pam_cap(8)pam_cap(8)NAMEpam_cap - IRIX capabilities PAM Service Module
SYNOPSIS
/usr/lib32/security/pam_cap.so /usr/lib64/security/pam_cap.so
DESCRIPTION
This module assumes that the user name has been set. If no arguments are
provided, the module checks to see if the CAP environment module has been
set by the application. If it is, the module will attempt to authenticate
the capability set against the user. Otherwise, this module will prompt
the user for the desired capability set. If no capability set is entered,
it will set the capability set to default to "all="
When the user is authenticated successfully, the module will set the PAM
environment variable, "CAP" with the capabilities that the user is
allowed. The application can retrieve this information using
pam_getenv().
RECOGNIZED ARGUMENTS
noprompt
Will not prompt the user for desired capability set Instead, it will
attempt to get it from environment variable: CAP. If this variable
is not defined, the default capability set is "all="
NOTES
The module will store the capability set that the user is cleared for in
the environment variable: CAP.
So in your application, after doing a pam_authenticate, obtain the
capability set by using pam_getenv(pamh, "CAP").
FILES
/etc/pam.d/*
/etc/config/pam
SEE ALSOpam(8), pam_chkconfig(3), pam_modules(8), capabilities(4)
Page 1