Index: openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.adp,v
diff -u -N -r1.4.2.3 -r1.4.2.4
--- openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.adp	3 Sep 2021 09:14:38 -0000	1.4.2.3
+++ openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.adp	13 Jul 2023 12:44:56 -0000	1.4.2.4
@@ -15,18 +15,19 @@
 AOLserver.</p><div class="orderedlist"><ol type="1">
 <li>
 <p>
-<strong>Add PAM support to AOLserver. </strong>OpenACS
-supports PAM support via the PAM AOLserver module. PAM is system of
-modular support, and can provide local (unix password), RADIUS,
-LDAP (<a href="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html" target="_top">more information</a>), and other forms of
+<strong>Add PAM support to
+AOLserver. </strong>OpenACS supports PAM support via
+the PAM AOLserver module. PAM is system of modular support, and can
+provide local (unix password), RADIUS, LDAP (<a href="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html" target="_top">more information</a>), and other forms of
 authentication. Note that due to security issues, the AOLserver PAM
 module cannot be used for local password authentication.</p><div class="orderedlist"><ol type="a">
 <li>
 <p>
 <a name="install-nspam" id="install-nspam"></a><strong>Compile
 and install ns_pam. </strong>Download the <a href="/doc/nspam-download" target="_top">tarball</a> to <code class="computeroutput">/tmp</code>.</p><p>Debian users: first do <strong class="userinput"><code>apt-get
 install libpam-dev</code></strong>
-</p><pre class="screen">[root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/aolserver</code></strong>
+</p><pre class="screen">
+[root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/aolserver</code></strong>
 [root\@yourserver aolserver]# <strong class="userinput"><code>tar xzf /tmp/ns_pam-0.1.tar.gz</code></strong>
 [root\@yourserver aolserver]# <strong class="userinput"><code>cd nspam</code></strong>
 [root\@yourserver nspam]# <strong class="userinput"><code>make</code></strong>
@@ -51,18 +52,19 @@
 </pre>
 </li><li>
 <p>
-<strong>Set up a PAM domain. </strong>A PAM domain is a set
-of rules for granting privileges based on other programs. Each
-instance of AOLserver uses a domain; different aolserver instances
-can use the same domain but one AOLserver instance cannot use two
-domains. The domain describes which intermediate programs will be
-used to check permissions. You may need to install software to
-perform new types of authentication.</p><div class="itemizedlist"><ul type="disc">
+<strong>Set up a PAM domain. </strong>A PAM domain
+is a set of rules for granting privileges based on other programs.
+Each instance of AOLserver uses a domain; different aolserver
+instances can use the same domain but one AOLserver instance cannot
+use two domains. The domain describes which intermediate programs
+will be used to check permissions. You may need to install software
+to perform new types of authentication.</p><div class="itemizedlist"><ul type="disc">
 <li>
 <p><strong>RADIUS in PAM. </strong></p><div class="orderedlist"><ol type="i">
 <li>
 <p>Untar the <a href="/doc/individual-programs" target="_top">pam_radius tarball</a> and compile and install. (<a href="http://www.freeradius.org/pam_radius_auth/" target="_top">more
-information</a>)</p><pre class="screen">[root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/</code></strong>
+information</a>)</p><pre class="screen">
+[root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/</code></strong>
 [root\@yourserver src]# <strong class="userinput"><code>tar xf /tmp/pam_radius-1.3.16.tar</code></strong>
 [root\@yourserver src]# <strong class="userinput"><code>cd pam_radius-1.3.16</code></strong>
 [root\@yourserver pam_radius-1.3.16]# <strong class="userinput"><code>make</code></strong>
@@ -85,12 +87,17 @@
 domain configuration lines into a single file, <code class="computeroutput">/etc/pam.conf</code>. On Red Hat, create the file
 <code class="computeroutput">/etc/pam.d/<span class="replaceable"><span class="replaceable">service0</span></span>
 </code> with these
-contents:</p><pre class="programlisting">auth       sufficient   /lib/security/pam_radius_auth.so
+contents:</p><pre class="programlisting">
+auth       sufficient   /lib/security/pam_radius_auth.so
 </pre>
 </li><li>
 <p>Modify the AOLserver configuration file to use this PAM domain.
-Edit the line</p><pre class="programlisting">ns_param   PamDomain             "<span class="replaceable"><span class="replaceable">service0</span></span>"</pre><p>So that the value of the parameter matches the name (just the
-filename, not the fully pathed name) of the domain file in</p><pre class="programlisting">/etc/pam.d/</pre>
+Edit the line</p><pre class="programlisting">
+ns_param   PamDomain             "<span class="replaceable"><span class="replaceable">service0</span></span>"
+</pre><p>So that the value of the parameter matches the name (just the
+filename, not the fully pathed name) of the domain file in</p><pre class="programlisting">
+/etc/pam.d/
+</pre>
 </li>
 </ol></div>
 </li><li><p>
@@ -100,7 +107,9 @@
 </li><li>
 <p><strong>Modify the AOLserver configuration file to support
 ns_pam. </strong></p><p>In <code class="computeroutput">/var/lib/aolserver/<span class="replaceable"><span class="replaceable">service0</span></span>/etc/config.tcl</code>, enable
-the nspam module by uncommenting this line:</p><pre class="programlisting">ns_param   nspam           ${bindir}/nspam.so</pre>
+the nspam module by uncommenting this line:</p><pre class="programlisting">
+ns_param   nspam           ${bindir}/nspam.so
+</pre>
 </li>
 </ol></div>
 </li><li><p>
@@ -109,9 +118,9 @@
 restart the server.</p></li><li>
 <p>
 <a name="ext-auth-create-authority" id="ext-auth-create-authority"></a><strong>Create an OpenACS
-authority. </strong>OpenACS supports multiple authentication
-authorities. The OpenACS server itself is the "Local
-Authority," used by default.</p><div class="orderedlist"><ol type="a">
+authority. </strong>OpenACS supports multiple
+authentication authorities. The OpenACS server itself is the
+"Local Authority," used by default.</p><div class="orderedlist"><ol type="a">
 <li><p>Browse to the authentication administration page, <code class="computeroutput">http://<span class="replaceable"><span class="replaceable">yourserver</span></span><a href="/acs-admin/auth/" target="_top">/acs-admin/auth/</a>
 </code>. Create and name an
 authority (in the sitewide admin UI)</p></li><li><p>Set Authentication to PAM.</p></li><li><p>If the PAM domain defines a <code class="computeroutput">password</code> command, you can set Password