Python subprocess.Popen usage with a login script fails

Question

I'm trying to do a login script using python that will attempt to login with the shell command login -q MyUsername and try multiple passwords. I can already generate the passwords needed but when I try to login using the code below, the login command responds that I entered the wrong username although I know I'm writing it correctly. To clarify: I'm creating a script to login using the shell command login when I already know the username but not the password. The code below shows what I'm doing (iterating over the passwords).

for password in passwordList:
    p = Popen(["login","-q","MyUsername"], stdin=PIPE, stdout=PIPE) #The username MyUsername is correct, 100% sure
    print repr(p)

    stdout_value = p.communicate(password)[0] #
    print(str(stdout_value))
    if repr(stdout_value).startswith('Login incorrect\nlogin: '):
        print "ERROR"
    else:
        print "GOOD"
        break

If I type in the command login -q MyUsername directly into the terminal, I get prompted to write my password whereas using the script returns 'Login Incorrect'. I'm also confused as how Popen works and how to write to stdout.

Thanks in advance!

(Other question: Is there an easier way to do this? (Attempt to login using multiple passwords) I'm using login because it has no lockdown and the user data can't be accessed if it is not by the superuser).

Answer 1

login might read/write directly from/to terminal (tty) outside of process' stdin/stdout. You could use pexpect instead, read the first reason in its docs Q: Why not just use a pipe (popen())?:

import pexpect
output, rc = pexpect.run("login -q MyUsername",
         events={"(?i)password: ": "password"},
         withexitstatus=True)

Is there an easier way to do this?

Read the hashes from /etc/passwd, /etc/shadow and check those using crypt.crypt(). Or use a specialized tool to test for weak passwords such as "John the Reaper".