[Twisted-Python] Authentication with multiple handshakes
alvinwang at gmail.com
Thu Dec 21 04:24:59 EST 2006
On 12/21/06, Eric Mangold <teratorn at twistedmatrix.com> wrote:
> On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <alvinwang at gmail.com>
> > On 12/20/06, Eric Mangold <teratorn at twistedmatrix.com> wrote:
> >> On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang at gmail.com>
> >> wrote:
> >> >
> >> http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
> >> >
> >> > The documentation above says that credentials should be able to do
> >> > authentication with multiple passes. However, I have not been able
> >> > find
> >> > any examples of it.
> >> >
> >> > As an alternative, I was going to implement a user object with state
> >> that
> >> > determined what it was able to do. I could force the client to
> >> conduct
> >> > multiple challenge responses to achieve the logged in state.
> >> >
> >> > I figured it would be better to ask the mail list for the proper way
> >> to
> >> > do
> >> > it first.
> >> >
> >> > Thanks
> >> Excuse me if I'm being dense, but what are you trying to do exactly?
> >> --
> >> Eric Mangold
> >> Twisted/Win32 Co-Maintainer
> >> _______________________________________________
> >> Twisted-Python mailing list
> >> Twisted-Python at twistedmatrix.com
> >> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
> > P2P application
> > Client logs onto server with Publickey
> > Since the server does not necessarily have the same IP address, I also
> > want
> > to authenticate the server's PK also.
> > Thanks
> As far as I know PB doesn't provide any mechanism for the client to
> authenticate the server. But it should be easy to implement.
> You could use the normal procedure to log in to the server. The server
> provides various remote methods that you can call in order to have it
> verify itself to you. Once you (the client) are satisifed, then, and only
> then, do you consider yourself "logged in". You should be caution to
> prevent the server from invoking methods on the client, and vise vera,
> prior to authenticating the server.
> Eric Mangold
> Twisted/Win32 Co-Maintainer
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
I was thinking that there might be something more elegant.
If I am implementing the login procedure by hand anyway, it seems like it
would be simpler to just build it into pb.root. I could skip the
realms/checker stuff. I would keep the secure stuff in a
pb.referenceableand not return it unless the user passes all the
tests. Am I missing
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Twisted-Python