Added man pages and updated License info and README file

20 files changed, 550 insertions, 7 deletions

diff --git a/Make.defs b/Make.defs
index 1edfcb0..035b97f 100644
--- a/Make.defs
+++ b/Make.defs
@@ -8,6 +8,6 @@ RM = rm -f
 MKDIR = mkdir -p
 INSTALL = install -c
 CFLAGS = -Wall -g -fPIC -I../../include -I/opt/local/include -O2 -D_XOPEN_SOURCE=500 -D_SVID_SOURCE # -fno-stack-protector
-LDFLAGS = -shared -L/opt/local/lib # -Wl,$(LINKEROPTS)
+LDFLAGS = -shared # -Wl,$(LINKEROPTS)
 LINKEROPTS = 
 LDLIBS = -lpam -lcrypt
diff --git a/README b/README
index 7163304..c0ef388 100644
--- a/README
+++ b/README
@@ -1 +1,29 @@
-info later
+This project was written in during April - August in 2008 
+as part of the Google Summer of Code under the Gentoo Organization.
+
+The aim of this project is to provide working PAM modules
+for Linux which will be built against OpenPAM and will be able 
+to work in a system without Linux-PAM. This will, hopefully, give
+people the ability to choose which PAM library to use, which has
+been one of the long term goals of the PAM team.
+
+In order to build the modules, you must already have a system
+with OpenPAM installed. The installation procedure for now is 
+quite simple :  
+
+>$ make && make install
+
+should take care of everything. Also, after installing these PAM 
+modules you should edit the files under /etc/pam.d/ to remove all 
+unwanted entries. Sample files exist in examples/pam.d/ for the most 
+common applications.
+ 
+After replacing Linux-PAM with OpenPAM, all applications that
+use PAM must be rebuild because while API compliant, Linux-PAM
+and OpenPAM are not ABI compiant which can result in an unusable
+system. One of these applications is the shadow package, which provides
+passwd, the interface which enables users to update their passwords.
+
+For any questions contact me at: 
+
+mellos <at> ceid <dot> upatras <dot> gr
diff --git a/TODO b/TODO
deleted file mode 100644
index 9471b80..0000000
--- a/TODO
+++ /dev/null
@@ -1,5 +0,0 @@
-1) pam_securetty has been written to use ttyent.h which reads entries for /etc/ttys file, while linux has ttys in /etc/securettys. Either an alternative to ttyent needs to be found or check the file manually. -- FIXED
-2) when calling passwd, pam_sm_chauthtok() returns Unknown Flags. For some reason, PAM_PRELIM_CHECK and PAM_UPDATE_AUTHTOK are not set when pam_sm_chauthtok is gets called -- FIXED
-3) login environment is not setup after successful login. no idea why -- FIXED
-4) recheck makesalt()/crypt() function to ensure it creates md5 hashes of user passwords
-
diff --git a/include/security/pam_mod_misc.h b/include/security/pam_mod_misc.h
index 2f944e7..3e278aa 100644
--- a/include/security/pam_mod_misc.h
+++ b/include/security/pam_mod_misc.h
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #ifndef PAM_MOD_MISC_H
 #define PAM_MOD_MISC_H
 
diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8
new file mode 100644
index 0000000..b125866
--- /dev/null
+++ b/modules/pam_deny/pam_deny.8
@@ -0,0 +1,37 @@
+.\" OpenPAM's pam_deny man page
+.\" Contact me ( mellos@ceid.upatras.gr ) for any corrections or omissions.
+
+.TH PAM_DENY 8 "September 2008" "OpenPAM modules" "OpenPAM modules"
+.SH NAME 
+pam_deny - The `Nobody is welcome` PAM module
+.SH SYNOPSIS
+.B pam_deny.so [\.\.\.]
+.SH DESCRIPTION
+pam_deny is a PAM module that always denies access and indicates a failure to
+the calling application through the PAM library. 
+.SH OPTIONS
+No options are supported for this module.
+.SH FILES
+To ensure that a service always denies access to users add the following lines to the 
+appropriate PAM configuration file:
+.IP 
+.RS
+.nf
+#For authenticating
+auth		required 	pam_deny.so
+
+#For accounting
+account 	required 	pam_deny.so
+
+#For password changing
+password 	required	pam_deny.so
+
+#For sessiong management
+session 	required	pam_deny.so
+.RE
+.SH AUTHOR
+Seraphim Mellos <mellos at ceid dot upatras dot gr>
+.SH "SEE ALSO"
+.BR pam (8),
+.BR pam.conf (8), 
+.BR pam.d (8)
diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c
index adccf10..1bb9d49 100644
--- a/modules/pam_deny/pam_deny.c
+++ b/modules/pam_deny/pam_deny.c
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #define PAM_SM_AUTH
 #define PAM_SM_ACCOUNT
 #define PAM_SM_SESSION
diff --git a/modules/pam_nologin/pam_nologin.8 b/modules/pam_nologin/pam_nologin.8
new file mode 100644
index 0000000..39c3e9b
--- /dev/null
+++ b/modules/pam_nologin/pam_nologin.8
@@ -0,0 +1,27 @@
+.\" OpenPAM's pam_nologin man page
+.\" Contact me ( mellos@ceid.upatras.gr ) for any corrections or omissions.
+
+.TH PAM_NOLOGIN 8 "September 2008" "OpenPAM modules" "OpenPAM modules"
+.SH NAME 
+pam_nologin - The `No Users Allowed` PAM module
+.SH SYNOPSIS
+.B pam_nologin.so [\.\.\.]
+.SH DESCRIPTION
+pam_nologin is a PAM module that denies all access to non-root users if the
+.I /etc/nologin 
+file is present while displaying the file's contents.
+.PP
+.SH OPTIONS
+No options are supported for this module.
+.SH FILES
+To make sure no non-root users can login in a system add the following line to 
+.I /etc/pam.d/login 
+:
+.IP
+auth 	required 	pam_nologin.so
+.SH AUTHOR
+Seraphim Mellos <mellos at ceid dot upatras dot gr>
+.SH "SEE ALSO"
+.BR pam (8),
+.BR pam.conf (8), 
+.BR pam.d (8)
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c
index a07fe46..7bed57a 100644
--- a/modules/pam_nologin/pam_nologin.c
+++ b/modules/pam_nologin/pam_nologin.c
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <stdio.h> 
diff --git a/modules/pam_permit/pam_permit.8 b/modules/pam_permit/pam_permit.8
new file mode 100644
index 0000000..bf02b73
--- /dev/null
+++ b/modules/pam_permit/pam_permit.8
@@ -0,0 +1,25 @@
+.\" OpenPAM's pam_permit man page
+.\" Contact me ( mellos@ceid.upatras.gr ) for any corrections or omissions.
+
+.TH PAM_PERMIT 8 "September 2008" "OpenPAM modules" "OpenPAM modules"
+.SH NAME 
+pam_permit - The `Everybody is welcome` PAM module
+.SH SYNOPSIS
+.B pam_permit.so [\.\.\.]
+.SH DESCRIPTION
+pam_permit is a PAM module that always permits access with no authentication/accounting needed. 
+.PP
+Since the module provides unauthenticated access, it should be used with caution.
+.SH OPTIONS
+No options are supported for this module.
+.SH FILES
+To allow unauthenticated access to users add this to the PAM configuration file
+.IP 
+account 	required 	pam_permit.so
+.SH AUTHOR
+Seraphim Mellos <mellos at ceid dot upatras dot gr>
+.SH "SEE ALSO"
+.BR pam (8),
+.BR pam.conf (8), 
+.BR pam.d (8), 
+
diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c
index 7df9887..5c23bff 100644
--- a/modules/pam_permit/pam_permit.c
+++ b/modules/pam_permit/pam_permit.c
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #define	PAM_SM_AUTH
 #define	PAM_SM_ACCOUNT
 #define	PAM_SM_SESSION
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8
new file mode 100644
index 0000000..14f0cd6
--- /dev/null
+++ b/modules/pam_rootok/pam_rootok.8
@@ -0,0 +1,31 @@
+.\" OpenPAM's pam_rootok man page
+.\" Contact me ( mellos@ceid.upatras.gr ) for any corrections or omissions.
+
+.TH PAM_ROOTOK 8 "September 2008" "OpenPAM modules" "OpenPAM modules"
+.SH NAME 
+pam_rootok - The root-only access PAM module
+.SH SYNOPSIS
+.B pam_rootok.so [\.\.\.]
+.SH DESCRIPTION
+pam_rootok is a PAM module which returns success only if the real UID of 
+the authenticating user is 0.
+.SH OPTIONS
+No options are supported for this module.
+.SH FILES
+It's common to permit the superuser to be able to su to all users account. 
+To allow this, add the following line in 
+.I /etc/pam.d/su
+:
+.IP
+.nf
+auth	sufficient	pam_rootok.so
+auth	required  	pam_unix.so
+.fi
+.SH AUTHOR
+Seraphim Mellos <mellos at ceid dot upatras dot gr>
+.SH "SEE ALSO"
+.BR su (1),
+.BR pam (8),
+.BR pam.conf (8), 
+.BR pam.d (8) 
+
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
index d103282..d9de3ce 100644
--- a/modules/pam_rootok/pam_rootok.c
+++ b/modules/pam_rootok/pam_rootok.c
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #include <sys/cdefs.h>
 #include <unistd.h>
 #include <syslog.h>
diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8
new file mode 100644
index 0000000..2c329e1
--- /dev/null
+++ b/modules/pam_securetty/pam_securetty.8
@@ -0,0 +1,37 @@
+.\" OpenPAM's pam_securetty man page
+.\" Contact me ( mellos@ceid.upatras.gr ) for any corrections or omissions.
+
+.TH PAM_SECURETTY 8 "September 2008" "OpenPAM modules" "OpenPAM modules"
+.SH NAME 
+pam_securetty - PAM module which can limit root logins only from specific devices
+.SH SYNOPSIS
+.B pam_securetty.so [\.\.\.]
+.SH DESCRIPTION
+pam_securetty is a PAM module which limits root logins only from specific devices, 
+which are listed in 
+.I /etc/securetty.
+.PP
+The module checks the afformentioned file to ensure that it's a regular file and 
+also that it's not world writable. If either of the above is true, the module returns 
+PAM_AUTH_ERR, which means that the 
+.I /etc/securetty 
+file cannot be trusted (or either that the current TTY is not listed in the securetty
+file).
+.SH OPTIONS
+No options are supported for this module.
+.SH FILES
+To allow root logins only from the devices listed in 
+.I /etc/securetty 
+add the following line to the appropriate configuration files
+.nf
+.IP 
+auth	required	pam_securetty.so
+auth	required	pam_unix.so
+.SH AUTHOR
+Seraphim Mellos <mellos at ceid dot upatras dot gr>
+.SH "SEE ALSO"
+.BR securetty(5),
+.BR pam (8),
+.BR pam.conf (8), 
+.BR pam.d (8)
+
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index 424e8dd..1383a3a 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <stdio.h>
diff --git a/modules/pam_shells/pam_shells.8 b/modules/pam_shells/pam_shells.8
new file mode 100644
index 0000000..44cbedb
--- /dev/null
+++ b/modules/pam_shells/pam_shells.8
@@ -0,0 +1,35 @@
+.\" OpenPAM's pam_shells man page
+.\" Contact me ( mellos@ceid.upatras.gr ) for any corrections or omissions.
+
+.TH PAM_SHELLS 8 "September 2008" "OpenPAM modules" "OpenPAM modules"
+.SH NAME 
+pam_shells - PAM module to check for a valid login shell
+.SH SYNOPSIS
+.B pam_shells.so [\.\.\.]
+.SH DESCRIPTION
+pam_shells is a PAM module which examines each user's login shell and only allows access
+if that shell is listed in 
+.I /etc/shells.
+.PP
+The module also checks the 
+.I /etc/shells 
+file to ensure that it's a regular file and 
+also that it's not world writable. If either of the above is true, the module returns 
+PAM_AUTH_ERR, which means that the 
+.I /etc/shells  
+file cannot be trusted (or either that the login shell of the user is not listed in the file).
+.SH OPTIONS
+No options are supported for this module.
+.SH FILES
+To enable the login shell check, add the following line to the appropriate
+configuration file: 
+.IP 
+auth	required	pam_shells.so
+.SH AUTHOR
+Seraphim Mellos <mellos at ceid dot upatras dot gr>
+.SH "SEE ALSO"
+.BR shells(5),
+.BR pam (8),
+.BR pam.conf (8), 
+.BR pam.d (8)
+
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index cce6824..9724f08 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <stdio.h>
diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
new file mode 100644
index 0000000..67f5b98
--- /dev/null
+++ b/modules/pam_unix/pam_unix.8
@@ -0,0 +1,73 @@
+.\" OpenPAM's pam_unix man page
+.\" Contact me ( mellos@ceid.upatras.gr ) for any corrections or omissions.
+
+.TH PAM_UNIX 8 "September 2008" "OpenPAM modules" "OpenPAM modules"
+.SH NAME 
+pam_unix - Standard authentication and accounting PAM module
+.SH SYNOPSIS
+.B pam_unix.so [\.\.\.]
+.SH DESCRIPTION
+pam_unix is the standard authentication module for PAM and it provides 
+authentication, accounting, password management as well as session management functions. 
+.PP
+The authentication routine verifies the identity of user by examining 
+the relevant 
+.BR passwd (1) 
+or 
+.BR shadow (3)
+entry. It does so by prompting the user for his password and then ensures
+that it's correct using
+.BR crypt (3).
+.PP
+The account management routine performs a series of tests to verify whether
+the authenticated user is allowed access to the local user account by checking 
+the following 
+.BR shadow (3)
+elements: expire, last_change, max_change, min_change, warn_change. If the
+*_change elements are set the user will be informed in case the account is 
+about to expire and if it has expired already, access will be denied 
+for that user.
+.PP
+The password management routine is responsible for updating a user's password 
+entry in 
+.BI /etc/passwd 
+and in 
+.BI /etc/shadow 
+(the latter only in case the shadow flag is set).
+.SH OPTIONS
+.PP 
+.IP \fBdebug\fR
+Produce syslog debug messages (this is silently ignored as it's the default behaviour).
+.IP \fBmd5\fR
+Use md5 hashes for user passwords instead of the default DES
+.IP \fBnullok\fR
+Allow null passwords.
+.IP \fBsha512\fR
+Use sha512 hashes for user passwords instead of the default DES (not yet supported).
+.SH FILES
+.I /etc/pam.d/login
+.RS 
+ The PAM configuration file for the login utility.
+.RE
+.PP
+.I /etc/pam.d/passwd
+.RS
+The PAM configuration file for the passwd utility.
+.RE
+.PP
+.I /etc/pam.d/su
+.RS
+The PAM configuration file for the su utility
+.RE
+.PP
+Similar files exist for all applications who make use of the PAM modules and all of
+them reside in 
+.I /etc/pam.d/
+.SH AUTHOR
+Seraphim Mellos <mellos at ceid dot upatras dot gr>
+.SH "SEE ALSO"
+.BR passwd (1),
+.BR login (5),
+.BR su (1),
+.BR pam (8),
+.BR pam.conf (8)
diff --git a/modules/pam_unix/pam_unix.c b/modules/pam_unix/pam_unix.c
index fd5d06d..423b6d4 100644
--- a/modules/pam_unix/pam_unix.c
+++ b/modules/pam_unix/pam_unix.c
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #include <pwd.h> 
 #include <netdb.h>
 #include <sys/types.h>
diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8
new file mode 100644
index 0000000..20c542e
--- /dev/null
+++ b/modules/pam_wheel/pam_wheel.8
@@ -0,0 +1,30 @@
+.\" OpenPAM's pam_wheel man page
+.\" Contact me ( mellos@ceid.upatras.gr ) for any corrections or omissions.
+
+.TH PAM_WHEEL 8 "September 2008" "OpenPAM modules" "OpenPAM modules"
+.SH NAME 
+pam_wheel - PAM module to limit root access to wheel group members
+.SH SYNOPSIS
+.B pam_wheel.so [\.\.\.]
+.SH DESCRIPTION
+pam_wheel is a PAM module which allows root access only to members of the 
+group wheel. If a group named wheel does not exist, then the group with GID = 0
+is used.
+.SH OPTIONS
+No options are supported for this module.
+.SH FILES
+To allow only wheel members to su to root, add the following lines in 
+./I /etc/pam.d/su 
+:
+.IP 
+.nf
+auth	required	pam_wheel.so
+auth	required	pam_unix.so
+.SH AUTHOR
+Seraphim Mellos <mellos at ceid dot upatras dot gr>
+.SH "SEE ALSO"
+.BR su(1),
+.BR pam (8),
+.BR pam.conf (8), 
+.BR pam.d (8)
+
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
index e39d106..6e3568d 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -1,3 +1,28 @@
+/*
+ * Copyright (c) 2008 Seraphim Mellos <mellos@ceid.upatras.gr>
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */ 
+
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <stdio.h>