cxfcxf · April 22, 2019 23:48
diff --git a/PyPAM_test.py b/PyPAM_test.py
 #!/usr/bin/env python

 import sys
 import PAM
 from getpass import getpass

 def pam_conv(auth, query_list):

    resp = []

    for i in range(len(query_list)):
        query, type = query_list[i]
        if type == PAM.PAM_PROMPT_ECHO_ON:
            val = raw_input(query)
            resp.append((val, 0))
        elif type == PAM.PAM_PROMPT_ECHO_OFF:
            val = getpass(query)
            resp.append((val, 0))
        elif type == PAM.PAM_PROMPT_ERROR_MSG or type == PAM.PAM_PROMPT_TEXT_INFO:
            print query
            resp.append(('', 0));
        else:
            return None

    return resp

 service = 'system-auth'

 if len(sys.argv) == 2:
    user = sys.argv[1]
 else:
    user = None

 auth = PAM.pam()
 auth.start(service)

 print auth

 if user != None:
    auth.set_item(PAM.PAM_USER, user)

 auth.set_item(PAM.PAM_CONV, pam_conv)

 auth.set_userdata("testing user data")

 try:
    auth.authenticate()
    auth.acct_mgmt()
 except PAM.error, (resp, code):
    print 'Go away! (%s)' % resp
 except:
    print 'Internal error'
 else:
    print 'Good to go!'
diff --git a/system-auth b/system-auth
 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_tally2.so onerr=fail deny=5 unlock_time=900
 auth        required      pam_env.so
 auth        required      pam_faildelay.so delay=2000000
 auth        sufficient    pam_unix.so nullok try_first_pass
 auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
 auth        required      pam_deny.so

 account     required      pam_unix.so
 account     sufficient    pam_localuser.so
 account     sufficient    pam_succeed_if.so uid < 1000 quiet
 account     required      pam_permit.so
 account     required      pam_tally2.so

 password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
 password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
 password    required      pam_deny.so

 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
 -session     optional      pam_systemd.so
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
	#!/usr/bin/env python

	import sys
	import PAM
	from getpass import getpass

	def pam_conv(auth, query_list):

	resp = []

	for i in range(len(query_list)):
	query, type = query_list[i]
	if type == PAM.PAM_PROMPT_ECHO_ON:
	val = raw_input(query)
	resp.append((val, 0))
	elif type == PAM.PAM_PROMPT_ECHO_OFF:
	val = getpass(query)
	resp.append((val, 0))
	elif type == PAM.PAM_PROMPT_ERROR_MSG or type == PAM.PAM_PROMPT_TEXT_INFO:
	print query
	resp.append(('', 0));
	else:
	return None

	return resp

	service = 'system-auth'

	if len(sys.argv) == 2:
	user = sys.argv[1]
	else:
	user = None

	auth = PAM.pam()
	auth.start(service)

	print auth

	if user != None:
	auth.set_item(PAM.PAM_USER, user)

	auth.set_item(PAM.PAM_CONV, pam_conv)

	auth.set_userdata("testing user data")

	try:
	auth.authenticate()
	auth.acct_mgmt()
	except PAM.error, (resp, code):
	print 'Go away! (%s)' % resp
	except:
	print 'Internal error'
	else:
	print 'Good to go!'
	#%PAM-1.0
	# This file is auto-generated.
	# User changes will be destroyed the next time authconfig is run.
	auth required pam_tally2.so onerr=fail deny=5 unlock_time=900
	auth required pam_env.so
	auth required pam_faildelay.so delay=2000000
	auth sufficient pam_unix.so nullok try_first_pass
	auth requisite pam_succeed_if.so uid >= 1000 quiet_success
	auth required pam_deny.so

	account required pam_unix.so
	account sufficient pam_localuser.so
	account sufficient pam_succeed_if.so uid < 1000 quiet
	account required pam_permit.so
	account required pam_tally2.so

	password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
	password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
	password required pam_deny.so

	session optional pam_keyinit.so revoke
	session required pam_limits.so
	-session optional pam_systemd.so
	session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
	session required pam_unix.so