Hi,
I am attempting to write a linux logon manager with python.
Can python access login APIs (which module ?) or do I need to write a
wrapper ?
Regards,
Philippe
8  3016 
"login APIs" vary widely from system to system.
Classic Unix systems use calls like getpwent and crypt to check passwords, and
then call setuid, setgid and setgroups to set the identity of the user who is
logging in. These are all available in stock Python, check the library
reference for more details. Other login-time activities, like writing utmp
entries, may not be directly available in stock Python modules.
Many modern Linux systems use something called 'pam' for login-related
activities, and there seems to be something called 'python-pam' out there, but
I've never used it.
Graphical login managers have their own additional requirements, such as
starting and stopping the X server, managing the X authentication information,
etc.
Jeff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDcN4AJd01MZaTXX0RAhH4AJ4msijvQ12vnkGPfyb0cR 6EjLHObACgikfI
qkOTC0vQi4F5Gq/a/wyzKQU=
=3nXm
-----END PGP SIGNATURE-----
That helps a lot, thanks.
Regards,
Philippe je****@unpythonic.net wrote: "login APIs" vary widely from system to system.
Classic Unix systems use calls like getpwent and crypt to check passwords,
and then call setuid, setgid and setgroups to set the identity of the user
who is
logging in. These are all available in stock Python, check the library
reference for more details. Other login-time activities, like writing
utmp entries, may not be directly available in stock Python modules.
Many modern Linux systems use something called 'pam' for login-related
activities, and there seems to be something called 'python-pam' out there,
but I've never used it.
Graphical login managers have their own additional requirements, such as
starting and stopping the X server, managing the X authentication
information, etc.
Jeff
Jeff,
1- I cannot find getpwent in the documentation
2- crypt will not work if the system does not have shadow pw
3- Even as root I get "Operation not permitted" using setuid and setgid ...
but I assume it is because I cannot get 1 and/or 2 to work.
Can you direct me to some link that would explain the actual procedure ?
Thanks,
Regards,
Philippe je****@unpythonic.net wrote: "login APIs" vary widely from system to system.
Classic Unix systems use calls like getpwent and crypt to check passwords,
and then call setuid, setgid and setgroups to set the identity of the user
who is
logging in. These are all available in stock Python, check the library
reference for more details. Other login-time activities, like writing
utmp entries, may not be directly available in stock Python modules.
Many modern Linux systems use something called 'pam' for login-related
activities, and there seems to be something called 'python-pam' out there,
but I've never used it.
Graphical login managers have their own additional requirements, such as
starting and stopping the X server, managing the X authentication
information, etc.
Jeff
getting there, this sequence creates a file with the correct uid and gid
test_user_ids = 504
print os.setreuid(test_user_ids,0)
print os.setregid(test_user_ids,0)
print os.setuid(test_user_ids)
print os.setgid(test_user_ids)
print os.getuid()
f = open("/tmp/toto","w")
f.write("titi")
f.close()
Philippe C. Martin wrote: Jeff,
1- I cannot find getpwent in the documentation
2- crypt will not work if the system does not have shadow pw
3- Even as root I get "Operation not permitted" using setuid and setgid
... but I assume it is because I cannot get 1 and/or 2 to work.
Can you direct me to some link that would explain the actual procedure ?
Thanks,
Regards,
Philippe
je****@unpythonic.net wrote:
"login APIs" vary widely from system to system.
Classic Unix systems use calls like getpwent and crypt to check
passwords, and then call setuid, setgid and setgroups to set the identity
of the user who is
logging in. These are all available in stock Python, check the library
reference for more details. Other login-time activities, like writing
utmp entries, may not be directly available in stock Python modules.
Many modern Linux systems use something called 'pam' for login-related
activities, and there seems to be something called 'python-pam' out
there, but I've never used it.
Graphical login managers have their own additional requirements, such as
starting and stopping the X server, managing the X authentication
information, etc.
Jeff
"Philippe C. Martin" <pm*****@snakecard.com> writes: Jeff,
1- I cannot find getpwent in the documentation
getpwent is a Unix library call. For python, you want the pwd
module. The docs are <URL: http://docs.python.org/lib/module-pwd.html >.
2- crypt will not work if the system does not have shadow pw
Rubbish. crypt doesn't know anything about passord files. It just
knows how to encrypt a password. It's up to you to get the password
attempt from the user, and the encrypted password from the password
file (or the shadow password file). The pwd module doesn't deal with
shadow passwords. Maybe you meant "system does have shadow pw". But
it's pwd that doesn't work, not crypt - and that depends on the
system. For instance:
bhuda% cat tp.py
#!/usr/bin/env python
import pwd, os
p = pwd.getpwnam(os.environ['USER'])
print p[1]
bhuda% ./tp.py
*
But:
bhuda# ./tp.py
$1$cKJbUtaY$y.e7GRjo8ePxgiBzskyRX0
I.e. - as me, the pwd routines won't return passwords. As root, it
returns the encrypted password.
3- Even as root I get "Operation not permitted" using setuid and setgid ...
but I assume it is because I cannot get 1 and/or 2 to work.
They shouldn't have anything to do with it. Are you sure the process
is running as root? For instance, most modern Unices won't honor the
the setuid bit on script executables. You have to write a setuidj
wrapper that runs the interpreter with the appropriate privileges.
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
Hi Mike,
Mike Meyer wrote: 1- I cannot find getpwent in the documentation
getpwent is a Unix library call. For python, you want the pwd
module. The docs are <URL: http://docs.python.org/lib/module-pwd.html >.
I must be blind but still do not see it - do you mean getpwnam ?
2- crypt will not work if the system does not have shadow pw
Rubbish. crypt doesn't know anything about passord files. It just
knows how to encrypt a password. It's up to you to get the password
attempt from the user, and the encrypted password from the password
file (or the shadow password file). The pwd module doesn't deal with
shadow passwords. Maybe you meant "system does have shadow pw". But
it's pwd that doesn't work, not crypt - and that depends on the
system. For instance:
I meant that the code form the documentation fails on the "raise", with the
error "Sorry, currently no support for shadow passwords"
What should I understand ?
import os
import crypt, getpass, pwd
def login():
username = raw_input('Python login: ')
cryptedpasswd = pwd.getpwnam(username)[1]
print cryptedpasswd
if cryptedpasswd:
if cryptedpasswd == 'x' or cryptedpasswd == '*':
raise "Sorry, currently no support for shadow passwords"
cleartext = getpass.getpass()
return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
else:
return 1
bhuda% cat tp.py
#!/usr/bin/env python
import pwd, os
p = pwd.getpwnam(os.environ['USER'])
print p[1]
bhuda% ./tp.py
*
But:
bhuda# ./tp.py
$1$cKJbUtaY$y.e7GRjo8ePxgiBzskyRX0
I.e. - as me, the pwd routines won't return passwords. As root, it
returns the encrypted password.
3- Even as root I get "Operation not permitted" using setuid and setgid
... but I assume it is because I cannot get 1 and/or 2 to work.
They shouldn't have anything to do with it. Are you sure the process
is running as root? For instance, most modern Unices won't honor the
the setuid bit on script executables. You have to write a setuidj
wrapper that runs the interpreter with the appropriate privileges.
<mike
Thanks and regards,
Philippe
"Philippe C. Martin" <pm*****@snakecard.com> writes: Hi Mike,
Mike Meyer wrote: 1- I cannot find getpwent in the documentation
getpwent is a Unix library call. For python, you want the pwd
module. The docs are <URL: http://docs.python.org/lib/module-pwd.html >.
I must be blind but still do not see it - do you mean getpwnam ?
Sorry, I wasn't clear about it. getpwent is a Unix call that lets you
walk through all the entries in the password file. The equivalent in
the pwd module is getpwall. For your usage, you probably want
getpwnam. 2- crypt will not work if the system does not have shadow pw
Rubbish. crypt doesn't know anything about passord files. It just
knows how to encrypt a password. It's up to you to get the password
attempt from the user, and the encrypted password from the password
file (or the shadow password file). The pwd module doesn't deal with
shadow passwords. Maybe you meant "system does have shadow pw". But
it's pwd that doesn't work, not crypt - and that depends on the
system. For instance:
I meant that the code form the documentation fails on the "raise", with the
error "Sorry, currently no support for shadow passwords"
What should I understand ?
Right. You meant the example fails if the system does have a shadow
password system.
There are two alternatives: One, you're not running as root, and the
system works like FreeBSD (where my example was run), whose pwd
library transparently handles the shadow password file, filling in
real passwords iff you're root. In that case, running as root will
solve the problem.
Two, your system has a different API for dealing with the shadow
password file. You'll either have to wrap that API, or parse the
shadow password file yourself. Either way, you'll have to run as root
to access the real password information.
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
In <EJ3cf.896$sg5.719@dukeread12>, Philippe C. Martin wrote: I am attempting to write a linux logon manager with python.
Have you considered looking at the sources of xdm/gdm/kdm/... to see how
they solve the problems you have?
Ciao,
Marc 'BlackJack' Rintsch This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: CM |
last post by:
Hi, There:
I am working on a commercial ASP web application which use MS Access 2000 as
database.
When configuring the database access, I got an error saying that this
database is a read-only...
|
by: jakobsgaard |
last post by:
It is possible to Map a certificate to a Active Directory User Account from
DotNet?
Please provide an example.
Best regards,
Ejnar Jakobsgaard...
|
by: KarlM |
last post by:
I would like to write to the EventLog (Application) with following code. But
this works only under admin account. There are no restrictions in the
WriteEntry-documentation.
Can anyone help me?
...
|
by: Sebastjan Trepca |
last post by:
Hi!
I couldn't find anything on creating a new linux user account in
Python documentation.
Anyone has any experience with this? You just run useradd command in
shell or is there a more pythonic...
|
by: Dica |
last post by:
i'm getting an error when trying to perform a file move operation. this
operation worked fine on my dev box after i granted read/write/delete perms
to the asp.net user account on the folders i...
|
by: epots9 |
last post by:
I forgot how to fix this, so i was wondering:
how can i get my computer (WIN XP Media Center SP2) to auto select my user account at the logon screen? I only have one account setup with a password....
|
by: chosky |
last post by:
Hello all experts,
please, let me have your idea, my labtop turned to blacked-out screen it might be virus or else, I tried to repair this window vista still it show the welcome screen
and then...
|
by: monirul arfin |
last post by:
Hi all,
my user account ( administrator account ) icon is not shown on welcome screen when computer started. It shown only welcome and then it is aoutomaticaly logon. When i give a password or...
|
by: taufik |
last post by:
Hi..
I install a web base system. I using MSSQL 2000 database and the Driver should be SQL Server. I try run the system but i couldn't open. The message that appear "Logon failure: user account...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
