I'm planning to use twisted.cred and just went to look for ways to
implement a back end credentials checker that I could plug in. I soon ran
across mentions of pamauth.py, and was pleasantly surprised to find it
sitting in my Twisted-2.2.0/twisted/cred/pamauth.py
But, I don't see a mention of how to use it. Most of what's on the web
shows pamauth.py as living under twisted.conch, which I take to be an old
$ find . -name '*.html' -print0 | xargs -0 grep -i pamauth
at the top of my Twisted-Sumo tree gets me no hits. I see a little use of
pamauth test/test_newcred.py, but it's not terribly enlightening.
Is there somewhere I can read about how to use this?
A bit more generally, is using pamauth considered roughly best practice?
Are there other credentials checkers in wide use (and yes, I know
/etc/password is in wide use :-))
If I want to build a web site where users authenticate themselves, I
presumably will be setting a cookie on the browser and authentication will
just happen when the browser visits. (I'm happy to hear more details on how
this is best done). But what if a user is trying to run a command line app
or a remote script that's talking to the server via twisted.pb? Presumably
some form of credential is stored locally and transmitted with the
connection. Is the passed credential in this case stored (supposing it is
even stored on disk, as opposed to being stored in the user's head and
entered on the command line) in a way that's totally orthogonal to cookies,
or does Twisted have yet more functionality to deal with this?
One final one: I imagine it's a standard pattern that people want to
implement users and groups, with some form of permissions model in which
users attempt actions and their privileges are checked (with fallback to
their groups' permission if the user does not have explicit permission).
Can anyone point me to Twisted code that does something like this?
Sorry for so many questions. I don't expect anyone to start writing code
for me, I plan to do that myself. But it's nice to not reinvent wheels,
that's the point after all. So having just discovered the lightly (or un-)
documented pamauth.py, I'm can't help but wonder what more there might be.