Sorry if this appears twice, had posted with wrong account previously.
Hi all,
I'm trying to use pam for a custom app server written in python. There exists
a pam wrapper that makes it possible to use pam from within my python app.
Now when running the app standalone, everything works fine. But when I
daemonize it, I can't authenticate a single user. I also found that I can't
authorize somebody else than the user the shell runs in.
Searched google and the docs, but didn't find anything that helped me.
Any suggestions? I attached the python script and the domserver config.
daemonize is a standard unix daemonization receipt.
Regards,
Diez B. Roggisch
#!/usr/bin/env python
import sys
import PAM
from getpass import getpass
import daemonize
def pam_conv(auth, query_list, userData):
resp = []
print auth, user
for i in range(len(query_list)):
query, type = query_list[i]
if type == PAM.PAM_PROMPT_ECHO_ON:
val = raw_input(query)
resp.append((val, 0))
elif type == PAM.PAM_PROMPT_ECHO_OFF:
resp.append(("foo", 0))
elif type == PAM.PAM_PROMPT_ERROR_MSG or type == PAM.PAM_PROMPT_TEXT_INFO:
print query
resp.append(('', 0))
else:
return None
return resp
service = 'domserver'
if len(sys.argv) == 2:
user = sys.argv[1]
else:
user = None
daemonize.daemonize(pidfile="/tmp/pamtest.pid", stdout="/tmp/pamtest.stdout", stdin="/dev/null")
user = "marco"
auth = PAM.pam()
auth.start(service)
if user != None:
auth.set_item(PAM.PAM_USER, user)
auth.set_item(PAM.PAM_CONV, pam_conv)
try:
auth.authenticate()
auth.acct_mgmt()
except PAM.error, resp:
print 'Go away! (%s)' % resp
except:
print 'Internal error'
else:
print 'Good to go!'
auth required pam_unix.so
account required pam_access.so
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
