diff options
| author | Badlop <badlop@process-one.net> | 2008-07-24 18:21:40 +0000 |
|---|---|---|
| committer | Badlop <badlop@process-one.net> | 2008-07-24 18:21:40 +0000 |
| commit | 46e83cce55f45160bf6b3fb3270389cef17a9694 (patch) | |
| tree | 2e35a22de2f184b8b2f79a1903b2d54f3d797cbf | |
| parent | * src/mod_proxy65/mod_proxy65_lib.erl: Send protocol compliant (diff) | |
* doc/guide.tex: Include example PAM configuration file
ejabberd.pam (thanks to Evgeniy Khramtsov)(EJAB-704)
* doc/guide.html: Likewise
SVN Revision: 1489
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | doc/guide.html | 8 | ||||
| -rw-r--r-- | doc/guide.tex | 10 |
3 files changed, 18 insertions, 4 deletions
@@ -1,5 +1,9 @@ 2008-07-24 Badlop <badlop@process-one.net> + * doc/guide.tex: Include example PAM configuration file + ejabberd.pam (thanks to Evgeniy Khramtsov)(EJAB-704) + * doc/guide.html: Likewise + * src/mod_proxy65/mod_proxy65_lib.erl: Send protocol compliant SOCKS5 reply; this breaks support of uncompliant Psi<0.10 (thanks to Felix Geyer)(EJAB-632) diff --git a/doc/guide.html b/doc/guide.html index c67f1210..af65e7ea 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -976,8 +976,12 @@ version, you can <TT>kill(1)</TT> <TT>epam</TT> process periodically to reduce i consumption: <TT>ejabberd</TT> will restart this process immediately. </LI><LI CLASS="li-itemize"><TT>epam</TT> program tries to turn off delays on authentication failures. However, some PAM modules ignore this behavior and rely on their own configuration options. -The example configuration file <TT>ejabberd.pam</TT> shows how to turn off delays in -<TT>pam_unix.so</TT> module. It is not a ready to use configuration file: you must use it +You can create a configuration file <TT>ejabberd.pam</TT>. +This example shows how to turn off delays in <TT>pam_unix.so</TT> module: +<PRE CLASS="verbatim">#%PAM-1.0 +auth sufficient pam_unix.so likeauth nullok nodelay +account sufficient pam_unix.so +</PRE>That is not a ready to use configuration file: you must use it as a hint when building your own PAM configuration instead. Note that if you want to disable delays on authentication failures in the PAM configuration file, you have to restrict access to this file, so a malicious user can’t use your configuration to perform brute-force diff --git a/doc/guide.tex b/doc/guide.tex index 355a84a3..bf07f39e 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -1159,8 +1159,14 @@ version, you can \term{kill(1)} \term{epam} process periodically to reduce its m consumption: \ejabberd{} will restart this process immediately. \item \term{epam} program tries to turn off delays on authentication failures. However, some PAM modules ignore this behavior and rely on their own configuration options. -The example configuration file \term{ejabberd.pam} shows how to turn off delays in -\term{pam\_unix.so} module. It is not a ready to use configuration file: you must use it +You can create a configuration file \term{ejabberd.pam}. +This example shows how to turn off delays in \term{pam\_unix.so} module: +\begin{verbatim} +#%PAM-1.0 +auth sufficient pam_unix.so likeauth nullok nodelay +account sufficient pam_unix.so +\end{verbatim} +That is not a ready to use configuration file: you must use it as a hint when building your own PAM configuration instead. Note that if you want to disable delays on authentication failures in the PAM configuration file, you have to restrict access to this file, so a malicious user can't use your configuration to perform brute-force |