1 files changed, 6 insertions, 20 deletions

diff --git a/documentation/content/en/articles/pam/_index.adoc b/documentation/content/en/articles/pam/_index.adoc
index 011ee465c9..7f6ffe249b 100644
--- a/documentation/content/en/articles/pam/_index.adoc
+++ b/documentation/content/en/articles/pam/_index.adoc
@@ -411,16 +411,18 @@ It is essential to understand that PAM's configuration system is centered on cha
 [[pam-config-breakdown]]
 === Breakdown of a Configuration Line
 
-As explained in <<pam-config-file>>, each line in [.filename]#/etc/pam.conf# consists of four or more fields: the service name, the facility name, the control flag, the module name, and zero or more module arguments.
+As explained in crossref:pam[pam-config-file, PAM Policy Files], each line in [.filename]#/etc/pam.conf# consists of four or more fields: the service name, the facility name, the control flag, the module name, and zero or more module arguments.
 
 The service name is generally (though not always) the name of the application the statement applies to.
 If you are unsure, refer to the individual application's documentation to determine what service name it uses.
 
 Note that if you use [.filename]#/etc/pam.d/# instead of [.filename]#/etc/pam.conf#, the service name is specified by the name of the policy file, and omitted from the actual configuration lines, which then start with the facility name.
 
-The facility is one of the four facility keywords described in <<pam-facilities-primitives>>.
+The facility is one of the four facility keywords described in
+crossref:pam[pam-facilities-primitives, Facilities and Primitives].
 
-Likewise, the control flag is one of the four keywords described in <<pam-chains-policies>>, describing how to interpret the return code from the module. 
+Likewise, the control flag is one of the four keywords described in
+	crossref:pam[pam-chains-policies, Chains and Policies], describing how to interpret the return code from the module. 
 Linux-PAM supports an alternate syntax that lets you specify the action to associate with each possible return code, but this should be avoided as it is non-standard and closely tied in with the way Linux-PAM dispatches service calls (which differs greatly from the way Solaris(TM) and OpenPAM do it.) 
 Unsurprisingly, OpenPAM does not support this syntax.
 
@@ -544,22 +546,6 @@ The man:pam_login_access[8] module provides an implementation of the account man
 The man:pam_nologin[8] module refuses non-root logins when [.filename]#/var/run/nologin# exists.
 This file is normally created by man:shutdown[8] when less than five minutes remain until the scheduled shutdown time.
 
-[[pam-modules-opie]]
-=== man:pam_opie[8]
-
-The man:pam_opie[8] module implements the man:opie[4] authentication method.
-The man:opie[4] system is a challenge-response mechanism where the response to each challenge is a direct function of the challenge and a passphrase, so the response can be easily computed "just in time" by anyone possessing the passphrase, eliminating the need for password lists.
-Moreover, since man:opie[4] never reuses a challenge that has been correctly answered, it is not vulnerable to replay attacks.
-
-[[pam-modules-opieaccess]]
-=== man:pam_opieaccess[8]
-
-The man:pam_opieaccess[8] module is a companion module to man:pam_opie[8].
-Its purpose is to enforce the restrictions codified in man:opieaccess[5], which regulate the conditions under which a user who would normally authenticate herself using man:opie[4] is allowed to use alternate methods.
-This is most often used to prohibit the use of password authentication from untrusted hosts.
-
-In order to be effective, the man:pam_opieaccess[8] module must be listed as `requisite` immediately after a `sufficient` entry for man:pam_opie[8], and before any other modules, in the `auth` chain.
-
 [[pam-modules-passwdqc]]
 === man:pam_passwdqc[8]
 
@@ -638,7 +624,7 @@ The following is a minimal implementation of man:su[1] using PAM.
 Note that it uses the OpenPAM-specific man:openpam_ttyconv[3] conversation function, which is prototyped in [.filename]#security/openpam.h#.
 If you wish build this application on a system with a different PAM library, you will have to provide your own conversation function.
 A robust conversation function is surprisingly difficult to implement;
-the one presented in <<pam-sample-conv>> is a good starting point, but should not be used in real-world applications.
+the one presented in crossref:pam[pam-sample-conv, Sample PAM Conversation Function] is a good starting point, but should not be used in real-world applications.
 
 [.programlisting]
 ....