Authenticate Against PAM with Python in ejabberd 1.x

Important: PAM authentication is included in ejabberd 2.0.0 and newer
Name: check_pam
Purpose: Authenticate Against PAM with Python
Author: Goedson Teixeira Paixao
Type: Script
Requirements: ejabberd 1.1.4 or older
Download:, backup:

Don't forget to install the Python PAM library in your system.

Related Links

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

This script is broken

This script is broken at line 99: wrote:

(operation, user, host, password) = data.split(':')

The problem is that we do not know at this point if the operation is going to be auth or isuser. In the auth case, this is correct, but in the isuser case this will throw an exception that will confuse epmd and break authentication until a restart. The way to test this is simple: send a message to an offline user while this extauth is loaded, and you will expose this bug.

In my own heavily hacked-up offshoot of this script, I used an ugly try/except block to split on only operation,user,host if the above fails. Probably the best way is to split into a list, check list[0] for the operation, and give names only once you're inside the if/else block checking operation.

Re: The script is broken

If you're using python 2.4, you can test for the command first using


then in the check for auth

and in the check for isuser
(user,host) = moredata.spllit(':')

Note: code is not tested.

When sending offline

When sending offline messages , users can no longer login and it hangs while trying to connect...

Syndicate content