def authenticate(self, username, password): answers = { # PAM_PROMPT_ECHO_ON: [password], PAM_PROMPT_ECHO_OFF: [password], } conversation = self._get_conversation(answers) pam = self.start(conversation) pam.set_item(PAM_USER, username) try: pam.authenticate() except PAMError as autherr: AUTH.error("PAM: authentication error: %s" % (autherr,)) raise AuthenticationFailed(str(autherr[0])) self._validate_account(pam)
def authenticate(self, username, password, new_password=None): """Authenticate the client. Change password if expired. Should be run in a thread.""" user = self.getSession(User) AUTH.info('Trying to authenticate user %r' % (username,)) try: user.authenticate(username, password) except AuthenticationFailed as auth_failed: AUTH.error(str(auth_failed)) raise except PasswordExpired as pass_expired: AUTH.info(str(pass_expired)) if new_password is None: raise try: user.change_expired_password(username, password, new_password) except PasswordChangeFailed as change_failed: AUTH.error(str(change_failed)) raise else: AUTH.info('Password change for %r was successful' % (username,)) else: AUTH.info('Authentication for %r was successful' % (username,))