[Twisted-Python] Newbie: using cred strcred.AuthOptionMixin

exarkun at twistedmatrix.com exarkun at twistedmatrix.com
Tue Jul 6 08:29:17 EDT 2010


On 11:31 am, f.schneider at de-bleek.demon.nl wrote:
>Hi,
>
>I need a perspective broker with authentification and followed the 
>Twisted
>documentation on
>http://twistedmatrix.com/documents/current/core/howto/tap.html#auto4 to 
>get
>the twistd plugin to work. Now I want to make it work with the 
>/etc/shadow,
>but don't know how to get it to work.

The /etc/shadow cred plugin supports checking IUsernamePassword 
credentials.  PBServerFactory creates protocol instances that only know 
how to check IUsernameHashedPassword, IUsernameMD5Password, and 
IAnonymous credentials, though.  So no clients will be able to 
authenticate with this configuration.

You can add support for new credentials types to your PB server by 
creating the PBServerFactory with an IPBRoot provider that returns a 
root object (typically a Referenceable instance) with a "remote_login" 
method - or any other method that you make your PBClientFactory's login 
method call with credentials information.

The most straightforward thing to implement would be simple 
username/password authentication where the client sends both pieces of 
information to the server and the server verifies them.  This would only 
be secure if used over a secure transport such as SSL, of course.

It might also help to look at how authentication is implemented now, in 
twisted/spread/pb.py, in the _PortalRoot, _PortalWrapper, and 
_PortalAuthChallenger.

Jean-Paul



More information about the Twisted-Python mailing list