Skip to main content

Google PAM Module (defunct)

Project description

Google PAM Module (defunct)

This package used to implement a PAM module to authenticate users against a Google domain.

It is now utterly broken and allows anyone to authenticate with any password they provide: https://github.com/zopefoundation/cipher.googlepam/issues/1

DO NOT USE THIS PACKAGE

Changelog

1.7.0 (2016-10-21)

1.6.0 (2013-04-16)

  • Extracted a reusable helper cipher.googlepam.pam_google.GoogleAuth that you can use to implement Google authentication in applications that do not use PAM.

1.5.1 (2012-10-11)

  • MemCache reliability fixes:

    • SECURITY FIX: do not use the same cache key for all users.

      Previously when one user logged in successfully, others could not log in using their own passwords – but the first user could now use her password to log in as anyone else.

    • Do not store custom classes in memcached so we don’t get unpickling errors caused by the special execution environment set up by pam_python.so. Previously the cached value was a subclass of tuple, now it’s a plain tuple, so old caches will continue to work with the new code.

  • FileCache reliability fixes:

    • Avoid incorrect cache lookups (or invalidations) when a username is a proper prefix of some other username.

    • Avoid cache poisoning if usernames contain embedded ‘::’ separators or newlines.

    • Avoid exceptions on a race condition if the cache file disappears after we check for its existence but before we open it for reading.

  • Add missing test file for multi-group support. It was accidentally left out of the last release causing a test failure.

  • Make add-google-users skip users that already exist without printing scary error messages that make it seem the script aborted early.

1.5.0 (2012-10-09)

  • Support multiple Google groups. The authenticating user has to be a member of any one of them for access to be allowed.

  • Added add-google-users new option –exclude to skip adding some users (e.g. the ‘admin’ user might clash with an existing ‘admin’ group, causing the script to fail).

  • Added add-google-users option –add-to-group as a more meaningful alias for the old –admin-group option.

  • Added add-google-users option –add-to-group-command for completeness.

1.4.0 (2012-10-08)

  • Set umask to avoid world-readable log and cache files.

  • Add a space after the PAM prompt.

  • The add-google-users script now reads the pam_google config file to get the domain, username, password and group. You can also use -C/–config-file to specify a different config file.

  • add-google-users does not break if you don’t specify –admin-group.

  • Added Debian packaging.

1.3.0 (2012-04-24)

  • Added ability to cache authentication result, since some uses, such as Apache authentication can cause a lot of requests. File- and memcached-based caches have been implemented and are available/configurable in the configuration file.

  • Fully stubbed out the Google API for faster and simpler testing.

  • Removed all traces of Cipher’s specific account details.

  • Changed all headers to ZPL.

  • The package is ready for public release.

1.2.0 (2012-04-17)

  • Do not fail if the username already exists.

1.1.0 (2012-04-17)

  • Make the admin group configurable.

1.0.0 (2012-04-17)

  • PAM module authenticating against users in a group of a particular Google domain.

  • Script to add all users of a group within a Google domain as system users.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cipher.googlepam-1.7.0.tar.gz (3.7 kB view details)

Uploaded Source

File details

Details for the file cipher.googlepam-1.7.0.tar.gz.

File metadata

File hashes

Hashes for cipher.googlepam-1.7.0.tar.gz
Algorithm Hash digest
SHA256 cbf723553bd7715164d35fa22add2b8a7ae9e76ceb22e113e688ebf13f41622a
MD5 50a94444db721f41c3cbb4eeed747772
BLAKE2b-256 a72affcd3f84a7f9d04e0636b8fe70876b35222cff64b4f0c3b337613f63aaa4

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page