From 390a442ca9ea5191c846f87c6caf117afa78ee81 Mon Sep 17 00:00:00 2001 From: d-w-moore Date: Wed, 27 Mar 2024 03:46:22 -0400 Subject: [PATCH] [#521] clearer documentation and errors regarding pam/pam_password Also incorporated is the pass-through module pam.py which incorporates a version check and reminds users in a friendly way (ie. by throwing a fatal exception with a non-confusing message :) ) to update their PAM scheme strings for 4.3+ ... --- README.md | 9 +++++++++ irods/auth/pam.py | 9 +++++++++ 2 files changed, 18 insertions(+) create mode 100644 irods/auth/pam.py diff --git a/README.md b/README.md index 3fd09870..509997d1 100644 --- a/README.md +++ b/README.md @@ -161,6 +161,15 @@ the `encryption_*` and `ssl_*` options directly to the constructor as keyword arguments, even though it is required when they are placed in the environment file. +PAM logins +---------- + +Starting with v2.0.0, the python iRODS client is able to authenticate under PAM using the same file-based client environment as the +iCommands. + +Caveat for iRODS 4.3+: when upgrading from 4.2, the "irods_authentication_scheme" setting must be changed from "pam" to "pam_password" in +`~/.irods/irods_environment.json` for all file-based client environments. + Maintaining a connection ------------------------ diff --git a/irods/auth/pam.py b/irods/auth/pam.py new file mode 100644 index 00000000..757eea74 --- /dev/null +++ b/irods/auth/pam.py @@ -0,0 +1,9 @@ +class PamLoginException(Exception): pass + +def login(conn): + if conn.server_version >= (4,3): + raise PamLoginException('PAM logins in iRODS 4.3+ require a scheme of "pam_password"') + conn._login_pam() + +# Pattern for when you need to import from sibling plugins: +from .native import login as native_login