docs: Added All FreeBSD Manuals

1 files changed, 226 insertions, 0 deletions

diff --git a/static/freebsd/man5/pam.conf.5 b/static/freebsd/man5/pam.conf.5
new file mode 100644
index 00000000..9c2532e9
--- /dev/null
+++ b/static/freebsd/man5/pam.conf.5
@@ -0,0 +1,226 @@
+.\"-
+.\" Copyright (c) 2005-2025 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd May 31, 2025
+.Dt PAM.CONF 5
+.Os
+.Sh NAME
+.Nm pam.conf
+.Nd PAM policy file format
+.Sh DESCRIPTION
+The PAM library searches for policies in the following files, in
+decreasing order of preference:
+.Bl -enum
+.It
+.Pa /etc/pam.d/ Ns Ar service-name
+.It
+.Pa /etc/pam.conf
+.It
+.Pa /usr/local/etc/pam.d/ Ns Ar service-name
+.It
+.Pa /usr/local/etc/pam.conf
+.El
+.Pp
+If none of these locations contains a policy for the given service,
+the
+.Dq Dv other
+policy is used instead, if it exists.
+.Pp
+Entries in per-service policy files must be of one of the two forms
+below:
+.Bd -unfilled -offset indent
+.Oo "-" Oc Ns Ar facility control-flag module-path Op Ar arguments ...
+.Oo "-" Oc Ns Ar facility Cm include Ar other-service-name
+.Ed
+.Pp
+Entries in
+.Pa pam.conf Ns -style
+policy files are of the same form, but are prefixed by an additional
+field specifying the name of the service they apply to.
+.Pp
+In both cases, blank lines and comments introduced by a
+.Ql #
+sign are ignored, and the normal shell quoting rules apply.
+The precise details of how the file is tokenized are described in
+.Xr openpam_readword 3 .
+.Pp
+The
+.Ar facility
+field specifies the facility the entry applies to, and is one of:
+.Bl -tag -width 12n
+.It Cm auth
+Authentication functions
+.Po
+.Xr pam_authenticate 3 ,
+.Xr pam_setcred 3
+.Pc
+.It Cm account
+Account management functions
+.Pq Xr pam_acct_mgmt 3
+.It Cm session
+Session handling functions
+.Po
+.Xr pam_open_session 3 ,
+.Xr pam_close_session 3
+.Pc
+.It Cm password
+Password management functions
+.Pq Xr pam_chauthtok 3
+.El
+.Pp
+The
+.Ar facility
+field may optionally be preceded by a dash
+.Pq Ql - ,
+which indicates that failure to load the specified module (or policy
+if the
+.Ar control-flag is
+.Cm include )
+should not be considered a fatal error.
+This is intended for situations where it is desirable to share a
+single policy across multiple systems, but certain additional modules
+or policies may only be present on some of them.
+.Pp
+The
+.Ar control-flag
+field determines how the result returned by the module affects the
+flow of control through (and the final result of) the rest of the
+chain, and is one of:
+.Bl -tag -width 12n
+.It Cm required
+If this module succeeds, the result of the chain will be success
+unless a later module fails.
+If it fails, the rest of the chain still runs, but the final result
+will be failure regardless of the success of later modules.
+.It Cm requisite
+If this module succeeds, the result of the chain will be success
+unless a later module fails.
+If the module fails, the chain is broken and the result is failure.
+.It Cm sufficient
+If this module succeeds, the chain is broken and the result is
+success.
+If it fails, the rest of the chain still runs, but the final result
+will be failure unless a later module succeeds.
+.It Cm binding
+If this module succeeds, the chain is broken and the result is
+success.
+If it fails, the rest of the chain still runs, but the final result
+will be failure regardless of the success of later modules.
+.It Cm optional
+If this module succeeds, the result of the chain will be success
+unless a later module fails.
+If this module fails, the result of the chain will be failure unless a
+later module succeeds.
+.El
+.Pp
+There are two exceptions to the above:
+.Cm sufficient
+and
+.Cm binding
+modules are treated as
+.Cm optional
+by
+.Xr pam_setcred 3 ,
+and in the
+.Dv PAM_PRELIM_CHECK
+phase of
+.Xr pam_chauthtok 3 .
+.Pp
+The
+.Ar module-path
+field specifies the name or full path of the module to call.
+If only the name is specified, the PAM library will search for it in
+the following locations:
+.Bl -enum
+.It
+.Pa /usr/lib
+.It
+.Pa /usr/local/lib
+.El
+.Pp
+The remaining fields, if any, are passed unmodified to the module if
+and when it is invoked.
+.Pp
+The
+.Cm include
+form of entry causes entries from a different chain (specified by
+.Ar other-system-name )
+to be included in the current one.
+This allows one to define system-wide policies which are then included
+into service-specific policies.
+The system-wide policy can then be modified without having to also
+modify each and every service-specific policy.
+.Pp
+.Bf -symbolic
+Take care not to introduce loops when using
+.Cm include
+rules, as there is currently no loop detection in place.
+.Ef
+.Sh MODULE OPTIONS
+Some PAM library functions may alter their behavior when called by a
+service module if certain module options were specified, regardless of
+whether the module itself accords them any importance.
+One such option is
+.Cm debug ,
+which causes the dispatcher to enable debugging messages before
+calling each service function, and disable them afterwards (unless
+they were already enabled).
+Other special options include:
+.Bl -tag -width 12n
+.It Cm authtok_prompt Ns = Ns Ar prompt , Cm oldauthtok_prompt Ns = Ns Ar prompt , Cm user_prompt Ns = Ns Ar prompt
+These options can be used to override the prompts used by
+.Xr pam_get_authtok 3
+and
+.Xr pam_get_user 3 .
+.It Cm echo_pass
+This option controls whether
+.Xr pam_get_authtok 3
+will allow the user to see what they are typing.
+.It Cm try_first_pass , Cm use_first_pass
+These options control
+.Xr pam_get_authtok 3 Ns 's
+use of cached authentication tokens.
+.El
+.Sh SEE ALSO
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The OpenPAM library was developed for the
+.Fx
+Project by ThinkSec AS and Network Associates Laboratories, the
+Security Research Division of Network Associates, Inc.\& under
+DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
+.Pp
+The OpenPAM library is maintained by
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.dev .