[Twisted-Python] R: Re: smtp-server: issue with checkers.FilePasswordDB and hash

Lucas Taylor ltaylor.volks at gmail.com
Tue Apr 6 05:31:36 EDT 2010


On 4/5/10 6:22 AM, aleuser at inwind.it wrote:
> 
>> If your passwords are already hashed before they are sent to the server
>> for authentication, then there is no need for a hash function.
>> FilePasswordDB will accept either IUsernamePassword or
>> IUsernameHashedPassword credentials.
> 
> I want to hash the password on the server; can't I? How I can decide to use a 
> simple IUsernamePassword?
> 
> however If I don't use the hash function the connection still continue to use 
> an IUsernameHashedPassword.
> Probably the smtp connection is not made for a plain-text password, isn't it?
> 

It sounds to me like you want the server to support PLAIN auth but still
compare against a hashed password file? The ESMTP factory you are using
only provides CRAM-MD5 auth via credentials.

http://twistedmatrix.com/trac/browser/trunk/twisted/mail/protocols.py#L132

CramMD5Credentials implements IUsernameHashedPassword, so it won't work
with a FilePasswordDB checker that has a hash function. This is the
source of your error message.

You can add PLAIN support by adding credentials that provide
IUsernamePassword. The imap4 implementation has one (PLAINCredentials):

...
from twisted.mail import imap4
smtpserver = mailservice.getESMTPFactory()
smtpserver.challengers['PLAIN'] = imap4.PLAINCredentials
application = service.Application("Console SMTP Server")
...

Clients using CRAM-MD5 will still fail with the same error, though. You
could create your own checker which differentiates how it checks based
on the provided credentials interface. You would start by subclassing
FilePasswordDB and override the requestAvatarId method. If the
credentials interface is IUsernameHashedPassword, just skip over the
hash function. Here's an example based on yours:
http://gist.github.com/357396







More information about the Twisted-Python mailing list