[Twisted-Python] smtp-server: issue with checkers.FilePasswordDB and hash
Lucas Taylor
ltaylor.volks at gmail.com
Mon Apr 5 00:01:01 EDT 2010
On 4/4/10 5:41 PM, aleuser at inwind.it wrote:
> Hi all,
> I use FilePasswordDB with a small smtp-server (a very small toy), but when
> I use the hash function the authentication doesn't work.
>
> Here few lines of code:
> """
> def _hash(name, clearpsw, hashedpsw):
> # a very simple hash function ?
> return md5.md5(clearpsw).hexdigest()
> # return 'aa'
>
> # doesn't work; password file content is correctly "hashed"
> smtpusers = checkers.FilePasswordDB('smtppasswords.txt', caseSensitive=True,
> hash=_hash, cache=True)
>
> # work! in the file the passwords are in plain text
> #smtpusers = checkers.FilePasswordDB('smtppasswords.txt', caseSensitive=True,
> cache=True)
>
> mailservice = mail.MailService()
> mailservice.setQueue(relaymanager.Queue(QUEUE_PATH))
> mailservice.smtpPortal.registerChecker(smtpusers)
> smtpserver = mailservice.getESMTPFactory()
> application = service.Application("Console SMTP Server")
> internet.TCPServer(SMTP_PORT, smtpserver).setServiceParent(application)
> """
>
> The error is:
> Failure: twisted.cred.error.UnhandledCredentials: No checker for twisted.cred.
> credentials.IUsernameHashedPassword
>
> Obviously FilePasswordDB doesn't provide that credential when there is the
> hash function; why smtp connection is hashed and not in plaintext? How can I
> get it works?
>
> I found a similar question, with no answer:
> http://twistedmatrix.com/pipermail/twisted-python/2006-November/014395.html
>
>
> Thanks
> Alessandro
>
Can't say for sure without a full example, but it looks like you are
providing an instance of credentials.UsernameHashedPassword to
portal.login when you should be providing a credentials.UsernamePassword
instance.
If you provide a hash function to FilePasswordDB, it only accepts
IUsernamePassword credentials. The hash function is for plaintext
passwords that need to be validated against a hashed password file.
If your passwords are already hashed before they are sent to the server
for authentication, then there is no need for a hash function.
FilePasswordDB will accept either IUsernamePassword or
IUsernameHashedPassword credentials.
The source comments make it a bit clearer:
http://twistedmatrix.com/trac/browser/tags/releases/twisted-9.0.0/twisted/cred/checkers.py#L99
More information about the Twisted-Python
mailing list