* man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml,

man/pwconv.8.xml, man/useradd.8.xml, man/userdel.8.xml,
	man/usermod.8.xml, man/vipw.8.xml: Document the usage of the
	TCB_AUTH_GROUP, TCB_SYMLINKS, and USE_TCB configuration
	parameters.
	* man/pwconv.8.xml, man/pwck.8.xml: Document the behavior when
	USE_TCB is enabled.

ChangeLog

@@ -1,3 +1,13 @@
+2010-03-15  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml,
+	man/pwconv.8.xml, man/useradd.8.xml, man/userdel.8.xml,
+	man/usermod.8.xml, man/vipw.8.xml: Document the usage of the
+	TCB_AUTH_GROUP, TCB_SYMLINKS, and USE_TCB configuration
+	parameters.
+	* man/pwconv.8.xml, man/pwck.8.xml: Document the behavior when
+	USE_TCB is enabled.
+
 2010-03-15  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* po/POTFILES.in, lib/tcbfuncs.c: Add more strings for

man/chage.1.xml

@@ -28,6 +28,10 @@
    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 -->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY USE_TCB               SYSTEM "login.defs.d/USE_TCB.xml">
+]>
 <refentry id='chage.1'>
   <!--  $Id$  -->
   <refmeta>
@@ -202,6 +206,18 @@
     </para>
   </refsect1>
 
+  <refsect1 id='configuration'>
+    <title>CONFIGURATION</title>
+    <para>
+      The following configuration variables in
+      <filename>/etc/login.defs</filename> change the behavior of this
+      tool:
+    </para>
+    <variablelist>
+      &USE_TCB;
+    </variablelist>
+  </refsect1>
+
   <refsect1 id='files'>
     <title>FILES</title>
     <variablelist>

man/login.defs.5.xml

@@ -219,7 +219,12 @@
     </para>
     <!-- .na -->
     <variablelist remap='IP'>
-      <!-- chage: no variables -->
+      <varlistentry condition="tcb">
+	<term>chage</term>
+	<listitem>
+	  <para>USE_TCB</para>
+	</listitem>
+      </varlistentry>
       <varlistentry>
 	<term>chfn</term>
 	<listitem>
@@ -387,7 +392,7 @@
 	<listitem>
 	  <para>
 	    PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
-	    <phrase condition="tcb">USE_TCB</phrase>
+	    <phrase condition="tcb">TCB_AUTH_GROUP TCB_SYMLINKS USE_TCB</phrase>
 	  </para>
 	</listitem>
       </varlistentry>
@@ -454,7 +459,7 @@
 	  <para>
 	    MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD
 	    USERGROUPS_ENAB
-	    <phrase condition="tcb">USE_TCB</phrase>
+	    <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
 	  </para>
 	</listitem>
       </varlistentry>
@@ -463,7 +468,7 @@
 	<listitem>
 	  <para>
 	    MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
-	    <phrase condition="tcb">USE_TCB</phrase>
+	    <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
 	  </para>
 	</listitem>
       </varlistentry>

man/pwck.8.xml

@@ -33,6 +33,9 @@
 <!ENTITY PASS_MAX_DAYS         SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
 <!ENTITY PASS_MIN_DAYS         SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
 <!ENTITY PASS_WARN_AGE         SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+<!ENTITY TCB_AUTH_GROUP        SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+<!ENTITY TCB_SYMLINKS          SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB               SYSTEM "login.defs.d/USE_TCB.xml">
 ]>
 <refentry id='pwck.8'>
   <!-- $Id$ -->
@@ -196,6 +199,9 @@
 	    Sort entries in <filename>/etc/passwd</filename> and
 	    <filename>/etc/shadow</filename> by UID.
 	  </para>
+	  <para condition="tcb">
+	    This option has no effect when TCB is enabled.
+	  </para>
 	</listitem>
       </varlistentry>
     </variablelist>
@@ -220,6 +226,9 @@
       &PASS_MAX_DAYS;
       &PASS_MIN_DAYS;
       &PASS_WARN_AGE;
+      &TCB_AUTH_GROUP;
+      &TCB_SYMLINKS;
+      &USE_TCB;
     </variablelist>
   </refsect1>
 

man/pwconv.8.xml

@@ -35,6 +35,7 @@
 <!ENTITY PASS_MAX_DAYS         SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
 <!ENTITY PASS_MIN_DAYS         SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
 <!ENTITY PASS_WARN_AGE         SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+<!ENTITY USE_TCB               SYSTEM "login.defs.d/USE_TCB.xml">
 ]>
 <refentry id='pwconv.8'>
   <!-- $Id$ -->
@@ -73,6 +74,15 @@
       remap='I'>shadow</emphasis> from <emphasis remap='I'>passwd</emphasis>
       and an optionally existing <emphasis remap='I'>shadow</emphasis>.
     </para>
+    <para condition="tcb">
+      <command>pwconv</command> does not work with
+      <option>USE_TCB</option> enabled. To convert to tcb passwords, you
+      should first use <command>pwconv</command> to convert to shadowed
+      passwords by disabling <option>USE_TCB</option> in
+      <filename>login.defs</filename> and then convert to tcb password
+      using <command>tcb_convert</command> (and re-enable
+      <option>USE_TCB</option> in <filename>login.defs</filename>.)
+    </para>
 
     <para>
       The <command>pwunconv</command> command creates <emphasis
@@ -80,6 +90,14 @@
       and <emphasis remap='I'>shadow</emphasis> and then removes <emphasis
       remap='I'>shadow</emphasis>.
     </para>
+    <para condition="tcb">
+      <command>pwunconv</command> does not work with
+      <option>USE_TCB</option> enabled. You should first switch back from
+      tcb to shadowed passwords using <command>tcb_unconvert</command>,
+      and then disable <option>USE_TCB</option> in
+      <filename>login.defs</filename> before using
+      <command>pwunconv</command>.
+    </para>
 
     <para>
       The <command>grpconv</command> command creates <emphasis
@@ -161,6 +179,7 @@
       &PASS_MAX_DAYS;
       &PASS_MIN_DAYS;
       &PASS_WARN_AGE;
+      &USE_TCB;
     </variablelist>
   </refsect1>
 
@@ -187,7 +206,13 @@
       </citerefentry>,
       <citerefentry>
 	<refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>.
+      </citerefentry><phrase condition="tcb">,
+      <citerefentry>
+	<refentrytitle>tcb_convert</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>tcb_unconvert</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry></phrase>.
     </para>
   </refsect1>
 </refentry>

man/useradd.8.xml

@@ -41,6 +41,9 @@
 <!ENTITY SYS_UID_MAX           SYSTEM "login.defs.d/SYS_UID_MAX.xml">
 <!ENTITY UID_MAX               SYSTEM "login.defs.d/UID_MAX.xml">
 <!ENTITY UMASK                 SYSTEM "login.defs.d/UMASK.xml">
+<!ENTITY TCB_AUTH_GROUP        SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+<!ENTITY TCB_SYMLINKS          SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB               SYSTEM "login.defs.d/USE_TCB.xml">
 <!ENTITY USERGROUPS_ENAB       SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
 ]>
 <refentry id='useradd.8'>
@@ -634,8 +637,11 @@
       &PASS_WARN_AGE;
       &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
       &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+      &TCB_AUTH_GROUP;
+      &TCB_SYMLINKS;
       &UID_MAX; <!-- documents also UID_MIN -->
       &UMASK;
+      &USE_TCB;
       &USERGROUPS_ENAB;
     </variablelist>
   </refsect1>

man/userdel.8.xml

@@ -32,6 +32,8 @@
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY MAIL_DIR              SYSTEM "login.defs.d/MAIL_DIR.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+<!ENTITY TCB_SYMLINKS          SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB               SYSTEM "login.defs.d/USE_TCB.xml">
 <!ENTITY USERDEL_CMD           SYSTEM "login.defs.d/USERDEL_CMD.xml">
 <!ENTITY USERGROUPS_ENAB       SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
 ]>
@@ -131,6 +133,8 @@
     <variablelist>
       &MAIL_DIR; <!-- documents also MAIL_FILE -->
       &MAX_MEMBERS_PER_GROUP;
+      &TCB_SYMLINKS;
+      &USE_TCB;
       &USERDEL_CMD;
       &USERGROUPS_ENAB;
     </variablelist>

man/usermod.8.xml

@@ -32,6 +32,8 @@
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY MAIL_DIR              SYSTEM "login.defs.d/MAIL_DIR.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+<!ENTITY TCB_SYMLINKS          SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB               SYSTEM "login.defs.d/USE_TCB.xml">
 ]>
 <refentry id='usermod.8'>
   <!--  $Id$  -->
@@ -365,6 +367,8 @@
     <variablelist>
       &MAIL_DIR; <!-- documents also MAIL_FILE -->
       &MAX_MEMBERS_PER_GROUP;
+      &TCB_SYMLINKS;
+      &USE_TCB;
     </variablelist>
   </refsect1>
 

man/vipw.8.xml

@@ -31,6 +31,7 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY USE_TCB               SYSTEM "login.defs.d/USE_TCB.xml">
 ]>
 <refentry id='vipw.8'>
   <!--  $Id$  -->
@@ -126,6 +127,18 @@
     </variablelist>
   </refsect1>
 
+  <refsect1 id='configuration'>
+    <title>CONFIGURATION</title>
+    <para>
+      The following configuration variables in
+      <filename>/etc/login.defs</filename> change the behavior of this
+      tool:
+    </para>
+    <variablelist>
+      &USE_TCB;
+    </variablelist>
+  </refsect1>
+
   <refsect1 id='files'>
     <title>FILES</title>
     <variablelist>