[issue36997] Document that spwd is considered harmful

Change by Christian Heimes : -- priority: high -> normal type: security -> enhancement versions: +Python 3.10 -Python 2.7, Python 3.7 ___ Python tracker ___

[issue36997] Document that spwd is considered harmful

Arfrever Frehtes Taifersar Arahesis added the comment: > On BSD, Linux, and macOS, account and credential verification must go through > PAM. At least the part about Linux is not entirely true. If PAM is installed and used, then account and credential verification should probably go through

[issue36997] Document that spwd is considered harmful

Change by Giampaolo Rodola' : -- nosy: +giampaolo.rodola ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36997] Document that spwd is considered harmful

STINNER Victor added the comment: "... must go through PAM." Do you have a Python module to recommend to access PAM API? -- ___ Python tracker ___

[issue36997] Document that spwd is considered harmful

Change by STINNER Victor : -- nosy: +vstinner ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36997] Document that spwd is considered harmful

New submission from Christian Heimes : The spwd module has several flaws. Especially the combination of spwd and crypt for password verification is dangerous and in almost all cases technically wrong. # don't do this! pw1 = spwd.getspnam(username).sp_pwd pw2 =