Changeset 5fc45b2d

Timestamp:

10/23/2022 05:38:01 PM (18 months ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/llvm18, xry111/xf86-video-removal

Children:

aa3cf5b

Parents:

f9e1bc3 (diff), 7f70be6 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'trunk' of git.linuxfromscratch.org:blfs into trunk

File:

• postlfs/security/linux-pam.xml (modified) (19 diffs)

postlfs/security/linux-pam.xml

@@ -38 +38 @@
     <para>
       The <application>Linux PAM</application> package contains
-      Pluggable Authentication Modules used to enable the local
-      system administrator to choose how applications authenticate
+      Pluggable Authentication Modules used by the local
+      system administrator to control how application programs authenticate
       users.
     </para>
@@ -124 +124 @@
         <xref role="runtime" linkend="shadow"/>
         <phrase revision="systemd"> and <xref role="runtime" linkend="systemd"/>
-        need</phrase><phrase revision="sysv">needs</phrase> to be reinstalled
+        must</phrase><phrase revision="sysv">must</phrase> be reinstalled
+        and reconfigured
         after installing and configuring <application>Linux PAM</application>.
       </para>
@@ -130 +131 @@
       <para role="recommended">
          With Linux-PAM-1.4.0 and higher, the pam_cracklib module is not
-         installed by default. To enforce strong passwords, it is recommended
-         to use <xref role="runtime" linkend="libpwquality"/>.
+         installed by default. Use <xref role="runtime" linkend="libpwquality"/>
+         to enforce strong passwords.
       </para>
     </note>
@@ -144 +145 @@
 
     <para revision="sysv">
-      First prevent the installation of an unneeded systemd file:
+      First, prevent the installation of an unneeded systemd file:
     </para>
 
@@ -159 +160 @@
 
     <para>
-      If you instead want to regenerate the documentation, fix the
-      <command>configure</command> script so that it detects lynx if installed:
+      If you want to regenerate the documentation yourself, fix the
+      <command>configure</command> script so it will detect lynx:
     </para>
 
@@ -168 +169 @@
 
     <para>
-      Install <application>Linux PAM</application> by
+      Compile and link <application>Linux PAM</application> by
       running the following commands:
     </para>
@@ -186 +187 @@
 
     <caution>
-      <title>Reinstallation or upgrade of Linux PAM</title>
+      <title>Reinstallation or Upgrade of Linux PAM</title>
       <para>
         If you have a system with Linux PAM installed and working, be careful
@@ -193 +194 @@
         may become totally unusable. If you want to run the tests, you do not
         need to create another <filename>/etc/pam.d/other</filename> file. The
-        installed one can be used for that purpose.
+        existing file can be used for the tests.
       </para>
 
@@ -200 +201 @@
          overwrites the configuration files in
          <filename class="directory">/etc/security</filename> as well as
-         <filename>/etc/environment</filename>. In case you
+         <filename>/etc/environment</filename>. If you
          have modified those files, be sure to back them up.
       </para>
@@ -206 +207 @@
 
     <para>
-      For a first installation, create the configuration file by issuing the
+      For a first-time installation, create a configuration file by issuing the
       following commands as the <systemitem class="username">root</systemitem>
       user:
@@ -222 +223 @@
     <para>
       Now run the tests by issuing <command>make check</command>.
-      Ensure there are no errors produced by the tests before continuing the
-      installation. Note that the checks are quite long.  It may be useful to
-      redirect the output to a log file in order to inspect it thoroughly.
-    </para>
-
-    <para>
-      Only in case of a first installation, remove the configuration file
+      Be sure the tests produced no errors before continuing the
+      installation. Note that the tests are very long.
+      Redirect the output to a log file, so you can inspect it thoroughly.
+    </para>
+
+    <para>
+      For a first-time installation, remove the configuration file
       created earlier by issuing the following command as the
       <systemitem class="username">root</systemitem> user:
@@ -259 +260 @@
       linkend="libxslt"/>, and <xref linkend="lynx"/> or <ulink
       url="&w3m-url;">W3m</ulink>) are installed, the manual pages, and the
-      html and text documentations are (re)generated and installed.
+      html and text documentation files, are generated and installed.
       Furthermore, if <xref linkend="fop"/> is installed, the PDF
       documentation is generated and installed. Use this switch if you do not
@@ -267 +268 @@
     <para>
       <command>chmod -v 4755 /usr/sbin/unix_chkpwd</command>:
-      The <command>unix_chkpwd</command> helper program must be setuid
-      so that non-<systemitem class="username">root</systemitem>
+      The setuid bit for the <command>unix_chkpwd</command> helper program must be 
+      turned on, so that non-<systemitem class="username">root</systemitem>
       processes can access the shadow file.
     </para>
@@ -278 +279 @@
 
     <sect3 id="pam-config">
-      <title>Config Files</title>
+      <title>Configuration Files</title>
 
       <para>
@@ -301 +302 @@
         Configuration information is placed in
         <filename class="directory">/etc/pam.d/</filename>.
-        Below is an example file:
+        Here is a sample file:
       </para>
 
@@ -314 +315 @@
 
       <para>
-        Now set up some generic files.  As the
+        Now create some generic configuration files.  As the
         <systemitem class="username">root</systemitem> user:
       </para>
@@ -356 +357 @@
        If you wish to enable strong password support, install
        <xref linkend="libpwquality"/>, and follow the
-       instructions in that page to configure the pam_pwquality
+       instructions on that page to configure the pam_pwquality
        PAM module with strong password support.
      </para>
 
 <!-- With the removal of the pam_cracklib module, we're supposed to be using
-     libpwquality. That already includes instructions in it's configuration
+     libpwquality. That already includes instructions in its configuration
      information page, so we'll use those instead.
 
@@ -417 +418 @@
 -->
       <para>
-        Now add a restrictive <filename>/etc/pam.d/other</filename>
+        Next, add a restrictive <filename>/etc/pam.d/other</filename>
         configuration file.  With this file, programs that are PAM aware will
         not run unless a configuration file specifically for that application
-        is created.
+        exists.
       </para>
 
@@ -440 +441 @@
       <para>
         The <application>PAM</application> man page (<command>man
-        pam</command>) provides a good starting point for descriptions
-        of fields and allowable entries.
-        <!-- not accessible 2022-09-08
+        pam</command>) provides a good starting point to learn
+        about the several fields, and allowable entries.
+        <!-- not accessible 2022-09-08 -->
+        <!-- it's available at a different address 2022-10-23-->
         The
-        <ulink url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">
+        <ulink url="https://www.docs4dev.com/docs/en/linux-pam/1.1.2/reference/Linux-PAM_SAG.html">
           Linux-PAM System Administrators' Guide
-        </ulink> is recommended for additional information.-->
+        </ulink> is recommended for additional information.
       </para>