(Previously sent before I joined - oops! - so, this topic should be new, but if it is redundant, please excuse me.) Hi All, I'm a hardware engineer and a computer architect, but a Linux newbie. I have a development contribution, if only to the man pages. Background: I find some Linux man pages frustrating. I'm sure I'm not alone. Any logical process translated to English can introduce vagaries. But to just point people to .c and .h files puts a tremendous learning burden on them. I think I have a good way to portray PAM stacks. Please send me your opinions and corrections. (Note: I included this in a message to Nalin Dahyabhai - with some errors - regarding pam_stack.so, so if you're reading this, Mr. Dahyabhai, you're off the hook if you choose to be.-) The more I read the pam(5) man page the less I know for sure. So, being a hardware engineer, I prepared the following state table. prev.module-output this.module this.module-output stack-output ------------------- ------------------- ------------------- ------------------ 01: <prev.value>=bad <this.value>=bad <prev.value>=bad (to be determined) # could become <some.value>=die 02: <prev.value>=bad <this.value>=die <this.value>=die <this.value>=die 03: <prev.value>=bad <this.value>=done <prev.value>=bad (to be determined) # could become <some.value>=die 04: <prev.value>=bad <this.value>=ignore <prev.value>=bad (to be determined) # could become <some.value>=die 05: <prev.value>=bad <this.value>=ok <prev.value>=bad (to be determined) # could become <some.value>=die 06: <prev.value>=bad <this.value>=reset (indeterminate) (to be determined) # could become <some.value>=bad, =die, =done, =ignore, or =ok 07: <prev.value>=die (skipped) <prev.value>=die <prev.value>=die 08: <prev.value>=done (skipped) <prev.value>=done <prev.value>=done 09: <prev.value>=ignore <this.value>=bad <this.value>=bad (to be determined) # could become <some.value>=die 10: <prev.value>=ignore <this.value>=die <this.value>=die <this.value>=die 11: <prev.value>=ignore <this.value>=done <this.value>=done <this.value>=done 12: <prev.value>=ignore <this.value>=ignore <this.value>=ignore (to be determined) # could become <some.value>=bad, =die, =done, or =ok 13: <prev.value>=ignore <this.value>=ok <this.value>=ok (to be determined) # could become <some.value>=bad or =die (or =done?) 14: <prev.value>=ignore <this.value>=reset (indeterminate) (to be determined) # could become <some.value>=bad, =die, =done, =ignore, or =ok 15: <prev.value>=ok <this.value>=bad <this.value>=bad (to be determined) # could become <some.value>=die 16: <prev.value>=ok <this.value>=die <this.value>=die <this.value>=die 17: <prev.value>=ok <this.value>=done <this.value>=done <this.value>=done 18: <prev.value>=ok <this.value>=ignore <prev.value>=ok (to be determined) # could become <some.value>=bad or =die (or =done?) 19: <prev.value>=ok <this.value>=ok <this.value>=ok (to be determined) # could become <some.value>=bad or =die (or =done?) 20: <prev.value>=ok <this.value>=reset (indeterminate) (to be determined) # could become <some.value>=bad, =die, =done, =ignore, or =ok 21: <prev.value>=reset <this.value>=bad <this.value>=bad (to be determined) # could become <some.value>=die 22: <prev.value>=reset <this.value>=die <this.value>=die <this.value>=die 23: <prev.value>=reset <this.value>=done <this.value>=done <this.value>=done 24: <prev.value>=reset <this.value>=ignore <this.value>=ignore (to be determined) # could become <some.value>=bad, =die, =done, or =ok 25: <prev.value>=reset <this.value>=ok <this.value>=ok (to be determined) # could become <some.value>=bad or =die (or =done?) 26: <prev.value>=reset <this.value>=reset (indeterminate) (to be determined) # could become <some.value>=bad, =die, =done, =ignore, or =ok 27: (indeterminate) <this.value>=bad <this.value>=bad (to be determined) # could become <some.value>=die 28: (indeterminate) <this.value>=die <this.value>=die <this.value>=die 29: (indeterminate) <this.value>=done <this.value>=done <this.value>=done 30: (indeterminate) <this.value>=ignore <this.value>=ignore (to be determined) # could become <some.value>=bad, =die, =done, or =ok 31: (indeterminate) <this.value>=ok <this.value>=ok (to be determined) # could become <some.value>=bad or =die (or =done?) 32: (indeterminate) <this.value>=reset (indeterminate) (to be determined) # could become <some.value>=bad, =die, =done, =ignore, or =ok 33: (indeterminate) (stack exhausted) (indeterminate) Notes. In line 01, a subsequent "bad" does not trump a previous "bad". In line 02, "die" trumps "bad". Is this true? The man page is unclear. (Also affects "could become <some.value>=die" comments.) In lines 06, 14, 20, and 26-32, reset clears the stack, but is there some initial value? The man page says nothing. In line 17, "done" trumps "ok". Is this true? The man page is unclear. In line 18, a subsequent "ok" trumps a previous "ok". In line 33, if there is no PAM auth stack (or if it ends with "reset"), is no-one authorized or is everyone authorized? Thanks, and Ciao -- Mark Filipak, Mansfield, Ohio, U.S.A. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
