I'm writing a python program which allow user to login to it. I don't want to implement my own authentication but would rather take advantage of the OS(linux) mechanism. That is, when the user is trying to sign in my app by inputing username/password pair(which should be a valid OS user), I need to authenticate the pair by the OS. How to do that ? It may need the subprocess module, yet I've tried with no luck.
Add a comment
|
2 Answers
Try using PAM via Python PAM or similar
Comments
That should be possible by having your script read the /etc/passwd and /etc/shadow files, which contain details about usernames and passwords on a Linux system. Do note that the script will have to have read access to the files, which depending on the situation may or may not be possible.
Here are two good articles explaining the format of those files, which should tell you everything you need to know in order to have your script read and understand them:
By the way, when it talks about encrypted password, it means that it has been encrypted using the DES algorithm. You'll probably need to use pyDes or another python implementation of the DES algorithm in order for your script to create an encrypted password that it can compare to the one in /etc/shadow.
4 Comments
Hasturkun
DES isn't a hash, and /etc/shadow passwords (that have been through crypt) may be hashed differently. Additionally, reading /etc/shadow typically requires root privileges
Edoardo Pirovano
Whoops, fixed my answer about
DES not being a hash. The possibility that another algorithm was used, and how that is noted in /etc/shadow is discussed in the second link. As I said at the start of my answer, depending on the situation this solution may not be a reasonable one.
Eli Collins
reichhart
This doesn't work in all cases because the name service switch might have different sources for user data like e.g. LDAP, FreeIPA, IdM. And you also should not rely on a hashing alg but use the code from the system libs (e.g. PAM).