在运行mod_python的脚本中使用pam_python

时间:2010-04-02 16:10:20

标签: python linux mod-python pam

我想开发一个Web界面,允许Linux系统的用户执行与其帐户相关的某些任务。我决定在Apache上使用Python和mod_python编写站点的后端。为了验证用户,我想我可以使用python_pam来查询PAM服务。我修改了与模块捆绑在一起的example并得到了这个:

# out is the output stream used to print debug
def auth(username, password, out):
    def pam_conv(aut, query_list, user_data):
        out.write("Query list: " + str(query_list) + "\n")

        # List to store the responses to the different queries
        resp = []

        for item in query_list:
            query, qtype = item

            # If PAM asks for an input, give the password
            if qtype == PAM.PAM_PROMPT_ECHO_ON or qtype == PAM.PAM_PROMPT_ECHO_OFF:
                resp.append((str(password), 0))

            elif qtype == PAM.PAM_PROMPT_ERROR_MSG or qtype == PAM.PAM_PROMPT_TEXT_INFO:
                resp.append(('', 0))

        out.write("Our response: " + str(resp) + "\n")
        return resp

    # If username of password is undefined, fail
    if username is None or password is None:
        return False

    service = 'login'
    pam_ = PAM.pam()
    pam_.start(service)

    # Set the username
    pam_.set_item(PAM.PAM_USER, str(username))

    # Set the conversation callback
    pam_.set_item(PAM.PAM_CONV, pam_conv)

    try:
        pam_.authenticate()
        pam_.acct_mgmt()
    except PAM.error, resp:
        out.write("Error: " + str(resp) + "\n")
        return False
    except:
        return False

    # If we get here, the authentication worked
    return True

我的问题是,无论是在简单脚本中使用还是通过mod_python,此函数的行为都不一样。为了说明这一点,我写了这些简单的案例:

my_username = "markys"
my_good_password = "lalala"
my_bad_password = "lololo"

def handler(req):
 req.content_type = "text/plain"
 req.write("1- " + str(auth(my_username,my_good_password,req) + "\n"))
 req.write("2- " + str(auth(my_username,my_bad_password,req) + "\n"))
 return apache.OK

if __name__ == "__main__":
 print "1- " + str(auth(my_username,my_good_password,sys.__stdout__))
 print "2- " + str(auth(my_username,my_bad_password,sys.__stdout__))

脚本的结果是:

Query list: [('Password: ', 1)]
Our response: [('lalala', 0)]
1- True
Query list: [('Password: ', 1)]
Our response: [('lololo', 0)]
Error: ('Authentication failure', 7)
2- False

但是mod_python的结果是:

Query list: [('Password: ', 1)]
Our response: [('lalala', 0)]
Error: ('Authentication failure', 7)
1- False
Query list: [('Password: ', 1)]
Our response: [('lololo', 0)]
Error: ('Authentication failure', 7)
2- False

我不明白为什么auth函数在给定相同输入的情况下不会返回相同的值。知道我哪弄错了吗? Here是原始脚本,如果可以帮助您的话。

非常感谢!

编辑:好吧,我发现了错误。我以root身份运行脚本。 mod_python以网络服务器的用户身份运行脚本。只有root才有权读取阴影。我不知道如何绕过这个,但至少现在我知道这是什么问题!

1 个答案:

答案 0 :(得分:0)

您似乎必须启用Apache才能使用PAM身份验证。请查看此网站:http://www.debianhelp.co.uk/apachepam.htm

您可能也想查看此网站:http://inming.net/?p=86

相关问题
最新问题