H
Heiko Wundram
PyAuthD - Python Authentication Daemon
--------------------------------------
PyAuthD is a project to create PAM, NSS and PPPd modules which communicate
with a running Python authentication daemon using a Unix Domain socket. The
project focusses so far on creating the necessary modules for PAM, NSS and
PPPd.
As the authentication is done using a single backend daemon, authentication on
a Unix system can now be done safely and securely through a single process
which need not even run as root as the metalanguage Python offers shields the
programmer from handling common mistakes such as buffer-overflows. Choosing
Python as the language to implement the daemon has other security
implications which I am working on resolving.
Current Release
---------------
I've released PyAuthD, beta 2a. The project is now available via subversion
from the following URL:
http://193.174.104.108/svn/repos/tags/PyAuthD-beta2a
or through ViewCVS:
http://193.174.104.108/viewcvs
Beta 2a does not yet implement a single daemon infrastructure, but contains
(rather) incomplete samples of how to interact with the modules in question.
These daemons were written with the single purpose to test the modules, and
may not work with the current state of the modules anymore.
License
-------
PyAuthD and the modules are released under a "New BSD"-style license. You are
required to keep the copyright intact if you plan on using this code, but
otherwise are not encumbered in using it except by the common advertising
clause.
Plans/Bugfixes
--------------
- Create autoconf/automake infrastructure for PyAuthD (looking for volunteers)
- Implement the single signon daemon in a proper way.
- Create Patches for the Python interpreter which cause types to overwrite the
memory used by an object with zeros after freeing it.
- Security-check the module implementations.
- Implement proper error handling in the NSS get*ent functions when memory
runs out.
- and much, much more...
Help
----
I'm working on this project with two other people. If you are interested in
joining us, feel free to mail me, and I can arrange commit priviledges to the
SVN repository.
Otherwise, I'm looking forward to this thursday, where I'll present the
project at this years German Linux-User-Groups meeting. Hope to see you
there!
--- Heiko Wundram.
--------------------------------------
PyAuthD is a project to create PAM, NSS and PPPd modules which communicate
with a running Python authentication daemon using a Unix Domain socket. The
project focusses so far on creating the necessary modules for PAM, NSS and
PPPd.
As the authentication is done using a single backend daemon, authentication on
a Unix system can now be done safely and securely through a single process
which need not even run as root as the metalanguage Python offers shields the
programmer from handling common mistakes such as buffer-overflows. Choosing
Python as the language to implement the daemon has other security
implications which I am working on resolving.
Current Release
---------------
I've released PyAuthD, beta 2a. The project is now available via subversion
from the following URL:
http://193.174.104.108/svn/repos/tags/PyAuthD-beta2a
or through ViewCVS:
http://193.174.104.108/viewcvs
Beta 2a does not yet implement a single daemon infrastructure, but contains
(rather) incomplete samples of how to interact with the modules in question.
These daemons were written with the single purpose to test the modules, and
may not work with the current state of the modules anymore.
License
-------
PyAuthD and the modules are released under a "New BSD"-style license. You are
required to keep the copyright intact if you plan on using this code, but
otherwise are not encumbered in using it except by the common advertising
clause.
Plans/Bugfixes
--------------
- Create autoconf/automake infrastructure for PyAuthD (looking for volunteers)
- Implement the single signon daemon in a proper way.
- Create Patches for the Python interpreter which cause types to overwrite the
memory used by an object with zeros after freeing it.
- Security-check the module implementations.
- Implement proper error handling in the NSS get*ent functions when memory
runs out.
- and much, much more...
Help
----
I'm working on this project with two other people. If you are interested in
joining us, feel free to mail me, and I can arrange commit priviledges to the
SVN repository.
Otherwise, I'm looking forward to this thursday, where I'll present the
project at this years German Linux-User-Groups meeting. Hope to see you
there!
--- Heiko Wundram.