[Twisted-Python] Something strange about cred
dreid at dreid.org
Thu Feb 8 19:13:03 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
On Feb 8, 2007, at 2:51 PM, Stephen Waterbury wrote:
> Jean-Paul Calderone wrote:
>> ... I think the main problem you're
>> running into is that HTTP digest authentication is being used ...
> *So* (for anybody still listening ;) I finally figured out the
> implication of Jp's comment: all I had to do was remove the
> digest.DigestCredentialFactory('md5', 'My Realm') factory
> instance from HTTPAuthResource's list of credentialFactories
> and bingo, we're in basic auth mode and my checker works
> with the web2 auth example -- yay!
Why doesn't your DB Checker just support both interfaces?
IUsernamePassword, and IUsernameHashedPassword,
doing the right thing depending on the interface provided by the
credentials input. Or, do the same thing regardless, because they
provide compatible checkPassword interfaces. You'd have to read the
password from the DB here, but I don't see why that should concern
you. And the ability to use Digest auth would provide all around
> That wasn't obvious to me from HTTPAuthResource's doc
> string nor from the example docs, but arguably I should have
> guessed it (sooner).
> Anyway, I'm happy now -- thanks, web2 team!
You're welcome, sorry I didn't get a chance to chime in on this
> Death to HTTP digest authentication!
I don't know, I definitely prefer digest authentication to sending
my password in plaintext
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
 I may be biased, i've spent a great deal of time on web2's digest
implementation. In fact, all the work put into web2's HTTP auth
support was so I could do digest, and one day Kerberos.
 Yes I know base64 isn't plaintext, but it might as well be.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
More information about the Twisted-Python