Changes in postlfs/security/linux-pam.xml [3f2db3a6:bf1e213]

File:

• postlfs/security/linux-pam.xml (modified) (24 diffs)

postlfs/security/linux-pam.xml

@@ -23 +23 @@
   <?dbhtml filename="linux-pam.html"?>
 
+  <sect1info>
+    <date>$Date$</date>
+  </sect1info>
 
   <title>Linux-PAM-&linux-pam-version;</title>
@@ -35 +38 @@
     <para>
       The <application>Linux PAM</application> package contains
-      Pluggable Authentication Modules used by the local
-      system administrator to control how application programs authenticate
+      Pluggable Authentication Modules used to enable the local
+      system administrator to choose how applications authenticate
       users.
     </para>
 
-    &lfs112_checked;
+    &lfs110a_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -104 +107 @@
       <xref linkend="libtirpc"/>,
       <ulink url="https://github.com/linux-audit/audit-userspace">libaudit</ulink>, and
-      <ulink url="https://www.prelude-siem.org">Prelude</ulink>
+      <ulink url="http://www.prelude-siem.org">Prelude</ulink>
     </para>
 
@@ -121 +124 @@
         <xref role="runtime" linkend="shadow"/>
         <phrase revision="systemd"> and <xref role="runtime" linkend="systemd"/>
-        must</phrase><phrase revision="sysv">must</phrase> be reinstalled
-        and reconfigured
+        need</phrase><phrase revision="sysv">needs</phrase> to be reinstalled
         after installing and configuring <application>Linux PAM</application>.
       </para>
@@ -128 +130 @@
       <para role="recommended">
          With Linux-PAM-1.4.0 and higher, the pam_cracklib module is not
-         installed by default. Use <xref role="runtime" linkend="libpwquality"/>
-         to enforce strong passwords.
+         installed by default. To enforce strong passwords, it is recommended
+         to use <xref role="runtime" linkend="libpwquality"/>.
       </para>
     </note>
@@ -142 +144 @@
 
     <para revision="sysv">
-      First, prevent the installation of an unneeded systemd file:
+      First prevent the installation of an unneeded systemd file:
     </para>
 
@@ -157 +159 @@
 
     <para>
-      If you want to regenerate the documentation yourself, fix the
-      <command>configure</command> script so it will detect lynx:
+      If you instead want to regenerate the documentation, fix the
+      <command>configure</command> script so that it detects lynx if installed:
     </para>
 
@@ -166 +168 @@
 
     <para>
-      Compile and link <application>Linux PAM</application> by
+      Install <application>Linux PAM</application> by
       running the following commands:
     </para>
@@ -184 +186 @@
 
     <caution>
-      <title>Reinstallation or Upgrade of Linux PAM</title>
+      <title>Reinstallation or upgrade of Linux PAM</title>
       <para>
         If you have a system with Linux PAM installed and working, be careful
@@ -191 +193 @@
         may become totally unusable. If you want to run the tests, you do not
         need to create another <filename>/etc/pam.d/other</filename> file. The
-        existing file can be used for the tests.
+        installed one can be used for that purpose.
       </para>
 
@@ -198 +200 @@
          overwrites the configuration files in
          <filename class="directory">/etc/security</filename> as well as
-         <filename>/etc/environment</filename>. If you
+         <filename>/etc/environment</filename>. In case you
          have modified those files, be sure to back them up.
       </para>
@@ -204 +206 @@
 
     <para>
-      For a first-time installation, create a configuration file by issuing the
+      For a first installation, create the configuration file by issuing the
       following commands as the <systemitem class="username">root</systemitem>
       user:
@@ -220 +222 @@
     <para>
       Now run the tests by issuing <command>make check</command>.
-      Be sure the tests produced no errors before continuing the
-      installation. Note that the tests are very long.
-      Redirect the output to a log file, so you can inspect it thoroughly.
-    </para>
-
-    <para>
-      For a first-time installation, remove the configuration file
+      Ensure there are no errors produced by the tests before continuing the
+      installation. Note that the checks are quite long.  It may be useful to
+      redirect the output to a log file in order to inspect it thoroughly.
+    </para>
+
+    <para>
+      Only in case of a first installation, remove the configuration file
       created earlier by issuing the following command as the
       <systemitem class="username">root</systemitem> user:
@@ -257 +259 @@
       linkend="libxslt"/>, and <xref linkend="lynx"/> or <ulink
       url="&w3m-url;">W3m</ulink>) are installed, the manual pages, and the
-      html and text documentation files, are generated and installed.
+      html and text documentations are (re)generated and installed.
       Furthermore, if <xref linkend="fop"/> is installed, the PDF
       documentation is generated and installed. Use this switch if you do not
@@ -265 +267 @@
     <para>
       <command>chmod -v 4755 /usr/sbin/unix_chkpwd</command>:
-      The setuid bit for the <command>unix_chkpwd</command> helper program must be 
-      turned on, so that non-<systemitem class="username">root</systemitem>
+      The <command>unix_chkpwd</command> helper program must be setuid
+      so that non-<systemitem class="username">root</systemitem>
       processes can access the shadow file.
     </para>
@@ -276 +278 @@
 
     <sect3 id="pam-config">
-      <title>Configuration Files</title>
+      <title>Config Files</title>
 
       <para>
@@ -299 +301 @@
         Configuration information is placed in
         <filename class="directory">/etc/pam.d/</filename>.
-        Here is a sample file:
+        Below is an example file:
       </para>
 
@@ -312 +314 @@
 
       <para>
-        Now create some generic configuration files.  As the
+        Now set up some generic files.  As the
         <systemitem class="username">root</systemitem> user:
       </para>
@@ -345 +347 @@
 # use sha512 hash for encryption, use shadow, and try to use any previously
 # defined authentication token (chosen password) set by any prior module
-# Use the same number of rounds as shadow.
-password  required    pam_unix.so       sha512 shadow try_first_pass \
-                                        rounds=500000
+password  required    pam_unix.so       sha512 shadow try_first_pass
 
 # End /etc/pam.d/system-password</literal>
@@ -356 +356 @@
        If you wish to enable strong password support, install
        <xref linkend="libpwquality"/>, and follow the
-       instructions on that page to configure the pam_pwquality
+       instructions in that page to configure the pam_pwquality
        PAM module with strong password support.
      </para>
 
 <!-- With the removal of the pam_cracklib module, we're supposed to be using
-     libpwquality. That already includes instructions in its configuration
+     libpwquality. That already includes instructions in it's configuration
      information page, so we'll use those instead.
 
@@ -367 +367 @@
      is built in, and the PAM module is built.
 -->
-<!-- WARNING: If for any reason the instructions below are reinstated be
-     careful with the number of rounds, which should match the one in shadow.
+<!--
       <para>
         The remaining generic file depends on whether <xref
@@ -418 +417 @@
 -->
       <para>
-        Next, add a restrictive <filename>/etc/pam.d/other</filename>
+        Now add a restrictive <filename>/etc/pam.d/other</filename>
         configuration file.  With this file, programs that are PAM aware will
         not run unless a configuration file specifically for that application
-        exists.
+        is created.
       </para>
 
@@ -441 +440 @@
       <para>
         The <application>PAM</application> man page (<command>man
-        pam</command>) provides a good starting point to learn
-        about the several fields, and allowable entries.
-        <!-- not accessible 2022-09-08 -->
-        <!-- it's available at a different address 2022-10-23-->
-        The
-        <ulink url="https://www.docs4dev.com/docs/en/linux-pam/1.1.2/reference/Linux-PAM_SAG.html">
+        pam</command>) provides a good starting point for descriptions
+        of fields and allowable entries. The
+        <ulink url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">
           Linux-PAM System Administrators' Guide
         </ulink> is recommended for additional information.
@@ -454 +450 @@
         <para>
           You should now reinstall the <xref linkend="shadow"/>
-          <phrase revision="sysv">package</phrase>
+          <phrase revision="sysv">package.</phrase>
           <phrase revision="systemd"> and <xref linkend="systemd"/>
-          packages</phrase>.
+          packages.</phrase>
         </para>
       </important>