{"id":3781,"library":"python-pam","title":"Python PAM","description":"python-pam is a Python module that provides an interface to the Pluggable Authentication Modules (PAM) system on Unix-like operating systems using ctypes. It enables Python applications to perform user authentication tasks by leveraging the underlying system's PAM configuration. The current version is 2.0.2. Releases are primarily driven by bug fixes and compatibility updates.","status":"active","version":"2.0.2","language":"en","source_language":"en","source_url":"https://github.com/FirefighterBlu3/python-pam","tags":["authentication","security","pam","system","linux"],"install":[{"cmd":"pip install python-pam","lang":"bash","label":"Install with pip"}],"dependencies":[{"reason":"Requires the underlying system's PAM library and development headers (e.g., libpam0g-dev on Debian-based systems) to build and function correctly.","package":"linux-pam","optional":false}],"imports":[{"note":"The primary interface is directly via the 'pam' module.","symbol":"pam","correct":"import pam"}],"quickstart":{"code":"import pam\nimport os\n\np = pam.authenticate()\n\n# For demonstration, use environment variables or default values.\n# On a real system, you would get these from user input.\nusername = os.environ.get('PAM_TEST_USERNAME', 'testuser')\npassword = os.environ.get('PAM_TEST_PASSWORD', 'testpassword')\n\n# Note: For successful authentication, 'testuser' and 'testpassword'\n# must be valid credentials on the system where this code runs,\n# and the PAM configuration must allow 'python-pam' to authenticate.\nif p.authenticate(username, password):\n    print(f\"Authentication successful for {username}. Code: {p.code}, Reason: {p.reason}\")\nelse:\n    print(f\"Authentication failed for {username}. Code: {p.code}, Reason: {p.reason}\")","lang":"python","description":"Initializes the PAM authentication object and attempts to authenticate a user with provided credentials. The `authenticate()` method returns `True` or `False`, and additional details are available in `p.code` and `p.reason`."},"warnings":[{"fix":"Ensure your code checks for `True` or `False` return values from `authenticate()`. If specifically targeting 2.0.0, verify against the PAM constant, otherwise boolean is standard in 2.0.2+.","message":"The `authenticate()` method's return type changed from a boolean to a PAM constant in version 2.0.0, and then reverted to a boolean in 2.0.2. Code expecting a boolean in 2.0.0 would have broken. Always check the return value against `True`/`False` or the specific PAM constant for 2.0.0 if targeting that version.","severity":"breaking","affected_versions":"2.0.0"},{"fix":"Design your application with appropriate privilege separation. For authenticating multiple users in a non-privileged context, consider an authentication stack like SSSD on Linux.","message":"The library adheres to standard PAM privilege rules: if running as root (or with privileged access), you can check any account's password. If not running as root, you can generally only check the validity of the username running the tool.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Migrate any Python 2 usage to Python 3 as future support is not guaranteed and actively discouraged.","message":"While Python 2 support was intentionally left in for version 2.0.0, the project README explicitly states that Python 2 support is deprecated.","severity":"deprecated","affected_versions":"2.0.0+"},{"fix":"Familiarize yourself with PAM configuration on your target system. Ensure the relevant PAM service (`/etc/pam.d/system-auth` or a custom service) is correctly configured for the desired authentication methods.","message":"The functionality of `python-pam` is entirely dependent on the underlying system's PAM configuration (e.g., files in `/etc/pam.d/`). Misconfiguration of PAM on the host system will lead to authentication failures or unexpected behavior within your Python application.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Deploy applications using `python-pam` only on Linux or other compatible Unix-like systems. For Windows authentication, consider alternative libraries or methods.","message":"This library is designed for Unix-like operating systems (specifically Linux) and does not support Windows.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}