English 中文(简体)
Using pam_python in a script running with mod_python
原标题:

I would like to develop a web interface to allow users of a Linux system to do certain tasks related to their account. I decided to write the backend of the site using Python and mod_python on Apache. To authenticate the users, I thought I could use python_pam to query the PAM service. I adapted the example bundled with the module and got this:

# out is the output stream used to print debug
def auth(username, password, out):
    def pam_conv(aut, query_list, user_data):
        out.write("Query list: " + str(query_list) + "
")

        # List to store the responses to the different queries
        resp = []

        for item in query_list:
            query, qtype = item

            # If PAM asks for an input, give the password
            if qtype == PAM.PAM_PROMPT_ECHO_ON or qtype == PAM.PAM_PROMPT_ECHO_OFF:
                resp.append((str(password), 0))

            elif qtype == PAM.PAM_PROMPT_ERROR_MSG or qtype == PAM.PAM_PROMPT_TEXT_INFO:
                resp.append((  , 0))

        out.write("Our response: " + str(resp) + "
")
        return resp

    # If username of password is undefined, fail
    if username is None or password is None:
        return False

    service =  login 
    pam_ = PAM.pam()
    pam_.start(service)

    # Set the username
    pam_.set_item(PAM.PAM_USER, str(username))

    # Set the conversation callback
    pam_.set_item(PAM.PAM_CONV, pam_conv)

    try:
        pam_.authenticate()
        pam_.acct_mgmt()
    except PAM.error, resp:
        out.write("Error: " + str(resp) + "
")
        return False
    except:
        return False

    # If we get here, the authentication worked
    return True

My problem is that this function does not behave the same whether I use it in a simple script or through mod_python. To illustrate this, I wrote these simple cases:

my_username = "markys"
my_good_password = "lalala"
my_bad_password = "lololo"

def handler(req):
 req.content_type = "text/plain"
 req.write("1- " + str(auth(my_username,my_good_password,req) + "
"))
 req.write("2- " + str(auth(my_username,my_bad_password,req) + "
"))
 return apache.OK

if __name__ == "__main__":
 print "1- " + str(auth(my_username,my_good_password,sys.__stdout__))
 print "2- " + str(auth(my_username,my_bad_password,sys.__stdout__))

The result from the script is :

Query list: [( Password:  , 1)]
Our response: [( lalala , 0)]
1- True
Query list: [( Password:  , 1)]
Our response: [( lololo , 0)]
Error: ( Authentication failure , 7)
2- False

but the result from mod_python is :

Query list: [( Password:  , 1)]
Our response: [( lalala , 0)]
Error: ( Authentication failure , 7)
1- False
Query list: [( Password:  , 1)]
Our response: [( lololo , 0)]
Error: ( Authentication failure , 7)
2- False

I don t understand why the auth function does not return the same value given the same inputs. Any idea where I got this wrong ? Here is the original script, if that could help you.

Thanks a lot !

EDIT: All right I found the error. I was running the script as root. mod_python was running the script as the webserver s user. Only root has the right to read shadow. I am not sure how I will circumvent this, but at least now I know what is the problem !

问题回答

It seems like you have to enable Apache to use PAM authentication. Take a look at this site: http://www.debianhelp.co.uk/apachepam.htm

You might want to take a look at this site too : http://inming.net/?p=86

时间:2010-04-02 21:46:34


上一篇:
下一篇:


相关问题
Can Django models use MySQL functions?

Is there a way to force Django models to pass a field to a MySQL function every time the model data is read or loaded? To clarify what I mean in SQL, I want the Django model to produce something like ...

时间:2009-11-13 13:56:25 回答:6 展示:1
An enterprise scheduler for python (like quartz)

I am looking for an enterprise tasks scheduler for python, like quartz is for Java. Requirements: Persistent: if the process restarts or the machine restarts, then all the jobs must stay there and ...

时间:2009-11-13 04:31:57 回答:4 展示:1
How to remove unique, then duplicate dictionaries in a list?

Given the following list that contains some duplicate and some unique dictionaries, what is the best method to remove unique dictionaries first, then reduce the duplicate dictionaries to single ...

时间:2009-11-13 03:19:51 回答:7 展示:1
What is suggested seed value to use with random.seed()?

Simple enough question: I m using python random module to generate random integers. I want to know what is the suggested value to use with the random.seed() function? Currently I am letting this ...

时间:2009-11-09 18:56:16 回答:5 展示:1
How can I make the PyDev editor selectively ignore errors?

I m using PyDev under Eclipse to write some Jython code. I ve got numerous instances where I need to do something like this: import com.work.project.component.client.Interface.ISubInterface as ...

时间:2009-11-09 16:14:56 回答:4 展示:1
How do I profile `paster serve` s startup time?

Python s paster serve app.ini is taking longer than I would like to be ready for the first request. I know how to profile requests with middleware, but how do I profile the initialization time? I ...

时间:2009-11-09 16:11:39 回答:3 展示:1
Pragmatically adding give-aways/freebies to an online store

Our business currently has an online store and recently we ve been offering free specials to our customers. Right now, we simply display the special and give the buyer a notice stating we will add the ...

时间:2009-11-09 15:59:13 回答:2 展示:1
Converting Dictionary to List? [duplicate]

I m trying to convert a Python dictionary into a Python list, in order to perform some calculations. #My dictionary dict = {} dict[ Capital ]="London" dict[ Food ]="Fish&Chips" dict[ 2012 ]="...

时间:2009-11-05 09:34:18 回答:7 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全