[Twisted-Python] Authenticating with md5 hashed passwords
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Fri Feb 12 15:06:06 EST 2010
On 06:03 pm, raq at cttc.upc.edu wrote:
>Hello everybody,
>
>I am trying to build a a client/server application using Perspective
>Broker and wanting to authenticate against a PostgreSQL database.
>Everything works fine if I user plain text passwords, but when trying
>to
>hash then using md5 using
What do you mean when you say you're using plain text passwords?
Authentication involves multiple parties handling the password in
multiple ways, and the "plain text"-ness of the password changes from
step to step.
>from hashlib import md5
>md5Password = md5(password).hexdigest()
>
>then it does not authenticate (I use
>credentials.checkMD5Password(password) at the checker class)
>
>Then after reading
>
>twisted/spread/pb.py
>
>I saw that everything is done in the functions:
>
>respond(challenge, password)
>challenge()
>
>and the methods
>
>checkMD5Password(self, md5Password)
>checkPassword(self, password)
>
>at the
>
>class _PortalAuthChallenger(Referenceable, _JellyableAvatarMixin)
>
>By changing digest() with hexdigest(), it works.
>
>The question is:
>
>I there some way to make it work without making changes at the 'pb.py'
>module?
>
>Yes. I should use md5Password = md5(password).digest() to produce the
>password, but then I cant authenticate with a 'pure-ftpd' daemon I need
>to work with.
>
>Any alternatives?
You should register an IUsernameHashedPassword checker with the portal
you pass to PBServerFactory and use PBClientFactory.login. See
pbbenchserver.py and pbbenchclient.py for examples of this. Despite the
fact that you're passing a UsernamePassword instance to
PBClientFactory.login, the plain text password is never sent over the
network.
Also, IUsernameMD5Password is about to be deprecated, along with the
checkMD5Password method of _PortalAuthChallenger.
Jean-Paul
More information about the Twisted-Python
mailing list