[Twisted-Python] twisted.cred question

Jean-Paul Calderone exarkun at divmod.com
Thu Oct 26 20:06:24 EDT 2006


On Thu, 26 Oct 2006 16:15:12 -0700, Yi Qiang <yqiang at gmail.com> wrote:
>Hi, I am using twisted.cred to provide authentication to users over PB.  I
>am using the FilePasswordDB class to provide avatarID's to users.  I am
>wondering where/how I should implement the feature so that when a user tries
>to login with a username that does not exist yet, we create a
>username/password pair for that user and log them in.  I looked around in
>checkers.py, but I am not sure if that is the right place to implement
>this.

If you're using FilePasswordDB as your checker, then you could subclass
it and add this behavior.  A problem with this in general is that it is
not always possible to extract sufficient information from a login attempt
to create a new set of credentials in the authentication backend.  For
example, a password may have been hashed together with a random number.
However, for plaintext password authentication (ie, over SSL) you should
have no problem.

There has been some discussion at various points about adding a general
API for adding new credentials through cred, but it hasn't really gotten
anywhere.

Jean-Paul




More information about the Twisted-Python mailing list