ctypes_pam.py - PAM Authentication Module

PAM Authentication Module for Python

Provides an authenticate function that will allow the caller to authenticate a user against the Pluggable Authentication Modules (PAM) on the system.

Implemented using ctypes, so no compilation is necessary.

gateone.auth.ctypes_pam.authenticate(username, password, service='login', tty='console', **kwargs)[source]

Returns True if the given username and password authenticate for the given service. Returns False otherwise.

  • username (string) -- The username to authenticate.
  • password (string) -- The password in plain text.
  • service (string) -- The PAM service to authenticate against. Defaults to 'login'.
  • tty (string) -- Name of the TTY device to use when authenticating. Defaults to 'console' (to allow root).

If additional keyword arguments are provided they will be passed to PAM_SET_ITEM() like so:

PAM_SET_ITEM(handle, <keyword mapped to PAM_whatever>, <value>)

Where the keyword will be automatically converted to a PAM_whatever constant if present in this file. Example:

authenticate(user, pass, PAM_RHOST="myhost")

...would result in:

PAM_SET_ITEM(handle, 4, "myhost") # PAM_RHOST (4) taken from the global