Projects tagged ‘authentication’, ‘python’, and ‘security’

FreeIPA is an integrated solution which combines the following technologies: * 389 Directory Server * MIT Kerberos * NTP * DNS * Web and command-line provisioning and administration tools

sshproxy is a pure python implementation of an ssh authenticating proxy. It allows users to connect to remote sites without having to know the password or key of the remote sites. ACL rules can ... [More] be set up to allow or deny users based on different parameters like their IP address or the time of the day. Access attempts are logged via syslog, and an enhanced "action log" system is under development. The client is the standard ssh client. [Less]

The purpose of the ESAPI is to provide a simple interface that provides all the security functions a developer is likely to need in a clear, consistent, and easy to use way. The ESAPI architecture is ... [More] very simple, just a collection of classes that encapsulate the key security operations most applications need. http://www.owasp.org/index.php/ESAPI View the overview presentation: http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt Download the latest here from the featured downloads on the right -> [Less]

Two-factor authentication from WiKIDThe WiKID Strong Authentication System is a public key-based two-factor authentication system. It is flexible, extensible, and secure alternative to tokens,certs & ... [More] passwords. Application support for Java, Windows, PHP, Ruby, Python, SugarCRM, webmail, OpenVPN, LDAP, TACACS+, etc. Open source token clients include a J2SE client and a Firefox extension (in beta). The token client encrypts the user's PIN with the WiKID server's public key and sends it to the server along with a one-time use AES key. If the PIN is correct, the account active and the encryption valid, the one-time password is generated (via java random), encrypted by the token client's public key and the AES key and returned. If the security domain is configured for https mutual authentication, a hash of the valid ssl cert and the URL are also sent with the OTP. The token client will attempt to fetch the SSL cert from the URL and hash it. If the hashes match, the URL is presented as valid and the default browser is launched to the valid website. This prevents MITM attacks against web applications. DocumentationWe have recently published a number of how-tos: Add two-factor authentication to Ruby Add two-factor authentication to PHP How to use Radius for two-factor authentication with Apache How to prevent phishing with mutual authentication Secure SSH with two-factor authentication How to configure OpenVPN for WiKID [Less]

The network authentication wrapper library (libnaw) is a global, modular authentication library that can be used as a preloadable drop-in to add a layer of authentication to source-restricted ... [More] software; as an API for including authentication into custom or open source software; or as a library for direct linking into precompiled object files. The use of loadable modules allows libnaw the flexibility to accomplish any sort of authentication desired on a per-rule basis. NAW is optimized for speed and flexibility. The use of a compiled configuration database enables fast rule matching and dynamic updates. Module caching improves efficiency, while a module flush trigger ensures that module updates remain unobtrusive. NAW includes a simple, yet flexible C API, and comes bundled with Python language bindings. More information and available downloads may be found on the libnaw home page. [Less]

pykeynote is a Python extension module for KeyNote. It provides a high-level object-oriented interface to the KeyNote trust management API. From the KeyNote web page: Trust management is a unified ... [More] approach to specifying and interpreting security policies, credentials, and relationships; it allows direct authorization of security-critical actions. KeyNote credentials describe a specific delegation of trust and subsume the role of public key certificates; unlike traditional certificates, which bind keys to names, credentials can bind keys directly to the authorization to perform specific tasks. For more information on KeyNote see RFC 2704, keynote(1), keynote(3), keynote(4) and keynote(5). Also, a nice introductory article can be found here. Although I have developed pykeynote on Linux and minimally tested it on OpenBSD, it will probably work on all Unix-like systems that satisfy the following requirements: Python version 2.3 or higher. Pyrex version 0.9.4 or higher (optional). The KeyNote trust management system (tested with version 2.3). The OpenSSL cryptographic toolkit (tested with version 0.9.8d). For the details you can browse the SVN repository; I have included a comprehensive testsuite and a sample application. There is also the epydoc generated API documentation to help you start coding. If you are having problems installing KeyNote and pykeynote, Adam Aviv has written detailed instructions for installing both. The trunk of the SVN repository contains the latest, probably unstable, code. Nonetheless you may still choose to use it for possible new features and/or bug fixes. For more details, see the ChangeLog. Patroklos Argyroudis, argp at domain cs.tcd.ie, http://ntrg.cs.tcd.ie/~argp/. [Less]