[Twisted-Python] Authentication with multiple handshakes

Alvin Wang alvinwang at gmail.com
Thu Dec 21 04:24:59 EST 2006


On 12/21/06, Eric Mangold <teratorn at twistedmatrix.com> wrote:
>
> On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <alvinwang at gmail.com>
> wrote:
>
> > On 12/20/06, Eric Mangold <teratorn at twistedmatrix.com> wrote:
> >>
> >> On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang at gmail.com>
> >> wrote:
> >>
> >> >
> >> http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
> >> >
> >> > The documentation above says that credentials should be able to do
> >> > authentication with multiple passes.  However, I have not been able
> to
> >> > find
> >> > any examples of it.
> >> >
> >> > As an alternative, I was going to implement a user object with state
> >> that
> >> > determined what it was able to do.  I could force the client to
> >> conduct
> >> > multiple challenge responses to achieve the logged in state.
> >> >
> >> > I figured it would be better to ask the mail list for the proper way
> >> to
> >> > do
> >> > it first.
> >> >
> >> > Thanks
> >>
> >> Excuse me if I'm being dense, but what are you trying to do exactly?
> >>
> >> --
> >> Eric Mangold
> >> Twisted/Win32 Co-Maintainer
> >>
> >> _______________________________________________
> >> Twisted-Python mailing list
> >> Twisted-Python at twistedmatrix.com
> >> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
> >>
> >
> > P2P application
> > Client logs onto server with Publickey
> > Since the server does not necessarily have the same IP address, I also
> > want
> > to authenticate the server's PK also.
> >
> > Thanks
>
> As far as I know PB doesn't provide any mechanism for the client to
> authenticate the server. But it should be easy to implement.
>
> You could use the normal procedure to log in to the server. The server
> provides various remote methods that you can call in order to have it
> verify itself to you. Once you (the client) are satisifed, then, and only
> then, do you consider yourself "logged in". You should be caution to
> prevent the server from invoking methods on the client, and vise vera,
> prior to authenticating the server.
>
> --
> Eric Mangold
> Twisted/Win32 Co-Maintainer
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>

I was thinking that there might be something more elegant.

If I am implementing the login procedure by hand anyway, it seems like it
would be simpler to just build it into pb.root.  I could skip the
realms/checker stuff.  I would keep the secure stuff in a
pb.referenceableand not return it unless the user passes all the
tests.  Am I missing
anything?

Thanks
Alvin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20061221/58173225/attachment.htm 


More information about the Twisted-Python mailing list