confirm password for logged in user

  • Thread starter =?ISO-8859-1?Q?Andr=E9?= Wyrwa
  • Start date
?

=?ISO-8859-1?Q?Andr=E9?= Wyrwa

Hei,

I know this kind of stuff has probably been asked a couple of times
already, and did quite a bit of googling about it, but the answers i
found were either unsatisfying or not specific enough to what i want to
do:

I'm writing on a (Linux only) python daemon that runs as regular user.

Under certain conditions the daemon should create a total screen lock as
in gksu and should require input of the users password to release the
lock.

This is similar to what xscreensavers oder gnome-screensavers screenlock
features do.

The problem kicks in because it should work with shadowed passwords.

I understand that shadowed passwords can be retrieved in Python 2.5, but
only if the program runs as superuser (or has the necessary privileges
for some other reason). This creates two problems: I'd like it to work
in Python 2.4 and the daemon doesn't and shouldn't run as superuser.

I'm wondering, though, if there isn't ANY way to have the password
confirmed for the user that is already logged in. Please note the
difference, i don't want to write some kind of login functionality. The
user is already authenticated, i just want to have a typed in password
checked agains the already logged in users password.

Isn't there any way? A simple bash trick would help as well, but i
couldn't find one.

I don't have much of a clue about PAM, but i got the notion that it
could be done via PyPAM? It's a pretty old package, which refrained me
from looking into this option so far.

Thanks for any help,
André.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBGGxKUEOp8fsnyxsQRAm+DAKCSID4S3rhTQLgS1G8jB4RA/lMRygCcCG6M
JyQLNvhfL6/UT3QnsVnlSlg=
=67rD
-----END PGP SIGNATURE-----
 
G

Guest

André Wyrwa said:
I'm wondering, though, if there isn't ANY way to have the password
confirmed for the user that is already logged in. Please note the
difference, i don't want to write some kind of login functionality. The
user is already authenticated, i just want to have a typed in password
checked agains the already logged in users password.

It is not possible to check a password against the shadow file without
having root privileges. Neither with nor without PAM.

Whyt you can do is install (or write yourself) a small program that
checks the password for you. That program must run as root (be installed
with suid root), but your daemon does not need to. The daemon calls the
external program to do the password check. http://unixpapa.com/pwauth
should work for your purposes.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top