[Twisted-Python] Question on pamauth.py

Terry Jones terry at jon.es
Wed May 3 05:12:04 MDT 2006 

Hi Duncan, thanks for the reply.

>>>>> "Duncan" == Duncan McGreggor <duncan.mcgreggor at gmail.com> writes:
Duncan> The really great thing about cred is that it works the same
Duncan> regardless of the underlying authentication mechanism. I suggest
Duncan> writing a couple toy examples and plugging those into your twisted
Duncan> app, just to get a feel for how things work. In the process you
Duncan> will gain genuine knowledge (as opposed to "a feel").

OK, I'll try that.

Duncan> You probably wouldn't ever need to use twisted.cred.pamauth. You would 
Duncan> use the twisted.cred.checkers.PluggableAuthenticationModulesChecker, 
Duncan> and that works just like, well, a cred checker :-)

Duncan> You biggest problem is actually going to be getting PyPAM
Duncan> working. As far as I know, and as far as tummy.com knows (the
Duncan> original sponsors of PyPAM), there's been no release since 1999. I
Duncan> toyed with the idea of using it at one point, but the amount of
Duncan> work necessary in updating the python was too onerous. Perhaps you
Duncan> have a stronger stomach than I :-)

>From your reply and that of Phil Mayers (thanks Phil), I see that my mail
wasn't really clear.

I didn't really want to know about pamauth specifically (despite my
subject), but about back end cred checkers (not twisted.cred itself) that I
could use with twisted.cred. When I went looking for options on this (e.g.,
based on LDAP, /etc/passwd, PAM, other db approaches, etc), I was surprised
to find myself reading about pamauth, that it was in the Twisted tarball
I'd installed, but that I'd read no mention of it. So I wondered about it,
and also whether there might be other back ends to drop in.

Thanks anyway for the details on pamauth, I'm pretty sure I wont use it.

Duncan> and it's up to you to decide what to do about persisting
Duncan> authentication information.

That was what I was meaning to ask: what do other people do about this
(persisting authentication information)? Are there recognized best
practices for what I described? Maybe the question is too basic! I expected
someone might say "oh, just tell cred to use the XYZ python module".

Duncan> I'm totally not being snotty when I say this (again): cred is
Duncan> cred. One of the really great things about it is how easy it is to
Duncan> do whatever you want. You can create interfaces that represent
Duncan> groups, have a single realm and set/check interfaces, have
Duncan> different realms for different levels of access, etc. You can have
Duncan> your resources implement your group/role interfaces. There's all
Duncan> kinds of stuff you can do, it really depends on your needs. Once
Duncan> you are comfortable with it and have written a few working
Duncan> toys/examples, you will see the potential.

I think I see the potential, that's why I'm here bugging you all. I'm still
trying to understand some things, and at least right now, to know if there
are more standard components that I'm not aware of (that I can drop into
the architecture provided by Twisted, and, in this particular case, cred).

Duncan> Writing the code necessary to plug your twisted app into somebody
Duncan> else's authentication system can be easier than doing it any other
Duncan> way (given that you are working with open, sane standards). I've
Duncan> actually written working cred code faster than other project
Duncan> members have *configured* (GUI) the user management systems I was
Duncan> writing against.

I read that in your blog the other night :-)

Duncan> Here's a great resource:
Duncan> http://twistedmatrix.com/projects/core/documentation/howto/cred.html

Yes, thanks, I'd read that a couple of times too.

Duncan> And if you don't have the O'Reilly twisted book, do yourself a
Duncan> favor and pick up a copy. Abe did a wonderful job explaining cred
Duncan> very clearly in it.

And the book is on its way. I ordered it after reading the review here
http://tv.debian.net/articles/review-snakeball/


Anyway, thanks again for the reply. I'm trying to figure out how to make
about half a dozen things hang together nicely, and I've (obviously) never
used Twisted. I'm getting there. I'll take your advice about small
examples.

Regards,
Terry

More information about the Twisted-Python mailing list