrl |= OPT_QUIET;
++ }
++ else if ( ! strcmp ( *argv, "no_log_info") ) {
++ opts->ctrl |= OPT_NOLOGNOTICE;
++ }
++ else if ( ! strcmp ( *argv, "audit") ) {
++ opts->ctrl |= OPT_AUDIT;
++ }
++ else {
++ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
++ }
++ }
++
++ if (opts->root_unlock_time == -1)
++ opts->root_unlock_time = opts->unlock_time;
++
++ return PAM_SUCCESS;
++}
++
++#endif /* #ifndef MAIN */
++
++/*---------------------------------------------------------------------*/
++
++/* --- Support function: get uid (and optionally username) from PAM or
++ cline_user --- */
++
++#ifdef MAIN
++static char *cline_user=0; /* cline_user is used in the administration prog */
++#endif
++
++static int
++pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts)
++{
++ const char *user = NULL;
++ struct passwd *pw;
++
++#ifdef MAIN
++ user = cline_user;
++#else
++ if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
++ user = NULL;
++ }
++#endif
++
++ if ( !user || !*user ) {
++ pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
++ return PAM_AUTH_ERR;
++ }
++
++ if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
++ opts->ctrl & OPT_AUDIT ?
++ pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
++ pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user");
++ return PAM_USER_UNKNOWN;
++ }
++
++ if ( uid ) *uid = pw->pw_uid;
++ if ( userp ) *userp = user;
++ return PAM_SUCCESS;
++}
++
++/*---------------------------------------------------------------------*/
++
++/* --- Support functions: set/get tally data --- */
++
++#ifndef MAIN
++
++static void
++_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED)
++{
++ free(data);
++}
++
++
++static void
++tally_set_data( pam_handle_t *pamh, time_t oldtime )
++{
++ time_t *data;
++
++ if ( (data=malloc(sizeof(time_t))) != NULL ) {
++ *data = oldtime;
++ pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup);
++ }
++}
++
++static int
++tally_get_data( pam_handle_t *pamh, time_t *oldtime )
++{
++ int rv;
++ const void *data;
++
++ rv = pam_get_data(pamh, MODULE_NAME, &data);
++ if ( rv == PAM_SUCCESS && data != NULL && oldtime != NULL ) {
++ *oldtime = *(const time_t *)data;
++ pam_set_data(pamh, MODULE_NAME, NULL, NULL);
++ }
++ else {
++ rv = -1;
++ *oldtime = 0;
++ }
++ return rv;
++}
++#endif /* #ifndef MAIN */
++
++/*---------------------------------------------------------------------*/
++
++/* --- Support function: open/create tallyfile and return tally for uid --- */
++
++/* If on entry tallyfile doesn't exist, creation is attempted. */
++
++static int
++get_tally(pam_handle_t *pamh, uid_t uid, const char *filename,
++ FILE **tfile, struct tallylog *tally)
++{
++ struct stat fileinfo;
++ int lstat_ret;
++
++ lstat_ret = lstat(filename, &fileinfo);
++ if (lstat_ret) {
++ int save_errno;
++ int oldmask = umask(077);
++ *tfile=fopen(filename, "a");
++ save_errno = errno;
++ /* Create file, or append-open in pathological case. */
++ umask(oldmask);
++ if ( !*tfile ) {
++#ifndef MAIN
++ if (save_errno == EPERM) {
++ return PAM_IGNORE; /* called with insufficient access rights */
++ }
++#endif
++ errno = save_errno;
++ pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename);
++ return PAM_AUTH_ERR;
++ }
++ lstat_ret = fstat(fileno(*tfile),&fileinfo);
++ fclose(*tfile);
++ *tfile = NULL;
++ }
++
++ if ( lstat_ret ) {
++ pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename);
++ return PAM_AUTH_ERR;
++ }
++
++ if ((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) {
++ /* If the file is world writable or is not a
++ normal file, return error */
++ pam_syslog(pamh, LOG_ALERT,
++ "%s is either world writable or not a normal file",
++ filename);
++ return PAM_AUTH_ERR;
++ }
++
++ if (!(*tfile = fopen(filename, "r+"))) {
++#ifndef MAIN
++ if (errno == EPERM) /* called with insufficient access rights */
++ return PAM_IGNORE;
++#endif
++ pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename);
++
++ return PAM_AUTH_ERR;
++ }
++
++ if (fseeko(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET)) {
++ pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename);
++ fclose(*tfile);
++ *tfile = NULL;
++ return PAM_AUTH_ERR;
++ }
++
++ if (fileinfo.st_size < (off_t)(uid+1)*(off_t)sizeof(*tally)) {
++ memset(tally, 0, sizeof(*tally));
++ } else if (fread(tally, sizeof(*tally), 1, *tfile) == 0) {
++ memset(tally, 0, sizeof(*tally));
++ /* Shouldn't happen */
++ }
++
++ tally->fail_line[sizeof(tally->fail_line)-1] = '\0';
++
++ return PAM_SUCCESS;
++}
++
++/*---------------------------------------------------------------------*/
++
++/* --- Support function: update and close tallyfile with tally!=TALLY_HI --- */
++
++static int
++set_tally(pam_handle_t *pamh, uid_t uid,
++ const char *filename, FILE **tfile, struct tallylog *tally)
++{
++ if (tally->fail_cnt != TALLY_HI) {
++ if (fseeko(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET)) {
++ pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename);
++ return PAM_AUTH_ERR;
++ }
++ if (fwrite(tally, sizeof(*tally), 1, *tfile) == 0) {
++ pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s: %m", filename);
++ return PAM_AUTH_ERR;
++ }
++ }
++
++ if (fclose(*tfile)) {
++ *tfile = NULL;
++ pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s: %m", filename);
++ return PAM_AUTH_ERR;
++ }
++ *tfile=NULL;
++ return PAM_SUCCESS;
++}
++
++/*---------------------------------------------------------------------*/
++
++/* --- PAM bits --- */
++
++#ifndef MAIN
++
++#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS))
++
++/*---------------------------------------------------------------------*/
++
++static int
++tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
++ const char *user, struct tally_options *opts,
++ struct tallylog *tally)
++{
++ int rv = PAM_SUCCESS;
++#ifdef HAVE_LIBAUDIT
++ char buf[64];
++ int audit_fd = -1;
++#endif
++
++ if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) {
++ return PAM_SUCCESS;
++ }
++ /* magic_root skips tally check */
++#ifdef HAVE_LIBAUDIT
++ audit_fd = audit_open();
++ /* If there is an error & audit support is in the kernel report error */
++ if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT))
++ return PAM_SYSTEM_ERR;
++#endif
++ if (opts->deny != 0 && /* deny==0 means no deny */
++ tally->fail_cnt > opts->deny && /* tally>deny means exceeded */
++ ((opts->ctrl & OPT_DENY_ROOT) || uid)) { /* even_deny stops uid check */
++#ifdef HAVE_LIBAUDIT
++ if (tally->fail_cnt == opts->deny+1) {
++ /* First say that max number was hit. */
++ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
++ audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
++ NULL, NULL, NULL, 1);
++ }
++#endif
++ if (uid) {
++ /* Unlock time check */
++ if (opts->unlock_time && oldtime) {
++ if (opts->unlock_time + oldtime <= time(NULL)) {
++ /* ignore deny check after unlock_time elapsed */
++#ifdef HAVE_LIBAUDIT
++ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
++ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
++ NULL, NULL, NULL, 1);
++#endif
++ rv = PAM_SUCCESS;
++ goto cleanup;
++ }
++ }
++ } else {
++ /* Root unlock time check */
++ if (opts->root_unlock_time && oldtime) {
++ if (opts->root_unlock_time + oldtime <= time(NULL)) {
++ /* ignore deny check after unlock_time elapsed */
++#ifdef HAVE_LIBAUDIT
++ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
++ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
++ NULL, NULL, NULL, 1);
++#endif
++ rv = PAM_SUCCESS;
++ goto cleanup;
++ }
++ }
++ }
++
++#ifdef HAVE_LIBAUDIT
++ if (tally->fail_cnt == opts->deny+1) {
++ /* First say that max number was hit. */
++ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
++ NULL, NULL, NULL, 1);
++ }
++#endif
++
++ if (!(opts->ctrl & OPT_QUIET)) {
++ pam_info(pamh, _("Account locked due to %hu failed logins"),
++ tally->fail_cnt);
++ }
++ if (!(opts->ctrl & OPT_NOLOGNOTICE)) {
++ pam_syslog(pamh, LOG_NOTICE,
++ "user %s (%lu) tally %hu, deny %hu",
++ user, (unsigned long)uid, tally->fail_cnt, opts->deny);
++ }
++ rv = PAM_AUTH_ERR; /* Only unconditional failure */
++ goto cleanup;
++ }
++
++ /* Lock time check */
++ if (opts->lock_time && oldtime) {
++ if (opts->lock_time + oldtime > time(NULL)) {
++ /* don't increase fail_cnt or update fail_time when
++ lock_time applies */
++ tally->fail_cnt = oldcnt;
++ tally->fail_time = oldtime;
++
++ if (!(opts->ctrl & OPT_QUIET)) {
++ pam_info(pamh, _("Account temporary locked (%ld seconds left)"),
++ oldtime+opts->lock_time-time(NULL));
++ }
++ if (!(opts->ctrl & OPT_NOLOGNOTICE)) {
++ pam_syslog(pamh, LOG_NOTICE,
++ "user %s (%lu) has time limit [%lds left]"
++ " since last failure.",
++ user, (unsigned long)uid,
++ oldtime+opts->lock_time-time(NULL));
++ }
++ rv = PAM_AUTH_ERR;
++ goto cleanup;
++ }
++ }
++
++cleanup:
++#ifdef HAVE_LIBAUDIT
++ if (audit_fd != -1) {
++ close(audit_fd);
++ }
++#endif
++ return rv;
++}
++
++/* --- tally bump function: bump tally for uid by (signed) inc --- */
++
++static int
++tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
++ uid_t uid, const char *user, struct tally_options *opts)
++{
++ struct tallylog tally;
++ tally_t oldcnt;
++ FILE *tfile = NULL;
++ const void *remote_host = NULL;
++ int i, rv;
++
++ tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */
++
++ i = get_tally(pamh, uid, opts->filename, &tfile, &tally);
++ if (i != PAM_SUCCESS) {
++ if (tfile)
++ fclose(tfile);
++ RETURN_ERROR(i);
++ }
++
++ /* to remember old fail time (for locktime) */
++ if (oldtime) {
++ *oldtime = (time_t)tally.fail_time;
++ }
++
++ tally.fail_time = time(NULL);
++
++ (void) pam_get_item(pamh, PAM_RHOST, &remote_host);
++ if (!remote_host) {
++ (void) pam_get_item(pamh, PAM_TTY, &remote_host);
++ if (!remote_host) {
++ remote_host = "unknown";
++ }
++ }
++
++ strncpy(tally.fail_line, remote_host,
++ sizeof(tally.fail_line)-1);
++ tally.fail_line[sizeof(tally.fail_line)-1] = 0;
++
++ oldcnt = tally.fail_cnt;
++
++ if (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) {
++ /* magic_root doesn't change tally */
++ tally.fail_cnt += inc;
++
++ if (tally.fail_cnt == TALLY_HI) { /* Overflow *and* underflow. :) */
++ tally.fail_cnt -= inc;
++ pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s",
++ (inc<0)?"under":"over",user);
++ }
++ }
++
++ rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally);
++
++ i = set_tally(pamh, uid, opts->filename, &tfile, &tally);
++ if (i != PAM_SUCCESS) {
++ if (tfile)
++ fclose(tfile);
++ if (rv == PAM_SUCCESS)
++ RETURN_ERROR( i );
++ /* fallthrough */
++ }
++
++ return rv;
++}
++
++static int
++tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts)
++{
++ struct tallylog tally;
++ FILE *tfile = NULL;
++ int i;
++
++ /* resets only if not magic root */
++
++ if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) {
++ return PAM_SUCCESS;
++ }
++
++ tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */
++
++ i=get_tally(pamh, uid, opts->filename, &tfile, &tally);
++ if (i != PAM_SUCCESS) {
++ if (tfile)
++ fclose(tfile);
++ RETURN_ERROR(i);
++ }
++
++ memset(&tally, 0, sizeof(tally));
++
++ i=set_tally(pamh, uid, opts->filename, &tfile, &tally);
++ if (i != PAM_SUCCESS) {
++ if (tfile)
++ fclose(tfile);
++ RETURN_ERROR(i);
++ }
++
++ return PAM_SUCCESS;
++}
++
++/*---------------------------------------------------------------------*/
++
++/* --- authentication management functions (only) --- */
++
++PAM_EXTERN int
++pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
++ int argc, const char **argv)
++{
++ int
++ rv;
++ time_t
++ oldtime = 0;
++ struct tally_options
++ options, *opts = &options;
++ uid_t
++ uid;
++ const char
++ *user;
++
++ rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
++ if (rv != PAM_SUCCESS)
++ RETURN_ERROR(rv);
++
++ if (flags & PAM_SILENT)
++ opts->ctrl |= OPT_QUIET;
++
++ rv = pam_get_uid(pamh, &uid, &user, opts);
++ if (rv != PAM_SUCCESS)
++ RETURN_ERROR(rv);
++
++ rv = tally_bump(1, &oldtime, pamh, uid, user, opts);
++
++ tally_set_data(pamh, oldtime);
++
++ return rv;
++}
++
++PAM_EXTERN int
++pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
++ int argc, const char **argv)
++{
++ int
++ rv;
++ time_t
++ oldtime = 0;
++ struct tally_options
++ options, *opts = &options;
++ uid_t
++ uid;
++ const char
++ *user;
++
++ rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
++ if ( rv != PAM_SUCCESS )
++ RETURN_ERROR( rv );
++
++ rv = pam_get_uid(pamh, &uid, &user, opts);
++ if ( rv != PAM_SUCCESS )
++ RETURN_ERROR( rv );
++
++ if ( tally_get_data(pamh, &oldtime) != 0 )
++ /* no data found */
++ return PAM_SUCCESS;
++
++ return tally_reset(pamh, uid, opts);
++}
++
++/*---------------------------------------------------------------------*/
++
++/* --- authentication management functions (only) --- */
++
++/* To reset failcount of user on successfull login */
++
++PAM_EXTERN int
++pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
++ int argc, const char **argv)
++{
++ int
++ rv;
++ time_t
++ oldtime = 0;
++ struct tally_options
++ options, *opts = &options;
++ uid_t
++ uid;
++ const char
++ *user;
++
++ rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv);
++ if ( rv != PAM_SUCCESS )
++ RETURN_ERROR( rv );
++
++ rv = pam_get_uid(pamh, &uid, &user, opts);
++ if ( rv != PAM_SUCCESS )
++ RETURN_ERROR( rv );
++
++ if ( tally_get_data(pamh, &oldtime) != 0 )
++ /* no data found */
++ return PAM_SUCCESS;
++
++ return tally_reset(pamh, uid, opts);
++}
++
++/*-----------------------------------------------------------------------*/
++
++#ifdef PAM_STATIC
++
++/* static module data */
++
++struct pam_module _pam_tally_modstruct = {
++ MODULE_NAME,
++#ifdef PAM_SM_AUTH
++ pam_sm_authenticate,
++ pam_sm_setcred,
++#else
++ NULL,
++ NULL,
++#endif
++#ifdef PAM_SM_ACCOUNT
++ pam_sm_acct_mgmt,
++#else
++ NULL,
++#endif
++ NULL,
++ NULL,
++ NULL,
++};
++
++#endif /* #ifdef PAM_STATIC */
++
++/*-----------------------------------------------------------------------*/
++
++#else /* #ifndef MAIN */
++
++static const char *cline_filename = DEFAULT_LOGFILE;
++static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */
++static int cline_quiet = 0;
++
++/*
++ * Not going to link with pamlib just for these.. :)
++ */
++
++static const char *
++pam_errors( int i )
++{
++ switch (i) {
++ case PAM_AUTH_ERR: return _("Authentication error");
++ case PAM_SERVICE_ERR: return _("Service error");
++ case PAM_USER_UNKNOWN: return _("Unknown user");
++ default: return _("Unknown error");
++ }
++}
++
++static int
++getopts( char **argv )
++{
++ const char *pname = *argv;
++ for ( ; *argv ; (void)(*argv && ++argv) ) {
++ if ( !strcmp (*argv,"--file") ) cline_filename=*++argv;
++ else if ( !strcmp(*argv,"-f") ) cline_filename=*++argv;
++ else if ( !strncmp(*argv,"--file=",7) ) cline_filename=*argv+7;
++ else if ( !strcmp (*argv,"--user") ) cline_user=*++argv;
++ else if ( !strcmp (*argv,"-u") ) cline_user=*++argv;
++ else if ( !strncmp(*argv,"--user=",7) ) cline_user=*argv+7;
++ else if ( !strcmp (*argv,"--reset") ) cline_reset=0;
++ else if ( !strcmp (*argv,"-r") ) cline_reset=0;
++ else if ( !strncmp(*argv,"--reset=",8)) {
++ if ( sscanf(*argv+8,"%hu",&cline_reset) != 1 )
++ fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0);
++ }
++ else if ( !strcmp (*argv,"--quiet") ) cline_quiet=1;
++ else {
++ fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv);
++ return FALSE;
++ }
++ }
++ return TRUE;
++}
++
++static void
++print_one(const struct tallylog *tally, uid_t uid)
++{
++ static int once;
++ char *cp;
++ time_t fail_time;
++ struct tm *tm;
++ struct passwd *pwent;
++ const char *username = "[NONAME]";
++ char ptime[80];
++
++ pwent = getpwuid(uid);
++ fail_time = tally->fail_time;
++ tm = localtime(&fail_time);
++ strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm);
++ cp = ptime;
++ if (pwent) {
++ username = pwent->pw_name;
++ }
++ if (!once) {
++ printf (_("Login Failures Latest failure From\n"));
++ once++;
++ }
++ printf ("%-15.15s %5hu ", username, tally->fail_cnt);
++ if (tally->fail_time) {
++ printf ("%-17.17s %s", cp, tally->fail_line);
++ }
++ putchar ('\n');
++}
++
++int
++main( int argc UNUSED, char **argv )
++{
++ struct tallylog tally;
++
++ if ( ! getopts( argv+1 ) ) {
++ printf(_("%s: [-f rooted-filename] [--file rooted-filename]\n"
++ " [-u username] [--user username]\n"
++ " [-r] [--reset[=n]] [--quiet]\n"),
++ *argv);
++ exit(2);
++ }
++
++ umask(077);
++
++ /*
++ * Major difference between individual user and all users:
++ * --user just handles one user, just like PAM.
++ * without --user it handles all users, sniffing cline_filename for nonzeros
++ */
++
++ if ( cline_user ) {
++ uid_t uid;
++ FILE *tfile=0;
++ struct tally_options opts;
++ int i;
++
++ memset(&opts, 0, sizeof(opts));
++ opts.ctrl = OPT_AUDIT;
++ i=pam_get_uid(NULL, &uid, NULL, &opts);
++ if ( i != PAM_SUCCESS ) {
++ fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
++ exit(1);
++ }
++
++ i=get_tally(NULL, uid, cline_filename, &tfile, &tally);
++ if ( i != PAM_SUCCESS ) {
++ if (tfile)
++ fclose(tfile);
++ fprintf(stderr, "%s: %s\n", *argv, pam_errors(i));
++ exit(1);
++ }
++
++ if ( !cline_quiet )
++ print_one(&tally, uid);
++
++ if (cline_reset != TALLY_HI) {
++#ifdef HAVE_LIBAUDIT
++ char buf[64];
++ int audit_fd = audit_open();
++ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset);
++ audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
++ buf, NULL, NULL, NULL, 1);
++ if (audit_fd >=0)
++ close(audit_fd);
++#endif
++ if (cline_reset == 0) {
++ memset(&tally, 0, sizeof(tally));
++ } else {
++ tally.fail_cnt = cline_reset;
++ }
++ i=set_tally(NULL, uid, cline_filename, &tfile, &tally);
++ if (i != PAM_SUCCESS) {
++ if (tfile) fclose(tfile);
++ fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
++ exit(1);
++ }
++ } else {
++ fclose(tfile);
++ }
++ }
++ else /* !cline_user (ie, operate on all users) */ {
++ FILE *tfile=fopen(cline_filename, "r");
++ uid_t uid=0;
++ if (!tfile && cline_reset != 0) {
++ perror(*argv);
++ exit(1);
++ }
++
++ for ( ; tfile && !feof(tfile); uid++ ) {
++ if ( !fread(&tally, sizeof(tally), 1, tfile)
++ || !tally.fail_cnt ) {
++ continue;
++ }
++ print_one(&tally, uid);
++ }
++ if (tfile)
++ fclose(tfile);
++ if ( cline_reset!=0 && cline_reset!=TALLY_HI ) {
++ fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv);
++ }
++ else if ( !cline_reset ) {
++#ifdef HAVE_LIBAUDIT
++ char buf[64];
++ int audit_fd = audit_open();
++ snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0");
++ audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
++ buf, NULL, NULL, NULL, 1);
++ if (audit_fd >=0)
++ close(audit_fd);
++#endif
++ tfile=fopen(cline_filename, "w");
++ if ( !tfile ) perror(*argv), exit(0);
++ fclose(tfile);
++ }
++ }
++ return 0;
++}
++
++
++#endif /* #ifndef MAIN */
+diff -up pam/modules/pam_tally2/README.xml.pt2 pam/modules/pam_tally2/README.xml
+--- pam/modules/pam_tally2/README.xml.pt2 2008-10-15 12:14:21.000000000 +0200
++++ pam/modules/pam_tally2/README.xml 2008-10-15 11:14:27.000000000 +0200
+@@ -0,0 +1,46 @@
++
++
++-->
++]>
++
++
++
++
++
++
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="pam_tally2.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tally2-name"]/*)'/>
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
+diff -up pam/modules/pam_tally2/tst-pam_tally2.pt2 pam/modules/pam_tally2/tst-pam_tally2
+--- pam/modules/pam_tally2/tst-pam_tally2.pt2 2008-10-15 12:14:21.000000000 +0200
++++ pam/modules/pam_tally2/tst-pam_tally2 2008-10-15 10:23:18.000000000 +0200
+@@ -0,0 +1,2 @@
++#!/bin/sh
++../../tests/tst-dlopen .libs/pam_tally2.so
+diff -up pam/modules/pam_tally2/pam_tally2.8.xml.pt2 pam/modules/pam_tally2/pam_tally2.8.xml
+--- pam/modules/pam_tally2/pam_tally2.8.xml.pt2 2008-10-15 12:14:21.000000000 +0200
++++ pam/modules/pam_tally2/pam_tally2.8.xml 2008-10-15 11:36:00.000000000 +0200
+@@ -0,0 +1,439 @@
++
++
++
++
++
++
++ pam_tally2
++ 8
++ Linux-PAM Manual
++
++
++
++ pam_tally2
++ The login counter (tallying) module
++
++
++
++
++ pam_tally2.so
++
++ file=/path/to/counter
++
++
++ onerr=[fail|succeed]
++
++
++ magic_root
++
++
++ even_deny_root
++
++
++ deny=n
++
++
++ lock_time=n
++
++
++ unlock_time=n
++
++
++ root_unlock_time=n
++
++
++ audit
++
++
++ silent
++
++
++ no_log_info
++
++
++
++ pam_tally2
++
++ --file /path/to/counter
++
++
++ --user username
++
++
++ --reset[=n]
++
++
++ --quiet
++
++
++
++
++
++
++ DESCRIPTION
++
++
++ This module maintains a count of attempted accesses, can
++ reset count on success, can deny access if too many attempts fail.
++
++
++ pam_tally2 comes in two parts:
++ pam_tally2.so and
++ pam_tally2. The former is the PAM module and
++ the latter, a stand-alone program. pam_tally2
++ is an (optional) application which can be used to interrogate and
++ manipulate the counter file. It can display users' counts, set
++ individual counts, or clear all counts. Setting artificially high
++ counts may be useful for blocking users without changing their
++ passwords. For example, one might find it useful to clear all counts
++ every midnight from a cron job.
++
++
++ Normally, failed attempts to access root will
++ not cause the root account to become
++ blocked, to prevent denial-of-service: if your users aren't given
++ shell accounts and root may only login via su or
++ at the machine console (not telnet/rsh, etc), this is safe.
++
++
++
++
++
++ OPTIONS
++
++
++
++ GLOBAL OPTIONS
++
++
++
++ This can be used for auth and
++ account module types.
++
++
++
++
++
++
++
++
++ If something weird happens (like unable to open the file),
++ return with PAM_SUCESS if
++
++ is given, else with the corresponding PAM error code.
++
++
++
++
++
++
++
++
++
++ File where to keep counts. Default is
++ /var/log/tallylog.
++
++
++
++
++
++
++
++
++
++ Will log the user name into the system log if the user is not found.
++
++
++
++
++
++
++
++
++
++ Don't print informative messages.
++
++
++
++
++
++
++
++
++
++ Don't log informative messages via syslog3.
++
++
++
++
++
++
++
++
++
++ AUTH OPTIONS
++
++
++
++ Authentication phase first increments attempted login counter and
++ checks if user should be denied access. If the user is authenticated
++ and the login process continues on call to
++ pam_setcred3
++ it resets the attempts counter.
++
++
++
++
++
++
++
++
++ Deny access if tally for this user exceeds
++ n.
++
++
++
++
++
++
++
++
++
++ Always deny for n seconds
++ after failed attempt.
++
++
++
++
++
++
++
++
++
++ Allow access after n seconds
++ after failed attempt. If this option is used the user will
++ be locked out for the specified amount of time after he
++ exceeded his maximum allowed attempts. Otherwise the
++ account is locked until the lock is removed by a manual
++ intervention of the system administrator.
++
++
++
++
++
++
++
++
++
++ If the module is invoked by a user with uid=0 the
++ counter is not incremented. The sys-admin should use this
++ for user launched services, like su,
++ otherwise this argument should be omitted.
++
++
++
++
++
++
++
++
++
++ Do not use the .fail_locktime field in
++ /var/log/faillog for this user.
++
++
++
++
++
++
++
++
++
++ Don't reset count on successful entry, only decrement.
++
++
++
++
++
++
++
++
++
++ Root account can become unavailable.
++
++
++
++
++
++
++
++
++
++ This option implies option.
++ Allow access after n seconds
++ to root acccount after failed attempt. If this option is used
++ the root user will be locked out for the specified amount of
++ time after he exceeded his maximum allowed attempts.
++
++
++
++
++
++
++
++
++
++
++ ACCOUNT OPTIONS
++
++
++
++ Account phase resets attempts counter if the user is
++ not magic root.
++ This phase can be used optionaly for services which don't call
++
++ pam_setcred3
++ correctly or if the reset should be done regardless
++ of the failure of the account phase of other modules.
++
++
++
++
++
++
++
++
++ If the module is invoked by a user with uid=0 the
++ counter is not changed. The sys-admin should use this
++ for user launched services, like su,
++ otherwise this argument should be omitted.
++
++
++
++
++
++
++
++
++
++
++ MODULE TYPES PROVIDED
++
++ The and
++ module types are provided.
++
++
++
++
++ RETURN VALUES
++
++
++ PAM_AUTH_ERR
++
++
++ A invalid option was given, the module was not able
++ to retrive the user name, no valid counter file
++ was found, or too many failed logins.
++
++
++
++
++ PAM_SUCCESS
++
++
++ Everything was successfull.
++
++
++
++
++ PAM_USER_UNKNOWN
++
++
++ User not known.
++
++
++
++
++
++
++
++ NOTES
++
++ pam_tally2 is not compatible with the old pam_tally faillog file format.
++ This is caused by requirement of compatibility of the tallylog file
++ format between 32bit and 64bit architectures on multiarch systems.
++
++
++ There is no setuid wrapper for access to the data file such as when the
++ pam_tally2.so module is called from
++ xscreensaver. As this would make it impossible to share PAM configuration
++ with such services the following workaround is used: If the data file
++ cannot be opened because of insufficient permissions
++ (EPERM) the module returns
++ PAM_IGNORE.
++
++
++
++
++ EXAMPLES
++
++ Add the following line to /etc/pam.d/login to
++ lock the account after 4 failed logins. Root account will be locked
++ as well. The accounts will be automatically unlocked after 20 minutes.
++ The module does not have to be called in the account phase because the
++ login calls
++ pam_setcred3
++ correctly.
++
++
++auth required pam_securetty.so
++auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200
++auth required pam_env.so
++auth required pam_unix.so
++auth required pam_nologin.so
++account required pam_unix.so
++password required pam_unix.so
++session required pam_limits.so
++session required pam_unix.so
++session required pam_lastlog.so nowtmp
++session optional pam_mail.so standard
++
++
++
++
++ FILES
++
++
++ /var/log/tallylog
++
++ failure count logging file
++
++
++
++
++
++
++ SEE ALSO
++
++
++ pam.conf5
++ ,
++
++ pam.d5
++ ,
++
++ pam8
++
++
++
++
++
++ AUTHOR
++
++ pam_tally was written by Tim Baverstock and Tomas Mraz.
++
++
++
++
++
+diff -up pam/modules/pam_tally2/Makefile.am.pt2 pam/modules/pam_tally2/Makefile.am
+--- pam/modules/pam_tally2/Makefile.am.pt2 2008-10-15 12:13:43.000000000 +0200
++++ pam/modules/pam_tally2/Makefile.am 2008-10-15 11:31:41.000000000 +0200
+@@ -0,0 +1,40 @@
++#
++# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk
++# Copyright (c) 2008 Red Hat, Inc.
++#
++
++CLEANFILES = *~
++
++EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_tally2
++
++man_MANS = pam_tally2.8
++XMLS = README.xml pam_tally2.8.xml
++
++TESTS = tst-pam_tally2
++
++securelibdir = $(SECUREDIR)
++secureconfdir = $(SCONFIGDIR)
++
++noinst_HEADERS = tallylog.h
++
++AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
++
++pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module
++pam_tally2_la_LIBADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
++if HAVE_VERSIONING
++ pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
++endif
++
++pam_tally2_LDADD = $(LIBAUDIT)
++
++securelib_LTLIBRARIES = pam_tally2.la
++sbin_PROGRAMS = pam_tally2
++
++pam_tally2_la_SOURCES = pam_tally.c
++pam_tally2_SOURCES = pam_tally_app.c
++
++if ENABLE_REGENERATE_MAN
++noinst_DATA = README
++README: pam_tally2.8.xml
++-include $(top_srcdir)/Make.xml.rules
++endif
+diff -up pam/modules/pam_tally2/pam_tally_app.c.pt2 pam/modules/pam_tally2/pam_tally_app.c
+--- pam/modules/pam_tally2/pam_tally_app.c.pt2 2008-10-15 12:14:21.000000000 +0200
++++ pam/modules/pam_tally2/pam_tally_app.c 2008-02-27 17:08:50.000000000 +0100
+@@ -0,0 +1,7 @@
++/*
++ # This seemed like such a good idea at the time. :)
++ */
++
++#define MAIN
++#include "pam_tally.c"
++