Authenticate against PAM
Provides an authenticate function that will allow the caller to authenticate a user against the Pluggable Authentication Modules (PAM) on the system.
Implemented using ctypes, so no compilation is necessary.
There is one extra configuration option for pam. The pam_service that is authenticated against. This defaults to login
auth.pam.service: login
Note
Solaris-like (SmartOS, OmniOS, …) systems may need auth.pam.service set to other.
Note
PAM authentication will not work for the root user.
The Python interface to PAM does not support authenticating as root.
Note
Using PAM groups with SSSD groups on python2.
To use sssd with the PAM eauth module and groups the pysss module is needed. On RedHat/CentOS this is python-sss.
This should not be needed with python >= 3.3, because the os modules has the getgrouplist function.
salt.auth.pam.PamConv¶Wrapper class for pam_conv structure
appdata_ptr¶Structure/Union member
conv¶Structure/Union member
salt.auth.pam.PamMessage¶Wrapper class for pam_message structure
msg¶Structure/Union member
msg_style¶Structure/Union member
salt.auth.pam.PamResponse¶Wrapper class for pam_response structure
resp¶Structure/Union member
resp_retcode¶Structure/Union member
salt.auth.pam.auth(username, password, **kwargs)¶Authenticate via pam
salt.auth.pam.authenticate(username, password)¶Returns True if the given username and password authenticate for the given service. Returns False otherwise
username: the username to authenticate
password: the password in plain text
salt.auth.pam.groups(username, *args, **kwargs)¶Retrieve groups for a given user for this auth provider
Uses system groups
Docs for previous releases are available on readthedocs.org.
Latest Salt release: 2018.3.3