[Twisted-Python] Authentication with multiple handshakes

Eric Mangold teratorn at twistedmatrix.com
Thu Dec 21 15:37:43 MST 2006


On Thu, 21 Dec 2006 03:24:59 -0600, Alvin Wang <alvinwang at gmail.com> wrote:

> On 12/21/06, Eric Mangold <teratorn at twistedmatrix.com> wrote:
>>
>> On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <alvinwang at gmail.com>
>> wrote:
>>
>> > On 12/20/06, Eric Mangold <teratorn at twistedmatrix.com> wrote:
>> >>
>> >> On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang at gmail.com>
>> >> wrote:
>> >>
>> >> >
>> >>  
>> http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
>> >> >
>> >> > The documentation above says that credentials should be able to do
>> >> > authentication with multiple passes.  However, I have not been able
>> to
>> >> > find
>> >> > any examples of it.
>> >> >
>> >> > As an alternative, I was going to implement a user object with  
>> state
>> >> that
>> >> > determined what it was able to do.  I could force the client to
>> >> conduct
>> >> > multiple challenge responses to achieve the logged in state.
>> >> >
>> >> > I figured it would be better to ask the mail list for the proper  
>> way
>> >> to
>> >> > do
>> >> > it first.
>> >> >
>> >> > Thanks
>> >>
>> >> Excuse me if I'm being dense, but what are you trying to do exactly?
>> >>
>> >> --
>> >> Eric Mangold
>> >> Twisted/Win32 Co-Maintainer
>> >>
>> >> _______________________________________________
>> >> Twisted-Python mailing list
>> >> Twisted-Python at twistedmatrix.com
>> >> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>> >>
>> >
>> > P2P application
>> > Client logs onto server with Publickey
>> > Since the server does not necessarily have the same IP address, I also
>> > want
>> > to authenticate the server's PK also.
>> >
>> > Thanks
>>
>> As far as I know PB doesn't provide any mechanism for the client to
>> authenticate the server. But it should be easy to implement.
>>
>> You could use the normal procedure to log in to the server. The server
>> provides various remote methods that you can call in order to have it
>> verify itself to you. Once you (the client) are satisifed, then, and  
>> only
>> then, do you consider yourself "logged in". You should be caution to
>> prevent the server from invoking methods on the client, and vise vera,
>> prior to authenticating the server.
>>
>> --
>> Eric Mangold
>> Twisted/Win32 Co-Maintainer
>>
>> _______________________________________________
>> Twisted-Python mailing list
>> Twisted-Python at twistedmatrix.com
>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>>
>
> I was thinking that there might be something more elegant.
>
> If I am implementing the login procedure by hand anyway, it seems like it
> would be simpler to just build it into pb.root.  I could skip the
> realms/checker stuff.  I would keep the secure stuff in a
> pb.referenceableand not return it unless the user passes all the
> tests.  Am I missing
> anything?
>
> Thanks
> Alvin

I'm not really sure what that means in concrete implementation terms. But  
it seems like you get the picture. If you need more help it's probably  
time to start posting code.

-- 
Eric Mangold
Twisted/Win32 Co-Maintainer




More information about the Twisted-Python mailing list