--- embedaddon/sudo/doc/sudoers.cat	2013/07/22 10:46:12	1.1.1.4
+++ embedaddon/sudo/doc/sudoers.cat	2013/10/14 07:56:34	1.1.1.5
@@ -793,11 +793,10 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        to the home directory of the target user (which is root
                        unless the --uu option is used).  This effectively means
                        that the --HH option is always implied.  Note that HOME
-                       is already set when the the _e_n_v___r_e_s_e_t option is
-                       enabled, so _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for
-                       configurations where either _e_n_v___r_e_s_e_t is disabled or
-                       HOME is present in the _e_n_v___k_e_e_p list.  This flag is _o_f_f
-                       by default.
+                       is already set when the _e_n_v___r_e_s_e_t option is enabled, so
+                       _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for configurations
+                       where either _e_n_v___r_e_s_e_t is disabled or HOME is present
+                       in the _e_n_v___k_e_e_p list.  This flag is _o_f_f by default.
 
      authenticate      If set, users must authenticate themselves via a
                        password (or other means of authentication) before they
@@ -1049,12 +1048,27 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        implementations or on operating systems where opening a
                        PAM session changes the utmp or wtmp files.  If PAM
                        session support is disabled, resource limits may not be
-                       updated for the command being run.  This flag is _o_n by
-                       default.
+                       updated for the command being run.  If _p_a_m___s_e_s_s_i_o_n,
+                       _p_a_m___s_e_t_c_r_e_d, and _u_s_e___p_t_y are disabled and I/O logging
+                       has not been configured, ssuuddoo will execute the command
+                       directly instead of running it as a child process.
+                       This flag is _o_n by default.
 
                        This setting is only supported by version 1.8.7 or
                        higher.
 
+     pam_setcred       On systems that use PAM for authentication, ssuuddoo will
+                       attempt to establish credentials for the target user by
+                       default, if supported by the underlying authentication
+                       system.  One example of a credential is a Kerberos
+                       ticket.  If _p_a_m___s_e_s_s_i_o_n, _p_a_m___s_e_t_c_r_e_d, and _u_s_e___p_t_y are
+                       disabled and I/O logging has not been configured, ssuuddoo
+                       will execute the command directly instead of running it
+                       as a child process.  This flag is _o_n by default.
+
+                       This setting is only supported by version 1.8.8 or
+                       higher.
+
      passprompt_override
                        The password prompt specified by _p_a_s_s_p_r_o_m_p_t will
                        normally only be used if the password prompt provided
@@ -1119,10 +1133,10 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        directory of the target user (which is root unless the
                        --uu option is used).  This effectively makes the --ss
                        option imply --HH.  Note that HOME is already set when
-                       the the _e_n_v___r_e_s_e_t option is enabled, so _s_e_t___h_o_m_e is
-                       only effective for configurations where either
-                       _e_n_v___r_e_s_e_t is disabled or HOME is present in the
-                       _e_n_v___k_e_e_p list.  This flag is _o_f_f by default.
+                       the _e_n_v___r_e_s_e_t option is enabled, so _s_e_t___h_o_m_e is only
+                       effective for configurations where either _e_n_v___r_e_s_e_t is
+                       disabled or HOME is present in the _e_n_v___k_e_e_p list.  This
+                       flag is _o_f_f by default.
 
      set_logname       Normally, ssuuddoo will set the LOGNAME, USER and USERNAME
                        environment variables to the name of the target user
@@ -1376,6 +1390,24 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        supported.  The path to the noexec file should now be
                        set in the sudo.conf(4) file.
 
+     pam_login_service
+                       On systems that use PAM for authentication, this is the
+                       service name used when the --ii option is specified.  The
+                       default value is ``sudo''.  See the description of
+                       _p_a_m___s_e_r_v_i_c_e for more information.
+
+                       This setting is only supported by version 1.8.8 or
+                       higher.
+
+     pam_service       On systems that use PAM for authentication, the service
+                       name specifies the PAM policy to apply.  This usually
+                       corresponds to an entry in the _p_a_m_._c_o_n_f file or a file
+                       in the _/_e_t_c_/_p_a_m_._d directory.  The default value is
+                       ``sudo''.
+
+                       This setting is only supported by version 1.8.8 or
+                       higher.
+
      passprompt        The default prompt to use when asking for a password;
                        can be overridden via the --pp option or the SUDO_PROMPT
                        environment variable.  The following percent (`%')
@@ -1888,7 +1920,8 @@ EEXXAAMMPPLLEESS
      file and make sure we log the year in each log line since the log entries
      will be kept around for several years.  Lastly, we disable shell escapes
      for the commands in the PAGERS Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and
-     _/_u_s_r_/_b_i_n_/_l_e_s_s).
+     _/_u_s_r_/_b_i_n_/_l_e_s_s).  Note that this will not effectively constrain users with
+     ssuuddoo AALLLL privileges.
 
      # Override built-in defaults
      Defaults                syslog=auth
@@ -1993,7 +2026,9 @@ EEXXAAMMPPLLEESS
 
      For any machine in the _S_E_R_V_E_R_S Host_Alias, jjiillll may run any commands in
      the directory _/_u_s_r_/_b_i_n_/ except for those commands belonging to the _S_U and
-     _S_H_E_L_L_S Cmnd_Aliases.
+     _S_H_E_L_L_S Cmnd_Aliases.  While not specifically mentioned in the rule, the
+     commands in the _P_A_G_E_R_S Cmnd_Alias all reside in _/_u_s_r_/_b_i_n and have the
+     _n_o_e_x_e_c option set.
 
      steve           CSNETS = (operator) /usr/local/op_commands/
 
@@ -2237,4 +2272,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
      complete details.
 
-Sudo 1.8.7                      April 30, 2013                      Sudo 1.8.7
+Sudo 1.8.8                      August 31, 2013                     Sudo 1.8.8