pam.py - A PAM Authentication Module

PAM Authentication Module for Gate One

This authentication module is built on top of ctypes_pam.py - PAM Authentication Module which is included with Gate One.

It was originally written by Alan Schmitz (but has changed quite a bit).

The only non-obvious aspect of this module is that the pam_realm setting is only used when the user is asked to authenticate and when the user's information is stored in the 'users' directory. It isn't actually used in any part of the authentication (PAM doesn't take a "realm" setting).

class gateone.auth.pam.PAMAuthMixin(application, request, **kwargs)

This is used by PAMAuthHandler in Authentication to authenticate users via PAM.

initialize()

Print out helpful error messages if the requisite settings aren't configured.

get_authenticated_user(callback)

Processes the client's Authorization header and call self.auth_basic()

auth_basic(auth_header, callback)

Perform Basic authentication using self.settings['pam_realm'].

authenticate_redirect()

Informs the browser that this resource requires authentication (status code 401) which should prompt the browser to reply with credentials.

The browser will be informed that we support Basic auth.