Flask-PAM is a plugin for Flask microframework which enables authentication using Linux's PAM (Pluggable Authentication Module). You can check if user:

• is authenticated
• is in specified group

using views' decorators.

To install Flask-PAM you should use setup.py script:

python setup.py install

If you use Python's virtual environments don't forget to activate it using this command:

source bin/activate

in virtualenv's directory.

Firstly, you have initialize flask_pam.Auth object and choose storage type for tokens and type of token:

from flask import Flask
 
from flask_pam import Auth
from flask_pam.token import Simple
from flask_pam.token_storage import DictStorage

app = Flask(__name__)
auth = Auth(DictStorage, Simple, app)

When you write a view which requires authentication, you have to use auth_required decorator:

@app.route('/protected')
@auth.auth_requied
def protected_view():
    ....

When you want to require user to be a member of some group, you use group_required decorator.

@app.route('/group_protected')
@auth.group_protected('wheel')
def group_protected_view():
    ....

Important! User who runs Flask application need to have access to /etc/shadow file. In some cases it's only needed to add that user to shadow group. Sometimes you have to create that group and change group of /etc/shadow file and then add user to that group.

You can check example which is located in example directory.