salt.auth.pam
Authenticate against PAM
Provides an authenticate function that will allow the caller to authenticate a user against the Pluggable Authentication Modules (PAM) on the system.
Implemented using ctypes, so no compilation is necessary.
There is one extra configuration option for pam. The pam_service that is authenticated against. This defaults to login
auth.pam.service: login
Note
Solaris-like (SmartOS, OmniOS, ...) systems may need auth.pam.service
set to other
.
Note
PAM authentication will not work for the root
user.
The Python interface to PAM does not support authenticating as root
.
Note
Using PAM groups with SSSD groups on python2.
To use sssd with the PAM eauth module and groups the pysss module is needed. On RedHat/CentOS this is python-sss.
This should not be needed with python >= 3.3, because the os modules has the getgrouplist function.
- class
salt.auth.pam.
PamConv
-
Wrapper class for pam_conv structure
-
appdata_ptr
-
Structure/Union member
-
conv
-
Structure/Union member
-
- class
salt.auth.pam.
PamHandle
-
Wrapper class for pam_handle_t
-
handle
-
Structure/Union member
-
- class
salt.auth.pam.
PamMessage
-
Wrapper class for pam_message structure
-
msg
-
Structure/Union member
-
msg_style
-
Structure/Union member
-
- class
salt.auth.pam.
PamResponse
-
Wrapper class for pam_response structure
-
resp
-
Structure/Union member
-
resp_retcode
-
Structure/Union member
-
-
Authenticate via pam
salt.auth.pam.auth(username, password, **kwargs)
-
Returns True if the given username and password authenticate for the given service. Returns False otherwise
username
: the username to authenticatepassword
: the password in plain text
salt.auth.pam.authenticate(username, password)
-
Retrieve groups for a given user for this auth provider
Uses system groups
salt.auth.pam.groups(username, *args, **kwargs)
© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/auth/all/salt.auth.pam.html