[Twisted-Python] PB URLs (was: Five Crazy Ideas to Start Your Week)
warner at lothar.com
Wed Oct 9 20:27:13 EDT 2002
> > "Talk to subprocess that runs this command to connect to the other end"
> > ("ssh remotehost pbserver", "ssh remotehost
> > connect-stdinout-to-unix-socket /path/socket")
> I don't quite get what you're talking about here. You want the URLs to be
> shell command-lines? :)
For what it's worth, the TRAMP emacs mode (a steroid-pumped descendent of
ange-ftp) offers something like this in its 'multi' specification (a stack of
access schemes to get to a file, like 1: telnet to a gateway machine, 2: ssh
from there to remote machine foo, 3: su to root, 4: access file). The syntax
is pretty painful, though, and you have to define the shell commands in
separate variables (indexed by keywords in the pathname).
> > I think you may want to look at SASL for ideas on
> > authentication. It seems to be the standard way to add generic
> > authentication support to a protocol these days.
> From what I can tell, it wouldn't work at all for PB. From the RFC:
True, SASL is one-encrypt/authenticate per TCP connection. It might make
sense to use it to protect the host-to-host link, and then let PB
authenticate users itself. I don't think it's sufficient to just use
encryption (and not authentication) on the wire.. you need the SASL
authentication layer to prevent a man-in-the-middle attack. Think of ssh's
host key here.
> Sometimes the URLs themselves will be secret and the authentication
> information will be a swiss number or something. E does everything through
> exchange of URLs, and it's pretty secure.
What's the E you refer to here?
> > Hmm. Idea. Allow one to specify when the server is trusted. "Connect
> > to server X if its public key has fingerprint F." http://www.fs.net/
> Any proposals for how to implement that?
I looked at fs.net but wasn't able to follow most of it. The basic idea
seemed to be a URL that had both the DNS name of the server and a hash of the
server's public key. It's kind of like one of the IPv6 proposals to separate
addressing from routing: the name says how to get there, the fingerprint
tells you (after the fact) that you've reached the right spot. Makes the URLs
awfully big, though.
> Not "*the* service", but "a service". In HTTP, you authenticate with the
> server, because some URLs may be in managed "realms".
> In PB, some objects may require authentication to access. This means that
> you might have to authenticate multiple times in the same URL. I know that
> my suggestion for URLs violates the accepted "standard" in some ways, but
> that's because PB doesn't consider "server" to be a useful level of
> abstraction. Everything is about objects.
Right, so users ought to be scoped to a service? or perhaps an object
provided by a service. One potential problem: the current implementation
sends the username first, and expects to respond to a password challenge
second. Service and perspective come only after user/pass have been
validated. If user objects (Identities) are supposed to be children of the
service, the login process will probably have to change to accept a service
More information about the Twisted-Python