GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → FirefighterBlu3 → python-pam

FirefighterBlu3 / python-pam

Licence: MIT license
Python pam module supporting py3 (py2 support still exists but is deprecated)

Programming Languages

python
139335 projects - #7 most used programming language
Makefile
30231 projects
shell
77523 projects

Labels

linuxpamhacktoberfestpam-authenticationhacktoberfest2021

Projects that are alternatives of or similar to python-pam

pam panic
A PAM module that protects sensitive data and provides a panic function for emergency situations. Authentication through passwords or removable media.
Stars: ✭ 35 (-63.54%)
Mutual labels:  pam, pam-authentication
fingerprint-gui
Use fingerprint readers with a Linux desktop environment
Stars: ✭ 47 (-51.04%)
Mutual labels:  pam, pam-authentication
pam-oauth2
OAuth2 pam module
Stars: ✭ 118 (+22.92%)
Mutual labels:  pam
pam-exec-oauth2
Allows Linux user authentication to OAuth2 via pam_exec
Stars: ✭ 73 (-23.96%)
Mutual labels:  pam
Howdy
🛡️ Windows Hello™ style facial authentication for Linux
Stars: ✭ 3,237 (+3271.88%)
Mutual labels:  pam
Teleport
Certificate authority and access plane for SSH, Kubernetes, web apps, databases and desktops
Stars: ✭ 10,602 (+10943.75%)
Mutual labels:  pam
bottle-ssl
A simple web page using BottlePy and SSL
Stars: ✭ 47 (-51.04%)
Mutual labels:  pam
webdav-server-rs
webdav server in rust
Stars: ✭ 65 (-32.29%)
Mutual labels:  pam
privx-on-aws
PrivX - Just-in-time Access Management
Stars: ✭ 18 (-81.25%)
Mutual labels:  pam
pam e4crypt
PAM module for unlocking transparently encrypted directories on ext4
Stars: ✭ 18 (-81.25%)
Mutual labels:  pam
pam pwnd
A PAM module to test passwords against previous leaks at haveibeenpwned.com
Stars: ✭ 33 (-65.62%)
Mutual labels:  pam
hola
Windows Hello™ style facial authentication for Linux written in Rust
Stars: ✭ 54 (-43.75%)
Mutual labels:  pam
pam
Safe Rust API to the Linux Pluggable Authentication Modules (PAM)
Stars: ✭ 60 (-37.5%)
Mutual labels:  pam
clarion
WebAuthn (U2F) helper for CLI operations (e.g. SSH Log in)
Stars: ✭ 78 (-18.75%)
Mutual labels:  pam
pam hook
Pam based webhook authentication for Kubernetes
Stars: ✭ 76 (-20.83%)
Mutual labels:  pam

python-pam

Python pam module supporting py3 (and py2) for Linux type systems (!windows)

Commandline example:

[david@Scott python-pam]$ python pam/pam.py
Username: david
Password:
Auth result: Success (0)
Pam Environment List item: XDG_SEAT=seat0
Pam Environment item: XDG_SEAT=seat0
Missing Pam Environment item: asdf=None
Open session: Success (0)
Close session: Success (0)

Inline examples:

[david@Scott python-pam]$ python
Python 3.9.7 (default, Oct 10 2021, 15:13:22)
[GCC 11.1.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pam
>>> p = pam.authenticate()
>>> p.authenticate('david', 'correctpassword')
True
>>> p.authenticate('david', 'badpassword')
False
>>> p.authenticate('david', 'correctpassword', service='login')
True
>>> p.authenticate('david', 'correctpassword', service='unknownservice')
False
>>> p.authenticate('david', 'correctpassword', service='login', resetcreds=True)
True
>>> p.authenticate('david', 'correctpassword', encoding='latin-1')
True
>>> print('{} {}'.format(p.code, p.reason))
0 Success
>>> p.authenticate('david', 'badpassword')
False
>>> print('{} {}'.format(p.code, p.reason))
7 Authentication failure
>>>

Authentication and privileges

Please note, python-pam and all tools that do authentication follow two rules:

  • You have root (or privileged access): you can check any account's password for validity
  • You don't have root: you can only check the validity of the username running the tool

If you need to authenticate multiple users, you must use an authentication stack that at some stage has privileged access. On Linux systems one example of doing this is using SSSD.

Typical Linux installations check against /etc/shadow with pam_unix.so which will spawn /usr/bin/unix_chkpwd to verify the password. Both of these are intentionally written to meet the above two rules. You can test the functionality of unix_chkpwd in the following manner:

Replace good with the correct password, replace david with your appropriate username.

~$ mkfifo /tmp/myfifo

~$ (echo -ne 'good\0' > /tmp/myfifo & /usr/bin/unix_chkpwd david nullok < /tmp/myfifo ) ; echo $?
0

~$ (echo -ne 'bad\0' > /tmp/myfifo & /usr/bin/unix_chkpwd david nullok < /tmp/myfifo ) ; echo $?
7

~$ (echo -ne 'good\0' > /tmp/myfifo & /usr/bin/unix_chkpwd someotheruser nullok < /tmp/myfifo ) ; echo $?
9
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].