[Twisted-Python] NNTP/SMTP authentication

Jp Calderone exarkun at intarweb.us
Wed Apr 30 14:34:41 EDT 2003


On Wed, Apr 30, 2003 at 01:27:53PM -0400, Abe Fettig wrote:
> Hi folks,
> 
> In order to really get NNTP and SMTP (securely) integrated with Hep I
> need to get authentication working.  Both of these protocols support
> authentication, although it's not required by the core RFCs.  But as far
> as I can tell neither of the modules in twisted/protocols supports
> authentication at the moment.
> 

  If you don't get to it first, I may end up doing SMTP authentication
sometime in the near future (as I have need for it as well).  I hadn't given
much thought to NNTP.

> Is anyone working on this already?  If not, I'd like to do it myself,
> and I'd appreciate some help in understanding the 'right' way to
> implement authentication in Twisted.  I've been looking at J.P.'s IMAP4
> work in CVS, and I can see he's using identities and perspectives
> (although I don't have a complete understanding of how these work).  Is
> the use of twisted.cred preferred?  Other drivers, such as POP3, don't
> seem to use it...

  I think POP3 should be updated to use cred in a manner similar to that
which IMAP4 uses it.  Since I wrote IMAP4, obviously I think that is the
right way to do authentication ;) (modulo one thing - the actual
challenge/response verification should be factored out and away from the
Identity class - I believe itamar and glyph have discussed this and have
some ideas for the implementation).

  Whether the *actual* details of how IMAP4 is using cred are proper are
not, I don't know ;) The code works, but it seems that there are too many
different objects involved in the process (CramMD5Identity,
CramMD5ServerAuthenticator, CramMD5ClientAuthenticator - and that's just for
*one* kind of authentication scheme).  Setup is similarly tedious, requiring
4 lines of "boilerplate" to set things up, and then *10* lines to add each
new identity.  Now that imap4.py is settling down, it'd be great if someone
with more experience with cred could take a look at it and give me some
feedback.

  Maybe there will be a coil for cred someday so you can keep this part of
the code out of your actual app, though.  If so, this is one of the real
strengths of cred.  Your app doesn't have to do anything to manage user
accounts, you just attach the cred coil and you're done.


  Hope this helps,

  Jp

-- 
A disciple of another sect once came to Drescher as he was eating his
morning meal. "I would like to give you this personality test," said the
outsider, "because I want you to be happy." Drescher took the paper that was
offered him and put it into the toaster: "I wish the toaster to be happy, 
too."
-- 
 up 41 days, 15:04, 4 users, load average: 0.00, 0.00, 0.00
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20030430/b87e0e53/attachment.pgp 


More information about the Twisted-Python mailing list