[Twisted-Python] Authentication with multiple handshakes
teratorn at twistedmatrix.com
Thu Dec 21 03:24:24 EST 2006
On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <alvinwang at gmail.com> wrote:
> On 12/20/06, Eric Mangold <teratorn at twistedmatrix.com> wrote:
>> On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang at gmail.com>
>> > The documentation above says that credentials should be able to do
>> > authentication with multiple passes. However, I have not been able to
>> > find
>> > any examples of it.
>> > As an alternative, I was going to implement a user object with state
>> > determined what it was able to do. I could force the client to
>> > multiple challenge responses to achieve the logged in state.
>> > I figured it would be better to ask the mail list for the proper way
>> > do
>> > it first.
>> > Thanks
>> Excuse me if I'm being dense, but what are you trying to do exactly?
>> Eric Mangold
>> Twisted/Win32 Co-Maintainer
>> Twisted-Python mailing list
>> Twisted-Python at twistedmatrix.com
> P2P application
> Client logs onto server with Publickey
> Since the server does not necessarily have the same IP address, I also
> to authenticate the server's PK also.
As far as I know PB doesn't provide any mechanism for the client to
authenticate the server. But it should be easy to implement.
You could use the normal procedure to log in to the server. The server
provides various remote methods that you can call in order to have it
verify itself to you. Once you (the client) are satisifed, then, and only
then, do you consider yourself "logged in". You should be caution to
prevent the server from invoking methods on the client, and vise vera,
prior to authenticating the server.
More information about the Twisted-Python