<p>我认为<code>pam</code>模块是您的最佳选择,但您不必将其直接嵌入到程序中。您可以编写一个简单的服务,该服务绑定到本地主机上的端口,或侦听UNIX域套接字,并为同一主机上的其他进程填充PAM请求。然后让web2py应用程序连接到它进行用户/密码验证。</p>
<p>例如:</p>
<pre><code>import asyncore
import pam
import socket
class Client(asyncore.dispatcher_with_send):
def __init__(self, sock):
asyncore.dispatcher_with_send.__init__(self, sock)
self._buf = ''
def handle_read(self):
data = self._buf + self.recv(1024)
if not data:
self.close()
return
reqs, data = data.rsplit('\r\n', 1)
self._buf = data
for req in reqs.split('\r\n'):
try:
user, passwd = req.split()
except:
self.send('bad\r\n')
else:
if pam.authenticate(user, passwd):
self.send('ok\r\n')
else:
self.send('fail\r\n')
def handle_close(self):
self.close()
class Service(asyncore.dispatcher_with_send):
def __init__(self, addr):
asyncore.dispatcher_with_send.__init__(self)
self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
self.set_reuse_addr()
self.bind(addr)
self.listen(1)
def handle_accept(self):
conn, _ = self.accept()
Client(conn)
def main():
addr = ('localhost', 8317)
Service(addr)
try:
asyncore.loop()
except KeyboardInterrupt:
pass
if __name__ == '__main__':
main()
</code></pre>
<p>用法:</p>
<pre><code>% telnet localhost 8317
bob abc123
ok
larry badpass
fail
incomplete
bad
</code></pre>