sssd_test_framework.utils.pam
PAM Tools.
Classes
|
Management of PAM Access on the client host. |
|
Management of PAM Faillock on the client host. |
- class sssd_test_framework.utils.pam.PAMAccessUtils(*args, **kwargs)
Bases:
MultihostUtilityManagement of PAM Access on the client host.
Example usage@pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_example(client: Client, provider: GenericProvider): # Add users provider.user("user-1").add() provider.user("user-2").add() with mh_utility(PAMAccessUtils(client.host, client.fs)) as access: # Add rule to permit "user-1" and deny "user-2" access.config_set([ { "access": "+", "user": "user-1", "origin": "ALL", }, { "access": "-", "user": "user-2", "origin": "ALL" } ]) client.sssd.authselect.enable_feature(["with-pamaccess"]) client.sssd.start() # Check the results assert client.auth.ssh.password("user-1", "Secret123") assert not client.auth.ssh.password("user-2", "Secret123")
- Parameters:
host (MultihostHost) – Multihost object
fs (LinuxFileSystem) – LinuxFileSystem object
file (str) – File name of access file, defaults to
/etc/security/access.conf
- setup() None
Setup object.
- teardown() None
Teardown object.
- config_read() str
Read access file as Augeas tree. :return: PAM access configuration :rtype: str
- config_delete(value: list[dict[str, str]]) None
Delete access configuration. :param value: Configuration. :type value: list[dict[str, str]] :return: None
- config_set(value: list[dict[str, str]]) None
Configure access configuration file. :param value: Access rule :type value: list[list[str]] :return: None
- class sssd_test_framework.utils.pam.PAMFaillockUtils(*args, **kwargs)
Bases:
MultihostUtilityManagement of PAM Faillock on the client host.
Example usage@pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_example(client: Client, provider: GenericProvider): # Add user provider.user("user-1").add() with mh_utility(PAMFaillockUtils(client.host, client.fs)) as faillock: # Setup faillock faillock.config_set({"deny": "3", "unlock_time": "300"}) client.sssd.common.pam(["with-faillock"]) # Start SSSD client.sssd.start() # Check the results assert client.auth.ssh.password("user-1", "Secret123") # Three failed login attempts for i in range(3): assert not client.auth.ssh.password("user-1", "bad_password") assert not client.auth.ssh.password("user-1", "Secret123")
- Parameters:
host (MultihostHost) – MultihostHost object
fs (LinuxFileSystem) – LinuxFileSystem object
file (str) – Faillock configuration file, defaults to
/etc/security/faillock.conf
- setup() None
Setup object.
- teardown() None
Teardown object.
- config_read() str
Read faillock configuration as augeas tree. :return: PAM access configuration :rtype: str
- config_delete(value: dict[str, str]) None
Delete faillock configuration. :param value: Configuration. :type value: dict[str, str] :return: None
- config_set(value: dict[str, str]) None
Set faillock configuration. :param value: Configuration parameter(s) and value(s). :type value: dict[str, str] :return: None