Index: openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.adp,v
diff -u -r1.4.2.5 -r1.4.2.6
--- openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.adp	30 Jul 2024 18:05:34 -0000	1.4.2.5
+++ openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.adp	2 Sep 2024 09:40:20 -0000	1.4.2.6
@@ -4,6 +4,10 @@
 <property name="doc(title)">Using Pluggable Authentication Modules (PAM) with
 OpenACS</property>
 <master>
+<style>
+div.sect2 > div.itemizedlist > ul.itemizedlist > li.listitem {margin-top: 16px;}
+div.sect3 > div.itemizedlist > ul.itemizedlist > li.listitem {margin-top: 6px;}
+</style>              
 <include src="/packages/acs-core-docs/lib/navheader"
 			leftLink="ext-auth-install" leftLabel="Prev"
 			title="Installation"
@@ -15,19 +19,18 @@
 AOLserver.</p><div class="orderedlist"><ol type="1">
 <li>
 <p>
-<strong>Add PAM support to
-AOLserver. </strong>OpenACS supports PAM support via
-the PAM AOLserver module. PAM is system of modular support, and can
-provide local (unix password), RADIUS, LDAP (<a href="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html" target="_top">more information</a>), and other forms of
+<strong>Add PAM support to AOLserver. </strong>OpenACS
+supports PAM support via the PAM AOLserver module. PAM is system of
+modular support, and can provide local (unix password), RADIUS,
+LDAP (<a href="http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html" target="_top">more information</a>), and other forms of
 authentication. Note that due to security issues, the AOLserver PAM
 module cannot be used for local password authentication.</p><div class="orderedlist"><ol type="a">
 <li>
 <p>
 <a name="install-nspam" id="install-nspam"></a><strong>Compile
 and install ns_pam. </strong>Download the <a href="/doc/nspam-download" target="_top">tarball</a> to <code class="computeroutput">/tmp</code>.</p><p>Debian users: first do <strong class="userinput"><code>apt-get
 install libpam-dev</code></strong>
-</p><pre class="screen">
-[root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/aolserver</code></strong>
+</p><pre class="screen">[root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/aolserver</code></strong>
 [root\@yourserver aolserver]# <strong class="userinput"><code>tar xzf /tmp/ns_pam-0.1.tar.gz</code></strong>
 [root\@yourserver aolserver]# <strong class="userinput"><code>cd nspam</code></strong>
 [root\@yourserver nspam]# <strong class="userinput"><code>make</code></strong>
@@ -52,19 +55,18 @@
 </pre>
 </li><li>
 <p>
-<strong>Set up a PAM domain. </strong>A PAM domain
-is a set of rules for granting privileges based on other programs.
-Each instance of AOLserver uses a domain; different aolserver
-instances can use the same domain but one AOLserver instance cannot
-use two domains. The domain describes which intermediate programs
-will be used to check permissions. You may need to install software
-to perform new types of authentication.</p><div class="itemizedlist"><ul type="disc">
+<strong>Set up a PAM domain. </strong>A PAM domain is a set
+of rules for granting privileges based on other programs. Each
+instance of AOLserver uses a domain; different aolserver instances
+can use the same domain but one AOLserver instance cannot use two
+domains. The domain describes which intermediate programs will be
+used to check permissions. You may need to install software to
+perform new types of authentication.</p><div class="itemizedlist"><ul type="disc">
 <li>
 <p><strong>RADIUS in PAM. </strong></p><div class="orderedlist"><ol type="i">
 <li>
 <p>Untar the <a href="/doc/individual-programs" target="_top">pam_radius tarball</a> and compile and install. (<a href="http://www.freeradius.org/pam_radius_auth/" target="_top">more
-information</a>)</p><pre class="screen">
-[root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/</code></strong>
+information</a>)</p><pre class="screen">[root\@yourserver root]# <strong class="userinput"><code>cd /usr/local/src/</code></strong>
 [root\@yourserver src]# <strong class="userinput"><code>tar xf /tmp/pam_radius-1.3.16.tar</code></strong>
 [root\@yourserver src]# <strong class="userinput"><code>cd pam_radius-1.3.16</code></strong>
 [root\@yourserver pam_radius-1.3.16]# <strong class="userinput"><code>make</code></strong>
@@ -87,17 +89,12 @@
 domain configuration lines into a single file, <code class="computeroutput">/etc/pam.conf</code>. On Red Hat, create the file
 <code class="computeroutput">/etc/pam.d/<span class="replaceable"><span class="replaceable">service0</span></span>
 </code> with these
-contents:</p><pre class="programlisting">
-auth       sufficient   /lib/security/pam_radius_auth.so
+contents:</p><pre class="programlisting">auth       sufficient   /lib/security/pam_radius_auth.so
 </pre>
 </li><li>
 <p>Modify the AOLserver configuration file to use this PAM domain.
-Edit the line</p><pre class="programlisting">
-ns_param   PamDomain             "<span class="replaceable"><span class="replaceable">service0</span></span>"
-</pre><p>So that the value of the parameter matches the name (just the
-filename, not the fully pathed name) of the domain file in</p><pre class="programlisting">
-/etc/pam.d/
-</pre>
+Edit the line</p><pre class="programlisting">ns_param   PamDomain             "<span class="replaceable"><span class="replaceable">service0</span></span>"</pre><p>So that the value of the parameter matches the name (just the
+filename, not the fully pathed name) of the domain file in</p><pre class="programlisting">/etc/pam.d/</pre>
 </li>
 </ol></div>
 </li><li><p>
@@ -107,9 +104,7 @@
 </li><li>
 <p><strong>Modify the AOLserver configuration file to support
 ns_pam. </strong></p><p>In <code class="computeroutput">/var/lib/aolserver/<span class="replaceable"><span class="replaceable">service0</span></span>/etc/config.tcl</code>, enable
-the nspam module by uncommenting this line:</p><pre class="programlisting">
-ns_param   nspam           ${bindir}/nspam.so
-</pre>
+the nspam module by uncommenting this line:</p><pre class="programlisting">ns_param   nspam           ${bindir}/nspam.so</pre>
 </li>
 </ol></div>
 </li><li><p>
@@ -118,9 +113,9 @@
 restart the server.</p></li><li>
 <p>
 <a name="ext-auth-create-authority" id="ext-auth-create-authority"></a><strong>Create an OpenACS
-authority. </strong>OpenACS supports multiple
-authentication authorities. The OpenACS server itself is the
-"Local Authority," used by default.</p><div class="orderedlist"><ol type="a">
+authority. </strong>OpenACS supports multiple authentication
+authorities. The OpenACS server itself is the "Local
+Authority," used by default.</p><div class="orderedlist"><ol type="a">
 <li><p>Browse to the authentication administration page, <code class="computeroutput">http://<span class="replaceable"><span class="replaceable">yourserver</span></span><a href="/acs-admin/auth/" target="_top">/acs-admin/auth/</a>
 </code>. Create and name an
 authority (in the sitewide admin UI)</p></li><li><p>Set Authentication to PAM.</p></li><li><p>If the PAM domain defines a <code class="computeroutput">password</code> command, you can set Password