Attachment 'moin-1.9-pamauth.patch'
Download 1 diff -r fc11712e0df0 MoinMoin/auth/pam_login.py
2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
3 +++ b/MoinMoin/auth/pam_login.py Sun Aug 05 19:39:47 2012 +1000
4 @@ -0,0 +1,69 @@
5 +"""
6 + MoinMoin PAM-based authentication
7 +
8 + Allows to authenticate against an underlying system's PAM
9 + authentication system (ie login using the credentials of any user
10 + on your machine.)
11 +
12 + Requires Chris AtLee's Python PAM module, egg can be downloaded
13 + from http://atlee.ca/software/pam/
14 +
15 + If you're using pam_unix with shadow passwords (ie a default Linux
16 + system's authentication system) then MoinMoin has to be running as
17 + the 'shadow' group who can access the /etc/shadow file. Otherwise
18 + you'll only be able to login as the user that MoinMoin is running
19 + as.
20 +
21 + For Apache, this means a line in apache config like:
22 + WSGIDaemonProcess moindaemon user=www-data group=shadow processes=10 maximum-requests=1000 umask=0007
23 +
24 + If you choose to do that, remember "you are deliberately weakening
25 + your system security, albeit only a little" -- as per
26 + http://pam.sourceforge.net/mod_auth_pam/shadow.html
27 +
28 + @copyright: 2012 by Angus Gratton <gus@projectgus.com>
29 + @license: GNU GPL, see COPYING for details.
30 +"""
31 +import pam
32 +from MoinMoin.auth import *
33 +
34 +class PAMAuth(BaseAuth):
35 + """ handle a login form login via PAM """
36 + def __init__(self, autocreate=False):
37 + BaseAuth.__init__(self)
38 + self.autocreate = autocreate
39 +
40 + login_inputs = ['username', 'password']
41 + name = 'PAM'
42 + logout_possible = True
43 +
44 + def login(self, request, user_obj, username=None, password=None, **kw):
45 + # simply continue if something else already logged in successfully
46 + if user_obj and user_obj.valid:
47 + return ContinueLogin(user_obj)
48 +
49 + if not username and not password:
50 + return ContinueLogin(user_obj)
51 +
52 + _ = request.getText
53 +
54 + logging.debug("%s: performing login action" % self.name)
55 +
56 + if username and not password:
57 + return ContinueLogin(user_obj, _('Missing password. Please enter user name and password.'))
58 +
59 + if pam.authenticate(username, password):
60 + u = user.User(request, auth_username=username, auth_method=self.name,
61 + auth_attribs=('name', 'password'))
62 + logging.debug("%s: successfully authenticated user %r (%s)" % (self.name, u.name, "valid" if u.valid else "invalid"))
63 + if self.autocreate:
64 + logging.debug("calling create_or_update to autocreate user %r" % u.name)
65 + u.create_or_update(True)
66 + return ContinueLogin(u)
67 + else:
68 + logging.debug("%s: could not authenticate user %r (not valid)" % (self.name, username))
69 + return ContinueLogin(user_obj, _("Invalid username or password."))
70 +
71 + def login_hint(self, request):
72 + _ = request.getText
73 + return _('Log in using the same username and password that you use to login to your account on this computer')
74 diff -r fc11712e0df0 docs/REQUIREMENTS
75 --- a/docs/REQUIREMENTS Sun Jul 22 20:59:35 2012 +0200
76 +++ b/docs/REQUIREMENTS Sun Aug 05 19:39:47 2012 +1000
77 @@ -63,6 +63,8 @@
78
79 openidrp auth: openid python module
80
81 +pam_login auth: python pam module, from http://atlee.ca/software/pam/
82 +
83 stats charts: gdchart python module
84
85 jabberbot: pyxmpp SVN revision 665 or release >= 1.0.1
Attached Files
To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.You are not allowed to attach a file to this page.