Open Source Python Authentication Software

*NOTE* Migrated to http://github.com/cracklib/cracklib Next generation version of libCrack password checking library. As of Oct 2008 (reflected in 2.8.15 code release), licensed under LGPL.

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps).

Howdy provides Windows Hello™ style authentication for Linux. Use your built-in IR emitters and camera in combination with facial recognition to prove who you are. Using the central authentication system (PAM), works everywhere you would otherwise need your password: Login, lock screen, sudo, su, etc.

Luma is a graphical utility for accessing and managing data stored on LDAP servers. It is written in Python, using PyQt and python-ldap. Plugin-support is included and useful widgets with LDAP-functionality for easy creation of plugins are delivered. Following plugins are available: - Browser - Search - Templates

Opens up IIS Proxy Servers using NTLM to non-Microsoft browsers, etc

Naraio is LAMP like software. It contains Apache, MySQL, PHP, Perl, Openssl, Phpmyadmin, OpenLDAP, Subversion, Ruby, Python, Phpldapadmin, and Trac. Trac and Subversion are authenticates user with integrated ldap. Naraio is easy, secure and flexible.

A Jupyter server extension to proxy requests with AWS SigV4 authentication. This server extension enables the usage of the AWS JavaScript/TypeScript SDK to write Jupyter frontend extensions without having to export AWS credentials to the browser. A single /awsproxy endpoint is added on the Jupyter server which receives incoming requests from the browser, uses the credentials on the server to add SigV4 authentication to the request, and then proxies the request to the actual AWS service endpoint. All requests are proxied back-and-forth as-is, e.g., a 4xx status code from the AWS service will be relayed back as-is to the browser. Using this requries no additional dependencies in the client-side code. Just use the regular AWS JavaScript/TypeScript SDK methods and add any dummy credentials and change the endpoint to the /awsproxy endpoint.

BLUSA is a set of shell scripts (mainly for Bash) intended to manage users accounts in bulk. It is mainly based on createusers, from Linux For School Project (www.lfsp.org), but intended to be more modular, flexible and secure.

Buckeye is an apache/postgres/python based account management system for service and subscription providers. Service provisioning, accounting, billing and reporting functions are included.

CGIgen is a collection of classes that are useful in data-encapsulation esp. for CGI-scripts. It also includes other classes that may be helpful in writing CGI-scripts.

A graphical user, group, and computer account manager for LDAP servers. Doesn't try to be the end-all LDAP tool, focuses on making user management quick and easy. (For linux/gnome, windows, MacOS coming RSN)

GroupsDirectory is a simple module for Python to handle groups and items in a hierarchy. It was developed to provide a flexible user and group management to a web-application. It handles advanced memberships structures which can be used for authorization.

py_xdb_auth is a small but robust jabber-component based on twisted to authenticate jabber users against ldap. It is written for jabberd 1.4 and based on twisted and python-ldap.

The Kantan LDAP Browser is a web-based tool that allows you to view, browse, and search through any LDAP compliant server. It is simple to configure, and easy on the eyes.

Key Manager is designed to allow distribution and management of SSH keys in a way that scales beyond manually copying public keys to remote hosts. This approaches Single-Sign-On functionality, if limited to ssh access from a single host.

Korreio is GUI to mail systems management based on LDAP, CYRUS and POSTFIX. Its has some integrated modules: a LDAP manager, Cyrus-IMAP Mailbox (cyradm replacement), Cyrus-IMAP Partition manager (report-like), Sieve manager, Postfix Queue manager.

LDAP Administrator is an extendable LDAP administration tool written for KDE/Qt. It features a plugin interface for nodes and node types.

Moved to https://codeberg.org/andybalaam/myaddressbook

Open Linux Router is a toolkit to centralize computer networking and Internet services within an organization. Its goal is to provide secure, alternative, open source solutions to the seemingly standard, but competitive and commercialized IT market.

OpenPortalGuard is a flexible, extensible, and massively scalable access control system for portals. It provides single-sign-on features for username/pw and smartcards as well as declarative access control.

OpenID is a decentralized authentication protocol for web applications. OpenID users need share credentials with only one OpenID provider, and not every forum and network they log on to. This leads to a safer and more convenient Web. http://openid.net/

OrgLDAP is an extensible LDAP user management application supporting groups, *NIX (POSIX, Shadow), Samba and other account types, SSH public keys and sudo roles. It includes a reusable extensible library and a web-based front-end.

IMPORTANT : The project is now being hosted at http://code.google.com/p/ciform Plug'n Auth is an API providing easy integration of different authentication mechanisms into web applications. Within a few steps web admins will be able to change both the authentication backend and the logon frontend at any time with no further effort

An ISP-class utility to allow FTP account holders to change their password independently using a web browser. Written in Python and Works with PureFTPd-MySQL servers where the PureFTPd FTP server uses a MySQL database for user authentication.