25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-02 16:37:52 +01:00

* doc/guide.tex: Include example PAM configuration file

ejabberd.pam (thanks to Evgeniy Khramtsov)(EJAB-704)
* doc/guide.html: Likewise

SVN Revision: 1489
This commit is contained in:
Badlop 2008-07-24 18:21:40 +00:00
parent 2d5fdbab64
commit d9f3c87899
3 changed files with 18 additions and 4 deletions

View File

@ -1,5 +1,9 @@
2008-07-24 Badlop <badlop@process-one.net> 2008-07-24 Badlop <badlop@process-one.net>
* doc/guide.tex: Include example PAM configuration file
ejabberd.pam (thanks to Evgeniy Khramtsov)(EJAB-704)
* doc/guide.html: Likewise
* src/mod_proxy65/mod_proxy65_lib.erl: Send protocol compliant * src/mod_proxy65/mod_proxy65_lib.erl: Send protocol compliant
SOCKS5 reply; this breaks support of uncompliant Psi<0.10 (thanks SOCKS5 reply; this breaks support of uncompliant Psi<0.10 (thanks
to Felix Geyer)(EJAB-632) to Felix Geyer)(EJAB-632)

View File

@ -959,8 +959,12 @@ version, you can <TT>kill(1)</TT> <TT>epam</TT> process periodically to reduce i
consumption: <TT>ejabberd</TT> will restart this process immediately. consumption: <TT>ejabberd</TT> will restart this process immediately.
</LI><LI CLASS="li-itemize"><TT>epam</TT> program tries to turn off delays on authentication failures. </LI><LI CLASS="li-itemize"><TT>epam</TT> program tries to turn off delays on authentication failures.
However, some PAM modules ignore this behavior and rely on their own configuration options. However, some PAM modules ignore this behavior and rely on their own configuration options.
The example configuration file <TT>ejabberd.pam</TT> shows how to turn off delays in You can create a configuration file <TT>ejabberd.pam</TT>.
<TT>pam_unix.so</TT> module. It is not a ready to use configuration file: you must use it This example shows how to turn off delays in <TT>pam_unix.so</TT> module:
<PRE CLASS="verbatim">#%PAM-1.0
auth sufficient pam_unix.so likeauth nullok nodelay
account sufficient pam_unix.so
</PRE>That is not a ready to use configuration file: you must use it
as a hint when building your own PAM configuration instead. Note that if you want to disable as a hint when building your own PAM configuration instead. Note that if you want to disable
delays on authentication failures in the PAM configuration file, you have to restrict access delays on authentication failures in the PAM configuration file, you have to restrict access
to this file, so a malicious user can&#X2019;t use your configuration to perform brute-force to this file, so a malicious user can&#X2019;t use your configuration to perform brute-force

View File

@ -1140,8 +1140,14 @@ version, you can \term{kill(1)} \term{epam} process periodically to reduce its m
consumption: \ejabberd{} will restart this process immediately. consumption: \ejabberd{} will restart this process immediately.
\item \term{epam} program tries to turn off delays on authentication failures. \item \term{epam} program tries to turn off delays on authentication failures.
However, some PAM modules ignore this behavior and rely on their own configuration options. However, some PAM modules ignore this behavior and rely on their own configuration options.
The example configuration file \term{ejabberd.pam} shows how to turn off delays in You can create a configuration file \term{ejabberd.pam}.
\term{pam\_unix.so} module. It is not a ready to use configuration file: you must use it This example shows how to turn off delays in \term{pam\_unix.so} module:
\begin{verbatim}
#%PAM-1.0
auth sufficient pam_unix.so likeauth nullok nodelay
account sufficient pam_unix.so
\end{verbatim}
That is not a ready to use configuration file: you must use it
as a hint when building your own PAM configuration instead. Note that if you want to disable as a hint when building your own PAM configuration instead. Note that if you want to disable
delays on authentication failures in the PAM configuration file, you have to restrict access delays on authentication failures in the PAM configuration file, you have to restrict access
to this file, so a malicious user can't use your configuration to perform brute-force to this file, so a malicious user can't use your configuration to perform brute-force