X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Flogin%2Fauthform.py;h=b61d4c9b23b8d2c52992fc8bfa51144665bf4534;hp=c6b958f4ea76dd6279e581e430d359da4d3fd86c;hb=426f03dffc8f648a12b5f8a4b2ab30c8b4498be3;hpb=cfe24fa3dc15d87f3ace944a2d62a0f4c5ee496c diff --git a/ipsilon/login/authform.py b/ipsilon/login/authform.py index c6b958f..b61d4c9 100644 --- a/ipsilon/login/authform.py +++ b/ipsilon/login/authform.py @@ -9,6 +9,15 @@ from string import Template import cherrypy import subprocess +# Translate PAM errors into more human-digestible values and eventually +# other languages. +PAM_AUTH_ERRORS = { + "Authentication token is no longer valid; new one required": + "Password is expired", + "Authentication failure": + "Authentication failure", +} + class Form(LoginFormBase): @@ -19,12 +28,13 @@ class Form(LoginFormBase): if not user.is_anonymous: return self.lm.auth_successful(self.trans, user.name, 'password') else: - try: - error = cherrypy.request.headers['EXTERNAL_AUTH_ERROR'] - except KeyError: - error = "Unknown error using external authentication" - cherrypy.log.error("Error: %s" % error) - return self.lm.auth_failed(self.trans) + error = cherrypy.request.wsgi_environ.get( + 'EXTERNAL_AUTH_ERROR', + 'Unknown error using external authentication' + ) + error = PAM_AUTH_ERRORS.get(error, error) + cherrypy.log.error("Error: %s" % error) + return self.lm.auth_failed(self.trans, error) class LoginManager(LoginManagerBase): @@ -99,7 +109,7 @@ class Installer(LoginManagerInstaller): group.add_argument('--form-service', action='store', default='remote', help='PAM service name to use for authentication') - def configure(self, opts): + def configure(self, opts, changes): if opts['form'] != 'yes': return