[Twisted-Python] Authentication with Perspective Broker and hashed password file

Jp Calderone exarkun at divmod.com
Sat Feb 12 10:57:23 EST 2005


On Sat, 12 Feb 2005 10:34:10 +0200, Tommi Virtanen <tv at twistedmatrix.com> wrote:
>Dave Cook wrote:
> > Failure: twisted.cred.error.UnhandledCredentials: No checker for  
> > twisted.spread.interfaces.IJellyable,
> > twisted.cred.credentials.IUsernameHashedPassword,
>                                      ^^^^^^
> > twisted.cred.credentials.ICredentials,
> > twisted.spread.pb.IUsernameMD5Password
>                      ^^^^^^^^^^^^^^^^^^^^
> > 
> > However, if I use plaintext passwords, it works fine.  
> > 
> > I'm working with the example in the book:
> > 
> > http://twistedmatrix.com/documents/current/howto/pb-cred#auto7
> > 
> > with the credential checker set to
> > 
> > import sha
> > myChecker = checkers.FilePasswordDB("my_hashed_passwd_file",
> >                                     hash =
> >                                     lambda u, p, h: sha.new(p).hexdigest())
> 
> Locally hashing the password only works when the password is transferred
> over the wire in plaintext.
> 
> PB uses a challenge-response authentication, which by it's nature
> requires you to store passwords in plaintext.
> 
> You need a checker for IUsernameHashedPassword. FilePasswordDB is one,
> as long as you don't pass it the argument hash.

  To extend what Tommi is saying, you could implement your own login 
negotiation sequence for PB which does transfer a password over the 
wire in plaintext, which would allow you to use locally hashed 
passwords.  This will only be usable with PB/SSL, of course (unless 
you don't mind sharing your passwords with everyone else on the 'net).

PBClientFactory.login is provided primarily as a convenience, since 
it covers most people's authentication requirements.  It is implemented
in terms of other, "normal" PB method calls, so creating an alternate 
login negotiation sequence is just a matter of calling different methods
with different arguments.

  Jp




More information about the Twisted-Python mailing list