469,622 Members | 2,112 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,622 developers. It's quick & easy.

confirm password for logged in user

Hei,

I know this kind of stuff has probably been asked a couple of times
already, and did quite a bit of googling about it, but the answers i
found were either unsatisfying or not specific enough to what i want to
do:

I'm writing on a (Linux only) python daemon that runs as regular user.

Under certain conditions the daemon should create a total screen lock as
in gksu and should require input of the users password to release the
lock.

This is similar to what xscreensavers oder gnome-screensavers screenlock
features do.

The problem kicks in because it should work with shadowed passwords.

I understand that shadowed passwords can be retrieved in Python 2.5, but
only if the program runs as superuser (or has the necessary privileges
for some other reason). This creates two problems: I'd like it to work
in Python 2.4 and the daemon doesn't and shouldn't run as superuser.

I'm wondering, though, if there isn't ANY way to have the password
confirmed for the user that is already logged in. Please note the
difference, i don't want to write some kind of login functionality. The
user is already authenticated, i just want to have a typed in password
checked agains the already logged in users password.

Isn't there any way? A simple bash trick would help as well, but i
couldn't find one.

I don't have much of a clue about PAM, but i got the notion that it
could be done via PyPAM? It's a pretty old package, which refrained me
from looking into this option so far.

Thanks for any help,
André.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBGGxKUEOp8fsnyxsQRAm+DAKCSID4S3rhTQLgS1G8jB4 RA/lMRygCcCG6M
JyQLNvhfL6/UT3QnsVnlSlg=
=67rD
-----END PGP SIGNATURE-----

Apr 10 '07 #1
1 2368
André Wyrwa schrieb:
I'm wondering, though, if there isn't ANY way to have the password
confirmed for the user that is already logged in. Please note the
difference, i don't want to write some kind of login functionality. The
user is already authenticated, i just want to have a typed in password
checked agains the already logged in users password.
It is not possible to check a password against the shadow file without
having root privileges. Neither with nor without PAM.

Whyt you can do is install (or write yourself) a small program that
checks the password for you. That program must run as root (be installed
with suid root), but your daemon does not need to. The daemon calls the
external program to do the password check. http://unixpapa.com/pwauth
should work for your purposes.

--
René
Apr 10 '07 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by arktikturtle | last post: by
2 posts views Thread by RICHARD BROMBERG | last post: by
4 posts views Thread by - Steve - | last post: by
3 posts views Thread by Wm. Scott Miller | last post: by
1 post views Thread by Sudhakara.T.P. | last post: by
reply views Thread by =?Utf-8?B?UmFq?= | last post: by
30 posts views Thread by diane | last post: by
reply views Thread by devrayhaan | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.