Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # /etc/stuff.pam_pgsql.conf
- # with NSS, sslmode=enable leads to deadlock; we are only using PAM here, but
- # SSL is not needed for localhost
- connect = host=127.0.0.1 dbname=stuff user=user password=pass connect_timeout=1 sslmode=disable
- # passwords are not really clear ... auth_query preforms the actual hashing
- # and comparison from within the query; if that succeeds the original password
- # is returned (clear == clear)
- pw_type = clear
- # pam_pgsql does not support much beyond basic hashing; use pgcrypto to perform
- # the comparison, in-query, then return the original to signal success
- auth_query = SELECT CAST(%p as varchar) FROM auth_user au, auth_user_groups aug, auth_group ag, auth_group_permissions agp, auth_permission ap, django_content_type ct WHERE (au.username = %u AND au.id = aug.user_id AND aug.group_id = ag.id AND ag.id = agp.group_id AND agp.permission_id = ap.id AND ap.codename = 'use_api' AND ap.content_type_id = ct.id AND ct.app_label = 'stuff' AND ct.model = 'global') AND substring(au.password from 4) = crypt(%p, substring(au.password from 4)) ORDER BY au.username LIMIT 1
- # compatible with Django bcrypt
- pwd_query = UPDATE auth_user SET password = concat('bc$', crypt(%p, gen_salt('bf', 12))) WHERE username = %u
- #TODO: check is_staff and is_active
- acct_query = SELECT False, False, False;
Add Comment
Please, Sign In to add comment