pam_mac(8)pam_mac(8)NAMEpam_mac - IRIX MAC label PAM Service Module
SYNOPSIS
/usr/lib32/security/pam_mac.so /usr/lib64/security/pam_mac.so
DESCRIPTION
This module verifies if the user is cleared for a MAC label. If no
arguments are given, the module will check to see if the MAC environment
variable has been set by the application. If it is, the module
authenticates the user against the MAC label being provided by the
application. Otherwise, the module will prompt the user for the desired
MAC label. It assumes that the user name has been set. If no mac label is
entered, it will set the mac label to user's default as defined in the
/etc/clearance file.
When the user is authenticated successfully, the module will set the PAM
environment variable, "MAC" with the label that the user is allowed. The
application can retrieve this information using pam_getenv().
RECOGNIZED ARGUMENTS
noprompt
Will not prompt the user for desired mac label Instead, it will
attempt to get it from environment variable: CAP. If this variable
is not defined, it will set it to the user's default label.
NOTES
The module will store the mac label that the user is cleared for in the
environment variable: "MAC".
So in your application, after doing a pam_authenticate, obtain the mac
label by using pam_getenv(pamh, "MAC").
FILES
/etc/pam.d/*
/etc/config/pam
SEE ALSOpam(8), pam_chkconfig(3), pam_modules(8), dominance(5)
Page 1
