suggestions for pam_python?

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Kyler Laird

    suggestions for pam_python?

    I've been looking for a way to authenticate users through PAM using a
    Python script. I didn't find any so I wrote my own. I call it using
    a pam.conf line such as this.
    auth required pam_python.so test --foo=bar --blah=123

    I wrote pam_python.so in C. It passes on calls to pam_sm_authenti cate,
    pam_sm_setcred, etc. to the "pam_handle r" function in a Python script
    specified as the first argument ("test" -> "test.py"). The pam_handler
    script is called with the name of the function it's handling
    ("pam_sm_authen ticate"), and the options given in the PAM configuration.
    It parses the options and then calls the appropriate function.

    I still haven't decided how to handle calls such as pam_get_user() (to
    get the user ID). Right now I'm running it in the C program and then
    passing it to pam_handler. I'd rather give the Python script a way to
    call such routines as they're needed. That'll take some more wrapping.

    Anyway...I'm not thrilled with how I'm doing this, so I thought I'd
    check to see if anyone has strong feelings about the One True Way that
    this should be done.

    Suggestions?

    Thank you.

    --kyler
Working...