I would like to authenticate users with an external authentication script written in Python. Is it possible? If it is, what are the arguments (argv) passed to the script and what should the script return (exit code).
I've looked everywhere for documentation on this but I can't find any. I've read the example perl script but can't really understand it. Could anybody please help me on this. Cheers.
External Authentication
It looks like the external script does the following:
- Accepts an optional single argument of the domain, i'm not sure in what instance this
argument is passed... it appears that ejabberd calls it without args so I'm not sure
why that's in the script.
- Takes, as standard in, the following:
AABBBBBBBBB.....
A. 2 bytes of length data (a short in network byte order)
B. a string of length found in A that contains:
operation code:username:password
all in plain text
operation codes are as follows:
auth: check if a username/password pair is correct
setpass: set user's password
isuser: check if it's a valid user
- External script/command is then expected to write to standard out two shorts in
network byte order:
AABB
AA: the number 2 (i imagine this is the length in bytes of the result code)
BB: the result code, should be 1 for success/valid, or 0 for failure/invalid
- Script is also expected to run indefinitely apparantly, answering 'infinite' requests.
Does that help any?
External Auth Args
Looks like you can simply specify external args in ejabberd.cfg: Ie:
myscript arg1 arg2 arg3
So args are completely up to you.
(thanks to teo for pointing that out)
External Authentication - password passed in for isuser()?
Thanks for the great help. I'm working on an ntlm authentication in python right now and I need a bit more information.
As you were saying:
operation code:username:password
all in plain text
operation codes are as follows:
auth: check if a username/password pair is correct
setpass: set user's password
isuser: check if it's a valid user
I'm pretty sure the username is passed with all operations but how about the password? Is is passed in for the isuser operation?
Re: Externel Authentication - password passed in for isuser()?
I'm afraid I really don't know. I would say just give it a whirl, watch some debug output, and see if it is passed.
External Authentication(NTLM) in python.
Hi there guys, thanks for the explaination. But I still can't really get it. I've written the code for the three operations, can anybody help me with the stdin, stdout stuff?