This class does not provide an encryption scheme, but instead provides a helper for handling disabled password fields as found in unix /etc/shadow files. This class is mainly useful only for plugging into a CryptContext instance. It can be used directly as follows:
>>> from passlib.hash import unix_disabled >>> # 'encrypting' a password always results in "!" or "*" >>> unix_disabled.encrypt("password") '!' >>> # verifying will fail for all passwords and hashes >>> unix_disabled.verify("password", "!") False >>> unix_disabled.verify("letmein", "*NOPASSWORD*") False >>> # this class should identify all strings which aren't >>> # valid Unix crypt() output, while leaving MCF hashes alone >>> unix_disabled.identify('!') True >>> unix_disabled.identify('') True >>> unix_disabled.identify("$1$somehash") False
This class provides disabled password behavior for unix shadow files, and follows the Password Hash Interface.
This class does not implement a hash, but instead matches the “disabled account” strings found in /etc/shadow on most Unix variants. “encrypting” a password will simply return the disabled account marker. It will reject all passwords, no matter the hash string. The encrypt() method supports one optional keyword:
|Parameters:||marker (str) –
Optional marker string which overrides the platform default used to indicate a disabled account.
If not specified, this will default to "*" on BSD systems, and use the Linux default "!" for all other platforms. (unix_disabled.default_marker will contain the default value)
New in version 1.6: This class was added as a replacement for the now-deprecated unix_fallback class, which had some undesirable features.
This class provides the fallback behavior for unix shadow files, and follows the Password Hash Interface.
This class does not implement a hash, but instead provides fallback behavior as found in /etc/shadow on most unix variants. If used, should be the last scheme in the context.
Deprecated since version 1.6: This has been deprecated due to it’s “wildcard” feature, and will be removed in Passlib 1.8. Use unix_disabled instead.
According to the Linux shadow man page, an empty string is treated as a wildcard by Linux, allowing all passwords. For security purposes, this behavior is NOT supported; empty strings are treated the same as ! or *.