On 12/21/06, <b class="gmail_sendername">Eric Mangold</b> <<a href="mailto:teratorn@twistedmatrix.com">teratorn@twistedmatrix.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <<a href="mailto:alvinwang@gmail.com">alvinwang@gmail.com</a>> wrote:<br><br>> On 12/20/06, Eric Mangold <<a href="mailto:teratorn@twistedmatrix.com">teratorn@twistedmatrix.com
</a>> wrote:<br>>><br>>> On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <<a href="mailto:alvinwang@gmail.com">alvinwang@gmail.com</a>><br>>> wrote:<br>>><br>>> ><br>>> <a href="http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html">
http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html</a><br>>> ><br>>> > The documentation above says that credentials should be able to do<br>>> > authentication with multiple passes. However, I have not been able to
<br>>> > find<br>>> > any examples of it.<br>>> ><br>>> > As an alternative, I was going to implement a user object with state<br>>> that<br>>> > determined what it was able to do. I could force the client to
<br>>> conduct<br>>> > multiple challenge responses to achieve the logged in state.<br>>> ><br>>> > I figured it would be better to ask the mail list for the proper way<br>>> to<br>>> > do
<br>>> > it first.<br>>> ><br>>> > Thanks<br>>><br>>> Excuse me if I'm being dense, but what are you trying to do exactly?<br>>><br>>> --<br>>> Eric Mangold<br>
>> Twisted/Win32 Co-Maintainer<br>>><br>>> _______________________________________________<br>>> Twisted-Python mailing list<br>>> <a href="mailto:Twisted-Python@twistedmatrix.com">Twisted-Python@twistedmatrix.com
</a><br>>> <a href="http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python">http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python</a><br>>><br>><br>> P2P application<br>> Client logs onto server with Publickey
<br>> Since the server does not necessarily have the same IP address, I also<br>> want<br>> to authenticate the server's PK also.<br>><br>> Thanks<br><br>As far as I know PB doesn't provide any mechanism for the client to
<br>authenticate the server. But it should be easy to implement.<br><br>You could use the normal procedure to log in to the server. The server<br>provides various remote methods that you can call in order to have it<br>verify itself to you. Once you (the client) are satisifed, then, and only
<br>then, do you consider yourself "logged in". You should be caution to<br>prevent the server from invoking methods on the client, and vise vera,<br>prior to authenticating the server.<br><br>--<br>Eric Mangold
<br>Twisted/Win32 Co-Maintainer<br><br>_______________________________________________<br>Twisted-Python mailing list<br><a href="mailto:Twisted-Python@twistedmatrix.com">Twisted-Python@twistedmatrix.com</a><br><a href="http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python">
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python</a><br></blockquote></div><br>I was thinking that there might be something more elegant.<br><br>If I am implementing the login procedure by hand anyway, it seems like it would be simpler to just build it into
pb.root. I could skip the realms/checker stuff. I would keep the secure stuff in a pb.referenceable and not return it unless the user passes all the tests. Am I missing anything?<br clear="all"><br>Thanks<br>Alvin