[Twisted-Python] Authentication with multiple handshakes

[Eric Mangold]

On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <alvinwang at gmail.com> wrote:

> On 12/20/06, Eric Mangold <teratorn at twistedmatrix.com> wrote:
>>
>> On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang at gmail.com>
>> wrote:
>>
>> >  
>> http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
>> >
>> > The documentation above says that credentials should be able to do
>> > authentication with multiple passes.  However, I have not been able to
>> > find
>> > any examples of it.
>> >
>> > As an alternative, I was going to implement a user object with state
>> that
>> > determined what it was able to do.  I could force the client to  
>> conduct
>> > multiple challenge responses to achieve the logged in state.
>> >
>> > I figured it would be better to ask the mail list for the proper way  
>> to
>> > do
>> > it first.
>> >
>> > Thanks
>>
>> Excuse me if I'm being dense, but what are you trying to do exactly?
>>
>> --
>> Eric Mangold
>> Twisted/Win32 Co-Maintainer
>>
>> _______________________________________________
>> Twisted-Python mailing list
>> Twisted-Python at twistedmatrix.com
>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>>
>
> P2P application
> Client logs onto server with Publickey
> Since the server does not necessarily have the same IP address, I also  
> want
> to authenticate the server's PK also.
>
> Thanks

As far as I know PB doesn't provide any mechanism for the client to  
authenticate the server. But it should be easy to implement.

You could use the normal procedure to log in to the server. The server  
provides various remote methods that you can call in order to have it  
verify itself to you. Once you (the client) are satisifed, then, and only  
then, do you consider yourself "logged in". You should be caution to  
prevent the server from invoking methods on the client, and vise vera,  
prior to authenticating the server.

-- 
Eric Mangold
Twisted/Win32 Co-Maintainer