Hi all! I've tagged PyAuthD, beta 3 today. This release marks a milestone, as PyAuthD has superseded PyPAM and PyNSS (the precursors not implemented on a client/server model which are private to my univ) on the mail server which hosts our university's student email accounts.
I'm able to release a demo server along with the actual modules (and an !untested! Postfix patch to enable PyAuthD to serve Postfix maps) under an adapted BSD license. What is PyAuthD? ---------------- A client/server implementation of a Python authentication daemon. The initiative to implement a Python authentication daemon came from the fact that MS SQL-Server is used as the backend server for our univ's HIS (Hochschul-Informations-System, university information system), and there are no proper PAM and NSS modules which can access MS SQL-server (as far as I found). Looking at the winbind sources (of the samba project) taking the step to implement short and concise C modules which access a Python daemon which does the actual handling wasn't much farfetched. Currently, PyAuthD offers: 1) PAM authentication 2) NSS handling by dispatching to the server process on get(pw/sp/gr)* functions, which foregoes reentrancy issues 3) PPPd authentication which requires the authentication daemon to hand out clear-text passwords over the socket 4) Untested Postfix map implementation This allows unprecedented abilities for authentication purposes by being able to program authentication logic in a high-level language under a single unified structure. What is it not? --------------- A "round" system. PyAuthD is a system that "works for me and my univ" (TM), and as such I'm just releasing it (minus the actual authentication part we use) for all people out there who want to hack on it just as I do. On the other hand I don't think that creating a single infrastructure is sensible at all, and as such won't spend much time creating any more means to access and compile it than I currently do. If you feel you want to create a distribution or add autoconf/automake handling and are willing to spend the time, feel free to contact me! What about security? -------------------- Currently PyAuthD will run under standard Python. "Standard Python" does not offer security features which enable it to work reliably in a multiuser-environment (as there is a requirement that all users can connect to it), as Python does not clear memory on releasing it making several attacks possible in case users have login-shells on the server. Furthermore Linux offers the possibility to access process information on the connecting process of a Unix-Domain-Socket, but this functionality is not exposed in standard Python. All this has led to the spin-off of a further project also hosted along with PyAuthD called SEPython, which aims at improving this situation. SEPython is currently based on standard Python 2.4.1, and has implemented the necessary recvmsg and sendmsg calls for retrieving process/user information from a unix domain socket. SEPython hasn't implemented clearing of memory yet. As we don't offer user-login shells on the mail-server which uses PyAuthD, we currently don't spend time on SEPython, but this situation will change when the mail-server has been fully migrated to the new infrastructure. If there's interest I'll package my patches on SEPython for inclusion in the standard Python tree, but I don't think that platform-dependent patches like sendmsg/recvmsg will ever make it into the official tree. ChangeLog --------- Please look at the commit log since tag beta-2. Download -------- Access using Subversion: svn co http://svn.asta.mh-hannover.de/svn/repos/PyAuthD/tags/beta-3 PyAuthD or ViewCVS: http://svn.asta.mh-hannover.de/viewcvs/PyAuthD/tags/beta-3/ License ------- PyAuthD as in subversion is released under an adapted BSD-license, except the Postfix module, which is released under the Postfix Secure Mailer license. Contact ------- Heiko Wundram <[EMAIL PROTECTED]> or Heiko Wundram <[EMAIL PROTECTED]> -- --- Heiko. listening to: De/Vision - Miss You More see you at: http://www.stud.mh-hannover.de/~hwundram/wordpress/
pgpNTWG9hufQI.pgp
Description: PGP signature
-- http://mail.python.org/mailman/listinfo/python-list
