[Twisted-Python] PB and hashed passwords
Uwe C. Schroeder
uwe at oss4u.com
Fri Apr 23 00:13:21 MDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
just found something in pb (twisted version 1.2.0) that's a bit strange.
I've written a credentials checker and set
self.credentialInterfaces = (credentials.IUsernamePassword,)
So far, so good. However the following error is thrown:
No checker for twisted.cred.credentials.IUsernameHashedPassword,
twisted.cred.credentials.ICredentials, twisted.spread.pb.IUsernameMD5Password
I traced it back to pb._PortalAuthChallenger
It only implements hashed and md5 passwords. Maybe I don't get it, but where
is the sense in sending a password in cleartext over the wire to then md5 it
on the "server" side ?
I'd rather md5 it on the client side and send the hash to be compared against
the password storage, which also stores a md5.
I tried to do this by using plaintext passwords, since the routines then
simply compare without md5'ing it, but it doesn't seem to be possible to use
plaintext with pb without changing something. Can I user-define a class to
jump in there ?
Any enlightenment is appreciated.
THX
UC
- --
Open Source Solutions 4U, LLC 2570 Fleetwood Drive
Phone: +1 650 872 2425 San Bruno, CA 94066
Cell: +1 650 302 2405 United States
Fax: +1 650 872 2417
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAiLQBjqGXBvRToM4RAubrAJ44hBC+PYbcBgiWivFowWjpaEWtaACgnaBV
vvfUvfSiBfpJhhifqmvhJfo=
=Byjg
-----END PGP SIGNATURE-----
More information about the Twisted-Python
mailing list