[Twisted-Python] twisted.cred interface deficiences
Glyph
glyph at twistedmatrix.com
Tue Apr 2 19:04:21 EDT 2013
On Apr 1, 2013, at 2:34 PM, Shell <cam.turn at gmail.com> wrote:
>>> I propose that IUsernamePassword should be split into at least two
>>> interfaces:
>>>
>>> * IUsernamePassword, with only username and password, no methods,
>>> which allows password to be used in any way
>>> * Another interface, which only defines username and checkPassword() -
>>> possibly just a rename of IUsernameHashedPassword, which declares a
>>> similar interface
>>>
>>> However, this has the issue that any credential checker which can use
>>> the second interface would also be able to use an IUsernamePassword
>>> here if there were an adapter between the two, but support for this
>>> would have to go into every credential checker which supports the
>>> second interface at present. Maybe the Portal could automatically
>>> search for adapters if it can't find a direct match?
These don't sound like bad ideas, but I think that if you're going to try to fix cred's built-in credentials, this is a pretty labor-intensive and not particularly rewarding path to go down. Further refining the sad username+password credential interface will provide only some internal factoring improvements to existing types of authentication, at the cost of retrofitting all of them; not to mention dealing with broad-spectrum deprecations.
A better use of energy would be directed at getting a generic SASL credentials implementation; in other words, fixing this fairly ancient ticket: <https://twistedmatrix.com/trac/ticket/2015>.
A well-implemented SASL credentials interface will address these issues, as well as allowing for proper challenge-response authentication, digest auth, external auth mechanisms like TLS, et cetera.
Your idea about adapters is well taken though; having the portal do that when SASL-ified checkers are available seems reasonable, provided that it won't break anything.
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20130402/534a836b/attachment.htm
More information about the Twisted-Python
mailing list