Open Source Python Authentication Software

*NOTE* Migrated to http://github.com/cracklib/cracklib Next generation version of libCrack password checking library. As of Oct 2008 (reflected in 2.8.15 code release), licensed under LGPL.

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. It can be seamlessly integrated into existing environments to support new protocols. authentik is also a great solution for implementing sign-up, recovery, and other similar features in your application, saving you the hassle of dealing with them. authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols, implement sign-up/recovery/etc. in your application so you don't have to deal with it, and many other things. You can adopt authentik to your environment, regardless of your requirements. Need an Active-Directory integrated SSO Provider? Do you want to implement a custom enrollment process for your customers? Are you developing an application and don't want to deal with User verification and recovery? authentik can do all of that, and more.

truffleHog searches through git repositories for high entropy strings and secrets, digging deep into commit history. TruffleHog runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs. Secrets can be found anywhere, so TruffleHog scans more than just code repositories, including SaaS and internally hosted software. With support for custom integrations and new integrations added all the time, you can secure your secrets across your entire environment. TruffleHog is developed by a team entirely comprised of career security experts. Security is our passion and primary concern, and all features are developed with best practices in mind. TruffleHog enables you to track and manage secrets within our intuitive management interface, including links to exactly where secrets have been found. TruffleHog runs quietly in the background, continuously scanning your environment for secrets.

Howdy provides Windows Hello™ style authentication for Linux. Use your built-in IR emitters and camera in combination with facial recognition to prove who you are. Using the central authentication system (PAM), works everywhere you would otherwise need your password: Login, lock screen, sudo, su, etc.

A Jupyter server extension to proxy requests with AWS SigV4 authentication. This server extension enables the usage of the AWS JavaScript/TypeScript SDK to write Jupyter frontend extensions without having to export AWS credentials to the browser. A single /awsproxy endpoint is added on the Jupyter server which receives incoming requests from the browser, uses the credentials on the server to add SigV4 authentication to the request, and then proxies the request to the actual AWS service endpoint. All requests are proxied back-and-forth as-is, e.g., a 4xx status code from the AWS service will be relayed back as-is to the browser. Using this requries no additional dependencies in the client-side code. Just use the regular AWS JavaScript/TypeScript SDK methods and add any dummy credentials and change the endpoint to the /awsproxy endpoint.

An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps).

Opens up IIS Proxy Servers using NTLM to non-Microsoft browsers, etc

Luma is a graphical utility for accessing and managing data stored on LDAP servers. It is written in Python, using PyQt and python-ldap. Plugin-support is included and useful widgets with LDAP-functionality for easy creation of plugins are delivered. Following plugins are available: - Browser - Search - Templates

BLUSA is a set of shell scripts (mainly for Bash) intended to manage users accounts in bulk. It is mainly based on createusers, from Linux For School Project (www.lfsp.org), but intended to be more modular, flexible and secure.

Buckeye is an apache/postgres/python based account management system for service and subscription providers. Service provisioning, accounting, billing and reporting functions are included.

CGIgen is a collection of classes that are useful in data-encapsulation esp. for CGI-scripts. It also includes other classes that may be helpful in writing CGI-scripts.

DataSync Suite is an open source platform for integrating tools like Zimbra, SugarCRM, and Drupal. The tool is focused on a single sign-on, application data integration, and fast, flexible deployment.

A graphical user, group, and computer account manager for LDAP servers. Doesn't try to be the end-all LDAP tool, focuses on making user management quick and easy. (For linux/gnome, windows, MacOS coming RSN)

GroupsDirectory is a simple module for Python to handle groups and items in a hierarchy. It was developed to provide a flexible user and group management to a web-application. It handles advanced memberships structures which can be used for authorization.

py_xdb_auth is a small but robust jabber-component based on twisted to authenticate jabber users against ldap. It is written for jabberd 1.4 and based on twisted and python-ldap.

The Kantan LDAP Browser is a web-based tool that allows you to view, browse, and search through any LDAP compliant server. It is simple to configure, and easy on the eyes.

Key Manager is designed to allow distribution and management of SSH keys in a way that scales beyond manually copying public keys to remote hosts. This approaches Single-Sign-On functionality, if limited to ssh access from a single host.

Korreio is GUI to mail systems management based on LDAP, CYRUS and POSTFIX. Its has some integrated modules: a LDAP manager, Cyrus-IMAP Mailbox (cyradm replacement), Cyrus-IMAP Partition manager (report-like), Sieve manager, Postfix Queue manager.

Naraio is LAMP like software. It contains Apache, MySQL, PHP, Perl, Openssl, Phpmyadmin, OpenLDAP, Subversion, Ruby, Python, Phpldapadmin, and Trac. Trac and Subversion are authenticates user with integrated ldap. Naraio is easy, secure and flexible.

LDAP Administrator is an extendable LDAP administration tool written for KDE/Qt. It features a plugin interface for nodes and node types.

Moved to https://codeberg.org/andybalaam/myaddressbook

Open Linux Router is a toolkit to centralize computer networking and Internet services within an organization. Its goal is to provide secure, alternative, open source solutions to the seemingly standard, but competitive and commercialized IT market.

OpenPortalGuard is a flexible, extensible, and massively scalable access control system for portals. It provides single-sign-on features for username/pw and smartcards as well as declarative access control.

OpenID is a decentralized authentication protocol for web applications. OpenID users need share credentials with only one OpenID provider, and not every forum and network they log on to. This leads to a safer and more convenient Web. http://openid.net/