--- embedaddon/sudo/INSTALL	2012/02/21 16:23:01	1.1
+++ embedaddon/sudo/INSTALL	2012/10/09 09:29:52	1.1.1.3
@@ -166,19 +166,13 @@ Special features/options:
 
   --with-SecurID[=DIR]
 	Enable SecurID support.  If specified, DIR is directory containing
-	sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
+	libaceclnt.a, acexport.h, and sdacmvls.h.
 
   --with-fwtk[=DIR]
 	Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
 	DIR is the base directory containing the compiled FWTK package
 	(or at least the library and header files).
 
-  --with-kerb4[=DIR]
-	Enable Kerberos IV support.  If specified, DIR is the base
-	directory containing the Kerberos IV include and lib dirs.
-	This uses Kerberos passphrases for authentication but does
-	not use the Kerberos cookie scheme.
-
   --with-kerb5[=DIR]
 	Enable Kerberos V support.  If specified, DIR is the base
 	directory containing the Kerberos V include and lib dirs.
@@ -186,6 +180,13 @@ Special features/options:
 	does not use the Kerberos cookie scheme.  Will not work for
 	Kerberos V older than version 1.1.
 
+  --enable-kerb5-instance=string
+        By default, the user name is used as the principal name
+        when authenticating via Kerberos V.  If this option is
+        enabled, the specified instance string will be appended to
+        the user name (separated by a slash) when creating the
+        principal name.
+
   --with-ldap[=DIR]
 	Enable LDAP support.  If specified, DIR is the base directory
 	containing the LDAP include and lib directories.  Please see
@@ -200,6 +201,15 @@ Special features/options:
 	this file instead of /etc/ldap.secret to read the secret password
 	when rootbinddn is specified in the ldap config file.
 
+  --with-sssd
+        Enable support for using the System Security Services Daemon
+        (SSSD) as a sudoers data source.  For more informaton on
+        SSD, see http://fedorahosted.org/sssd/
+
+  --with-sssd-lib=PATH
+        Specify the path to the SSSD shared library, which is loaded
+        at run-time.
+
   --with-nsswitch[=PATH]
 	Path to nsswitch.conf or "no" to disable nsswitch support.
 	If specified, sudo uses this file instead of /etc/nsswitch.conf.
@@ -285,7 +295,7 @@ Special features/options:
         older PAM implementations or on operating systems where
         opening a PAM session changes the utmp or wtmp files.  If
         PAM session support is disabled, resource limits may not
-        be updatedin for command being run.
+        be updated for the command being run.
 
   --disable-root-mailer
 	By default sudo will run the mailer as root when tattling
@@ -343,15 +353,20 @@ Special features/options:
   --with-otp-only
 	This option is now just an alias for --without-passwd.
 
-  --with-stow
-	Properly handle GNU stow packaging.  The sudoers file will
-	physically live in ${prefix}/etc and /etc/sudoers will be
-	a symbolic link.
-
   --with-selinux 
 	Enable support for role based access control (RBAC) on
 	systems that support SELinux.
 
+  --with-man
+        Use the "man" macros for manual pages.  By default, mdoc
+        versions of the manuals are installed.  This can be used
+        to override configure's test for "nroff -mdoc" support.
+
+  --with-mdoc
+        Use the "mdoc" macros for manual pages.  By default, mdoc
+        versions of the manuals are installed.  This can be used
+        to override configure's test for "nroff -mdoc" support.
+
 The following options are also configurable at runtime:
 
   --with-long-otp-prompt
@@ -630,6 +645,17 @@ The following options are also configurable at runtime
   --enable-werror
 	Enable the -Werror compiler option when building sudo with gcc.
 
+  --disable-hardening
+	Disable the use of compiler/linker exploit mitigation options
+	which are enabled by default.  This includes compiling with
+	_FORTIFY_SOURCE defined to 2, building with -fstack-protector
+	and linking with -zrelro, where supported.
+
+  --disable-pie
+	Disable the creation of position independent executables (PIE)
+        even when the compiler and linker support them.
+	By default, sudo will be built as a PIE where possible.
+
   --enable-admin-flag
 	Enable the creation of an Ubuntu-style admin flag file
 	the first time sudo is run.
@@ -743,6 +769,12 @@ HP-UX:
     you will need to add a line like the following to /etc/pam.conf:
 
     sudo	session	required	libpam_hpsec.so.1 bypass_umask
+
+    If every command run via sudo displays information about the last
+    successful login and the last authentication failure you should
+    make use an /etc/pam.conf line like:
+
+    sudo	session	required	libpam_hpsec.so.1 bypass_umask bypass_last_login
 
 Digital UNIX:
     By default, sudo will use SIA (Security Integration Architecture)