def change_expired_password(self, username, old_password, new_password): prompts = [] answers = { PAM_PROMPT_ECHO_ON: [username], PAM_PROMPT_ECHO_OFF: [old_password, new_password, new_password], # old, new, retype } conversation = self._get_conversation(answers, prompts) pam = self.start(conversation) try: pam.chauthtok() except PAMError as pam_err: AUTH.warn('Changing password failed (%s). Prompts: %r' % (pam_err, prompts)) message = self.parse_error_message_from(prompts) raise PasswordChangeFailed(message)
def authenticate(self, username, password): answers = { # PAM_PROMPT_ECHO_ON: [password], PAM_PROMPT_ECHO_OFF: [password], } conversation = self._get_conversation(answers) pam = self.start(conversation) pam.set_item(PAM_USER, username) try: pam.authenticate() except PAMError as autherr: AUTH.error("PAM: authentication error: %s" % (autherr,)) raise AuthenticationFailed(str(autherr[0])) self._validate_account(pam)
def authenticate(self, username, password, new_password=None): """Authenticate the client. Change password if expired. Should be run in a thread.""" user = self.getSession(User) AUTH.info('Trying to authenticate user %r' % (username,)) try: user.authenticate(username, password) except AuthenticationFailed as auth_failed: AUTH.error(str(auth_failed)) raise except PasswordExpired as pass_expired: AUTH.info(str(pass_expired)) if new_password is None: raise try: user.change_expired_password(username, password, new_password) except PasswordChangeFailed as change_failed: AUTH.error(str(change_failed)) raise else: AUTH.info('Password change for %r was successful' % (username,)) else: AUTH.info('Authentication for %r was successful' % (username,))